Debian Bug report logs -
#532736
CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 11 Jun 2009 08:03:01 UTC
Severity: grave
Tags: security
Found in version perl/5.10.0-19
Fixed in versions perl/5.10.0-23, perl/5.10.0-19lenny2
Done: Niko Tyni <ntyni@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Brendan O'Dea <bod@debian.org>
:
Bug#532736
; Package perl
.
(Thu, 11 Jun 2009 08:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Brendan O'Dea <bod@debian.org>
.
(Thu, 11 Jun 2009 08:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: perl
Version: 5.10.0-19
Severity: grave
Tags: security
Justification: user security hole
A security vulnverability was found in Compress::Raw::Zlib:
Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
the perl process at least to hang or to crash.
This causes a remote DoS in amavisd-new.
The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
There is also a separate package libcompress-raw-zlib-perl
More information can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
Information forwarded
to debian-bugs-dist@lists.debian.org, Brendan O'Dea <bod@debian.org>
:
Bug#532736
; Package perl
.
(Thu, 11 Jun 2009 10:27:49 GMT) (full text, mbox, link).
Acknowledgement sent
to Niko Tyni <ntyni@debian.org>
:
Extra info received and forwarded to list. Copy sent to Brendan O'Dea <bod@debian.org>
.
(Thu, 11 Jun 2009 10:28:55 GMT) (full text, mbox, link).
Message #10 received at 532736@bugs.debian.org (full text, mbox, reply):
On Thu, Jun 11, 2009 at 10:00:08AM +0200, Stefan Fritsch wrote:
> Package: perl
> Version: 5.10.0-19
> Severity: grave
> Tags: security
> Justification: user security hole
>
> A security vulnverability was found in Compress::Raw::Zlib:
>
> Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
> inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
> the perl process at least to hang or to crash.
>
> This causes a remote DoS in amavisd-new.
>
> The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
> There is also a separate package libcompress-raw-zlib-perl
>
> More information can be found at
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
Thanks.
My preliminary understanding is that the minimal fix could be just this hunk:
--- Compress-Raw-Zlib-2.015/Zlib.xs 2008-09-03 22:42:10.000000000 +0100
+++ Compress-Raw-Zlib-2.017/Zlib.xs 2009-04-04 13:09:59.000000000 +0100
@@ -1322,7 +1322,7 @@ inflate (s, buf, output, eof=FALSE)
while (RETVAL == Z_OK) {
if (s->stream.avail_out == 0 ) {
/* out of space in the output buffer so make it bigger */
- Sv_Grow(output, SvLEN(output) + bufinc) ;
+ Sv_Grow(output, SvLEN(output) + bufinc +1) ;
cur_length += increment ;
s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length ;
increment = bufinc ;
but I'm not quite sure if we also need the "Only setup the stream output
pointers if there is spare capacity in the outout SV" part in
http://search.cpan.org/diff?from=Compress-Raw-Zlib-2.015&to=Compress-Raw-Zlib-2.017#Zlib.xs
This needs further investigation. Help would be welcome.
--
Niko Tyni ntyni@debian.org
Information forwarded
to debian-bugs-dist@lists.debian.org, Brendan O'Dea <bod@debian.org>
:
Bug#532736
; Package perl
.
(Thu, 11 Jun 2009 21:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Niko Tyni <ntyni@debian.org>
:
Extra info received and forwarded to list. Copy sent to Brendan O'Dea <bod@debian.org>
.
(Thu, 11 Jun 2009 21:03:03 GMT) (full text, mbox, link).
Message #15 received at 532736@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Thu, Jun 11, 2009 at 12:42:12PM +0300, Niko Tyni wrote:
> On Thu, Jun 11, 2009 at 10:00:08AM +0200, Stefan Fritsch wrote:
> > Package: perl
> > Version: 5.10.0-19
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> > Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
> > inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
> > the perl process at least to hang or to crash.
> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
> My preliminary understanding is that the minimal fix could be just this hunk:
> - Sv_Grow(output, SvLEN(output) + bufinc) ;
> + Sv_Grow(output, SvLEN(output) + bufinc +1) ;
> but I'm not quite sure if we also need the "Only setup the stream output
> pointers if there is spare capacity in the outout SV" part in
>
> http://search.cpan.org/diff?from=Compress-Raw-Zlib-2.015&to=Compress-Raw-Zlib-2.017#Zlib.xs
It now seems to me that the latter part is only relevant with the
LIMIT_OUTPUT functionality first introduced in 2.015. So it shouldn't
be needed for the Lenny security updates.
(I've found no way to pass the function an output buffer for appending
that's already full to the last byte on the C side. So there should
always be enough room in the buffer at the initialization phase.)
