Debian Bug report logs -
#628836
perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Niko Tyni <ntyni@debian.org>
:
Bug#628836
; Package perl-debug
.
(Wed, 01 Jun 2011 18:24:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Dominic Hargreaves <dom@earth.li>
:
New Bug report received and forwarded. Copy sent to Niko Tyni <ntyni@debian.org>
.
(Wed, 01 Jun 2011 18:24:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: perl-debug
Severity: important
Tags: security
<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4777>
Confirmed by Moritz on lenny and squeeze with debugperl from perl-debug
only; therefore it doesn't need a DSA.
Apparently fixed in 5.14.
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#628836
; Package perl-debug
.
(Thu, 02 Jun 2011 16:09:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Niko Tyni <ntyni@debian.org>
:
Extra info received and forwarded to list.
(Thu, 02 Jun 2011 16:09:08 GMT) (full text, mbox, link).
Message #10 received at 628836@bugs.debian.org (full text, mbox, reply):
forwarded 628836 http://rt.perl.org/rt3/Public/Bug/Display.html?id=76538
thanks
On Wed, Jun 01, 2011 at 07:21:50PM +0100, Dominic Hargreaves wrote:
> Package: perl-debug
> Severity: important
>
> Tags: security
>
> <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4777>
>
> Confirmed by Moritz on lenny and squeeze with debugperl from perl-debug
> only; therefore it doesn't need a DSA.
>
> Apparently fixed in 5.14.
Michael Schroeder noted in [perl #76538] that this still fails on 5.14.0
with -DDEBUGGING (our /usr/bin/debugperl from perl-debug):
#!/usr/bin/debugperl
my @x = ("AX=B","AAAAAAX=");
utf8::upgrade($x[1]);
for (@x) {
m{^([^=]+?)X\s*=.+$};
print "-> $1\n";
}
--
Niko Tyni ntyni@debian.org
Added tag(s) security.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org
.
(Fri, 10 Jun 2011 19:57:04 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org
.
(Mon, 02 Mar 2015 17:00:23 GMT) (full text, mbox, link).
Reply sent
to Dominic Hargreaves <dom@earth.li>
:
You have taken responsibility.
(Fri, 01 Apr 2016 23:09:14 GMT) (full text, mbox, link).
Notification sent
to Dominic Hargreaves <dom@earth.li>
:
Bug acknowledged by developer.
(Fri, 01 Apr 2016 23:09:14 GMT) (full text, mbox, link).
Message #21 received at 628836-done@bugs.debian.org (full text, mbox, reply):
Version: 5.18.0-1
On Thu, Jun 02, 2011 at 07:05:11PM +0300, Niko Tyni wrote:
> forwarded 628836 http://rt.perl.org/rt3/Public/Bug/Display.html?id=76538
> thanks
>
> On Wed, Jun 01, 2011 at 07:21:50PM +0100, Dominic Hargreaves wrote:
> > Package: perl-debug
> > Severity: important
> >
> > Tags: security
> >
> > <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4777>
> >
> > Confirmed by Moritz on lenny and squeeze with debugperl from perl-debug
> > only; therefore it doesn't need a DSA.
> >
> > Apparently fixed in 5.14.
>
> Michael Schroeder noted in [perl #76538] that this still fails on 5.14.0
> with -DDEBUGGING (our /usr/bin/debugperl from perl-debug):
>
> #!/usr/bin/debugperl
> my @x = ("AX=B","AAAAAAX=");
> utf8::upgrade($x[1]);
> for (@x) {
> m{^([^=]+?)X\s*=.+$};
> print "-> $1\n";
> }
Subsequent discussions suggest that this is now fixed, in 5.18.0
if not 5.14.0. Closing.
Dominic.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 30 Apr 2016 07:34:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:13:12 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.