Bug#689314: perl: segfaults when echoing a very long string
Dominic Hargreaves
dom at earth.li
Fri Nov 30 14:24:40 UTC 2012
On Wed, Oct 10, 2012 at 09:35:41PM +0300, Niko Tyni wrote:
> severity 689314 grave
> retitle 689314 perl: segfaults when echoing a very long string [CVE-2012-5195]
> tag 689314 upstream security patch
> thanks
>
> On Mon, Oct 01, 2012 at 04:11:00PM +0200, Thorsten Glaser wrote:
> > Package: perl
> > Version: 5.14.2-13
> > Severity: normal
> >
> > # perl -le 'print "v"x(2**31+1) ."=1"'
> > Segmentation fault
>
> This has security impact and has been assigned CVE-2012-5195. See
>
> http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
> http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
>
> It's not quite clear yet if 5.10.1 (squeeze) is affected.
We are nevertheless planning to upload fix to stable-security shortly.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the Perl-maintainers
mailing list