Bug#698172: libdigest-sha-perl: double-free in load subroutine of SHA.pm
Salvatore Bonaccorso
carnil at debian.org
Mon Jan 14 20:33:02 UTC 2013
Source: libdigest-sha-perl
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Digest::SHA 5.81 upload changelog mentions this:
5.81 Mon Jan 14 05:17:08 MST 2013
- corrected load subroutine (SHA.pm) to prevent double-free
-- Bug #82655: Security issue - segfault
-- thanks to Victor Efimov and Nicholas Clark
for technical expertise and suggestions
Upstream bugreport:
[1]: https://rt.cpan.org/Ticket/Display.html?id=82655
I'm going to handle this for libdigest-sha-perl.
Regards,
Salvatore
- -- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ9Gt6AAoJEHidbwV/2GP+vVQQAI066lgPpAtCwqYXYqApVL0M
B1OmuZuOTLUwuCP8HgzEqZPvXsc/3ND2oplyekTQ5Js9QE8wfeJ7EAaIdk6PSCBH
QUG5V7qyISjm3Cry+eFKL0VLPzdxez21fghZNEzrk+ImvG6c8xxDJX1dieCBBL9o
XX5C9Ds7gCilc4g8Jxhg2kfgo9f1YhySFjDs85JgvLmyX8sp9FWNmtF7xKbsrLVM
/7jWx9BbNUWKr+mziQBEDEEHerbmsbtr1dBslowJ2186StBa73/FQQ5diJRMEJ6J
b018nDUhSeL/vHHV3zWxUU3jk2KQptOtsMOJoqys9Y3+itZqb+PHcbL9GBYhOCBz
1tER3O0ibwMTPuzFUy5+8P2CGo5XP8Bc8jVaVCkMGjRzDU89PlVFtwgr5DwFnFDW
l0y0kGFIGem8WgFxO5dUFyAZJuZm6wWtDrjUNsBXcWCIgPDa1CNx2MdrsdMx58s9
5jB7PYK5cow6qRPnMptuF+c0VyQpOCxPqqQgfmQhmJFMz5ka0D3ofgzSb3XLURYM
5Mr92vlhyVfAwcCqvKWoWtyhaV94UxvqDHvi3kOHq611dBz5hHcHjWu0899c/WkD
i1tZBL/MDRrHUezGJYwmTtP4XFIS4KnbQimJKTK14abiep61JMjPASiX8hBJIDsS
J2QHI081wQdOlWvargEg
=2zss
-----END PGP SIGNATURE-----
More information about the pkg-perl-maintainers
mailing list