Bug#616151: libconvert-uulib-perl missing a security update?
Janne Pikkarainen
jaba at mikrobitti.fi
Wed Mar 2 21:00:33 UTC 2011
Package: libconvert-uulib-perl
Version: 1.12-1
Hello,
I was just wondering if Debian has accidentally missed a security / DoS
related bugfix of Convert::UUlib module. The fix was done in version
1.34 and even sid seems to have only 1.33 and squeeze/lenny are bundled
with much more older versions. None of those Debian versions mention
anything about a possible backport in their changelog.
Gentoo, OpenBSD, (open)SUSE, Fedora and others seem to have patched this
issue from late January already, but I'm unable to find any information
related to this from Debian. Some reports say this is "only" a DoS
weakness, others claim this can lead to possible code execution.
https://secunia.com/advisories/42998/
http://vigilance.fr/vulnerability/Perl-Convert-UUlib-buffer-overflow-of-UURepairData-10291
Best regards,
Janne Pikkarainen
More information about the pkg-perl-maintainers
mailing list