Bug#776046: perl: Segfault in S_regmatch from bad backreference
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 27 16:19:07 UTC 2015
Control: retitle -1 perl: Segfault in S_regmatch from bad backreference (CVE-2013-7422)
Hi Niko,
On Fri, Jan 23, 2015 at 01:01:13PM +0200, Niko Tyni wrote:
> Package: perl
> Version: 5.14.2-21
> Severity: important
> Tags: wheezy security
> Forwarded: https://rt.perl.org/Public/Bug/Display.html?id=119505
> Control: fixed -1 5.20.0-1
>
> perl -e '/\7777777777/'
> Segmentation fault (core dumped)
>
> This was fixed upstream in 5.19.5 with
> http://perl5.git.perl.org/perl.git/commitdiff/0c2990d652e985784f095bba4bc356481a66aa06
>
> so it doesn't affect jessie or sid.
>
> carnil from the security team says this should be probably be fixed in
> a point release but it's not worth a DSA.
So this got assigned a CVE now, it is CVE-2013-7422, see
http://www.openwall.com/lists/oss-security/2015/01/27/3
Regards,
Salvatore
More information about the Perl-maintainers
mailing list