I've verified that the minimal off-by-one fix above (attached for
convenience) removes the valgrind error in the original proof of concept
(available at https://bugzilla.redhat.com/attachment.cgi?id=346729).
The attached version of the patch applies against
libcompress-raw-zlib-perl/2.012-1 as is, and against
ext/Compress/Raw/Zlib/Zlib.xs in perl/5.10.0-19 with minimal fuzz.
The issue doesn't affect Etch AFAICS, as Compress-Raw-Zlib was only
introduced in the Perl core in the 5.9 development line, and the separate
libcompress-raw-zlib-perl package wasn't present in Etch.
Security team, I'd love to have some confirmation on all this. I'll make
my best to get the fix into sid in the weekend, hopefully Friday night.
@pkg-perl: if somebody wants to handle the separate package, be my
guest. I'll prioritize the perl package and will look at the other one
afterwards if necessary.
Cheers,
--
Niko Tyni ntyni@debian.org
[0001-minimal-fix-for-CVE-2009-1391.patch (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Brendan O'Dea <bod@debian.org>
:
Bug#532736
; Package perl
.
(Fri, 12 Jun 2009 20:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Niko Tyni <ntyni@debian.org>
:
Extra info received and forwarded to list. Copy sent to Brendan O'Dea <bod@debian.org>
.
(Fri, 12 Jun 2009 20:21:02 GMT) (full text, mbox, link).
Message #20 received at 532736@bugs.debian.org (full text, mbox, reply):
On Fri, Jun 12, 2009 at 12:00:11AM +0300, Niko Tyni wrote:
>
> > > Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
> > > inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
> > > the perl process at least to hang or to crash.
>
> > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
> Security team, I'd love to have some confirmation on all this. I'll make
> my best to get the fix into sid in the weekend, hopefully Friday night.
Just uploaded perl/5.10.0-23 with the minimal fix and urgency=high.
> @pkg-perl: if somebody wants to handle the separate package, be my
> guest. I'll prioritize the perl package and will look at the other one
> afterwards if necessary.
For the benefit of testing migration, I suggest a minimal 2.015-2 upload
for libcompress-raw-zlib-perl too, despite the newer upstream version
already pending in the pkg-perl SVN repository.
The libio-compress-zlib-perl, libcompress-raw-zlib-perl, and
libio-compress-base-perl versions are currently tightly coupled and
updating libcompress-raw-zlib-perl past 2.015 will need changes to the
other ones too.
I'll prepare a security perl upload for lenny next, probably tomorrow.
Cheers,
--
Niko Tyni ntyni@debian.org
Reply sent
to Niko Tyni <ntyni@debian.org>
:
You have taken responsibility.
(Fri, 12 Jun 2009 21:54:08 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(Fri, 12 Jun 2009 21:54:08 GMT) (full text, mbox, link).
Message #25 received at 532736-close@bugs.debian.org (full text, mbox, reply):
Source: perl
Source-Version: 5.10.0-23
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:
libcgi-fast-perl_5.10.0-23_all.deb
to pool/main/p/perl/libcgi-fast-perl_5.10.0-23_all.deb
perl-doc_5.10.0-23_all.deb
to pool/main/p/perl/perl-doc_5.10.0-23_all.deb
perl-modules_5.10.0-23_all.deb
to pool/main/p/perl/perl-modules_5.10.0-23_all.deb
perl_5.10.0-23.diff.gz
to pool/main/p/perl/perl_5.10.0-23.diff.gz
perl_5.10.0-23.dsc
to pool/main/p/perl/perl_5.10.0-23.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 532736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 12 Jun 2009 21:26:18 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid libperl5.10 libperl-dev perl
Architecture: all source
Version: 5.10.0-23
Distribution: unstable
Urgency: high
Maintainer: Brendan O'Dea <bod@debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Closes: 526974 532736
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl5.10 - Shared Perl library
libperl-dev - Perl library: development files
perl-base - minimal Perl system
perl-debug - Debug-enabled Perl interpreter
perl-doc - Perl documentation
perl - Larry Wall's Practical Extraction and Report Language
perl-modules - Core Perl modules
perl-suid - Runs setuid Perl scripts
Changes:
perl (5.10.0-23) unstable; urgency=high
.
