Bug#702821: perl/hash_attack.t fails with 5.10.1 + CVE-2013-1667 fix
Dominic Hargreaves
dom at earth.li
Fri Mar 15 23:25:42 UTC 2013
On Fri, Mar 15, 2013 at 08:43:58PM +0100, Salvatore Bonaccorso wrote:
> Hi
>
> On Fri, Mar 15, 2013 at 05:56:05PM -0000, Steve Hay wrote:
> [...]
> > Zefram has now come up with an even better patch (on the same RT
> > ticket), after reproducing the Debian 5.10.1 failure himself.
> >
> > Please take a look (I've also attached it here for your convenience) and
> > let me know whether this works for you. If so then I hope to apply it to
> > SVN over the weekend.
>
> I can confirm that the new patch works on Debian Squeeze, with Perl
> (5.10.1-17squeeze6) including the security fix.
I've pushed this to
http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libapache2-mod-perl2.git;a=shortlog;h=refs/heads/squeeze
now and will upload over the weekend.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the pkg-perl-maintainers
mailing list