* Don't try to check nonexistent .ph files: the kFreeBSD port
doesn't have <asm/termios.h>. (Closes: #526974)
* [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
(Closes: #532736)
Checksums-Sha1:
223d75a94fc3ff8abb3b3be2ca2185fd6a10cc75 8218660 perl-doc_5.10.0-23_all.deb
53aab37e52a350cd4b173f3ce4e2603206f7b2b8 167952 perl_5.10.0-23.diff.gz
6e3fe2367ab8b786860eada2cd464211807553ca 48486 libcgi-fast-perl_5.10.0-23_all.deb
83abcb070c2a50ec8999d624498172514bc8df0f 3198274 perl-modules_5.10.0-23_all.deb
f2ec44c921ec746bad5b314fde6b80500536c00f 1340 perl_5.10.0-23.dsc
Checksums-Sha256:
1c83b9fd8632353e4baaacdf5c4ba7be8d3bca64a17a3d66f9c3bdeec43b6b73 1340 perl_5.10.0-23.dsc
300d0d63b25f10393799f7c0a67912da443c86d46c88ab8faf6d2bfce5e9013a 3198274 perl-modules_5.10.0-23_all.deb
6f5c898d9e45b6350cd52340f064a407dada671792bb74016fe3f9837f51849f 48486 libcgi-fast-perl_5.10.0-23_all.deb
7a216d6bc0586f78353d8891e94485d0b32300dd703830764ecada25500ee4c6 167952 perl_5.10.0-23.diff.gz
c85c085c3314f43016193ea88868cf27324f1d2f40a13dd8e654ef35d0a96446 8218660 perl-doc_5.10.0-23_all.deb
Files:
02b34ce32c57629fa3990cdba7a25e5f 8218660 doc optional perl-doc_5.10.0-23_all.deb
1e10d9c6f54742c615ee7d95d0fdf149 1340 perl standard perl_5.10.0-23.dsc
90aae52e1002fa12767de88890157d8a 48486 perl optional libcgi-fast-perl_5.10.0-23_all.deb
ae4cd5a66b5bb45066353a35268fb3a2 3198274 perl standard perl-modules_5.10.0-23_all.deb
f21b58a0cabb10c348e8b055ebc032aa 167952 perl standard perl_5.10.0-23.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoyp1MACgkQiyizGWoHLTnZjwCbBpDWlMYJmzX3sMicYlAscuSI
n5kAoIlUf/nKAV/g0Ybdn1Gx3c+3oXdH
=U1GT
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Brendan O'Dea <bod@debian.org>
:
Bug#532736
; Package perl
.
(Sat, 13 Jun 2009 19:45:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Niko Tyni <ntyni@debian.org>
:
Extra info received and forwarded to list. Copy sent to Brendan O'Dea <bod@debian.org>
.
(Sat, 13 Jun 2009 19:45:02 GMT) (full text, mbox, link).
Message #30 received at 532736@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Fri, Jun 12, 2009 at 11:16:54PM +0300, Niko Tyni wrote:
> > > > Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
> > > > inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
> > > > the perl process at least to hang or to crash.
> >
> > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
> Just uploaded perl/5.10.0-23 with the minimal fix and urgency=high.
libcompress-raw-zlib-perl 2.015-2 with the fix is now in incoming as well.
Security team: I'm attaching proposed debdiffs for stable updates.
Do you agree that this fix is sufficient? Shall I go ahead and upload?
Cheers,
--
Niko Tyni ntyni@debian.org
[perl_5.10.0-19lenny1.debdiff (text/plain, attachment)]
[libcompress-raw-zlib-perl_2.012-1lenny1.debdiff (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Brendan O'Dea <bod@debian.org>
:
Bug#532736
; Package perl
.
(Sun, 14 Jun 2009 20:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Niko Tyni <ntyni@debian.org>
:
Extra info received and forwarded to list. Copy sent to Brendan O'Dea <bod@debian.org>
.
(Sun, 14 Jun 2009 20:54:04 GMT) (full text, mbox, link).
Message #35 received at 532736@bugs.debian.org (full text, mbox, reply):
On Sat, Jun 13, 2009 at 10:43:55PM +0300, Niko Tyni wrote:
> Security team: I'm attaching proposed debdiffs for stable updates.
> Do you agree that this fix is sufficient? Shall I go ahead and upload?
Update: I've got confirmation from upstream that the one line fix should be
fine. Just say the word and I'll upload.
--
Niko Tyni ntyni@debian.org
Reply sent
to Niko Tyni <ntyni@debian.org>
:
You have taken responsibility.
(Fri, 28 Aug 2009 20:36:17 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(Fri, 28 Aug 2009 20:36:18 GMT) (full text, mbox, link).
Message #40 received at 532736-close@bugs.debian.org (full text, mbox, reply):
Source: perl
Source-Version: 5.10.0-19lenny2
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:
libcgi-fast-perl_5.10.0-19lenny2_all.deb
to pool/main/p/perl/libcgi-fast-perl_5.10.0-19lenny2_all.deb
perl-doc_5.10.0-19lenny2_all.deb
to pool/main/p/perl/perl-doc_5.10.0-19lenny2_all.deb
perl-modules_5.10.0-19lenny2_all.deb
to pool/main/p/perl/perl-modules_5.10.0-19lenny2_all.deb
perl_5.10.0-19lenny2.diff.gz
to pool/main/p/perl/perl_5.10.0-19lenny2.diff.gz
perl_5.10.0-19lenny2.dsc
to pool/main/p/perl/perl_5.10.0-19lenny2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 532736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 27 Aug 2009 23:12:30 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid libperl5.10 libperl-dev perl
Architecture: all source
Version: 5.10.0-19lenny2
Distribution: stable
Urgency: high
Maintainer: Brendan O'Dea <bod@debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Closes: 516289 528332 532736
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl5.10 - Shared Perl library
libperl-dev - Perl library: development files
perl-base - minimal Perl system
perl-debug - Debug-enabled Perl interpreter
perl-doc - Perl documentation
perl - Larry Wall's Practical Extraction and Report Language
perl-modules - Core Perl modules
perl-suid - Runs setuid Perl scripts
Changes:
perl (5.10.0-19lenny2) stable; urgency=low
.
* Fix a typo in the replaces/conflicts/provides: libcpan-plus-perl
should have been libcpanplus-perl. (Closes: #516289)
* Fix a memory leak with the map operator. (Closes: #528332)
.
perl (5.10.0-19lenny1) stable-security; urgency=high
.
* [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
(Closes: #532736)
Checksums-Sha1:
3fb1ca3cbf85aa420f03939478ab3f1d27f8bd70 3197670 perl-modules_5.10.0-19lenny2_all.deb
4b83a97715958ef5a54bfffffcc3258e94a4ce7c 142470 perl_5.10.0-19lenny2.diff.gz
a3f790f433bbea589fa1126c6777889ed63eb5ba 1331 perl_5.10.0-19lenny2.dsc
afd0d36e65e37095899f87c8488998397a630070 8217858 perl-doc_5.10.0-19lenny2_all.deb
ea0d6e2f07fe44ab72693d4af9c4c98a10d1dc20 44730 libcgi-fast-perl_5.10.0-19lenny2_all.deb
Checksums-Sha256:
58d46b059c7578a79e3504b1dc7e5e380a3102747aba53c1359b36ffbf08a485 44730 libcgi-fast-perl_5.10.0-19lenny2_all.deb
7e3961ce2928dd63fbd1166e8568c78b4059d767462ac34b3df5cc6678e7dd90 1331 perl_5.10.0-19lenny2.dsc
a1aa1fd48c79cc55ef8642732bcbcf06c77a6277bd1d56ab0da02b4f23c9aa45 8217858 perl-doc_5.10.0-19lenny2_all.deb
b0734bc8b625149cb32954977bd3dadfaafe5644b80f7432d389c8b8e18a61e4 142470 perl_5.10.0-19lenny2.diff.gz
fc5ad5b5c515169b5e083e0f97774fe26a23b0000ba404bafaeda545449428ac 3197670 perl-modules_5.10.0-19lenny2_all.deb
Files:
055bed89b91888926a7e7540e20e99b0 1331 perl standard perl_5.10.0-19lenny2.dsc
670ca856380c4b9c4ab9a291c02cfb01 142470 perl standard perl_5.10.0-19lenny2.diff.gz
930e49d0d99ea2dfda1a274a0722d193 3197670 perl standard perl-modules_5.10.0-19lenny2_all.deb
c38b659f557ebbe13d7a44b038d76474 8217858 doc optional perl-doc_5.10.0-19lenny2_all.deb
ef22c0691afcd9f03d300effedf71867 44730 perl optional libcgi-fast-perl_5.10.0-19lenny2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqW/fAACgkQiyizGWoHLTmJOACfS/o8WsSPLTfB5oTpO1N4g/xd
T1QAn2ee9aNVwO20STHuqkGx9VRj8BCa
=N2aR
-----END PGP SIGNATURE-----
Reply sent
to Niko Tyni <ntyni@debian.org>
:
You have taken responsibility.
(Fri, 04 Sep 2009 19:15:37 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(Fri, 04 Sep 2009 19:15:37 GMT) (full text, mbox, link).
Message #45 received at 532736-close@bugs.debian.org (full text, mbox, reply):
Source: perl
Source-Version: 5.10.0-19lenny2
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:
libcgi-fast-perl_5.10.0-19lenny2_all.deb
to pool/main/p/perl/libcgi-fast-perl_5.10.0-19lenny2_all.deb
perl-doc_5.10.0-19lenny2_all.deb
to pool/main/p/perl/perl-doc_5.10.0-19lenny2_all.deb
perl-modules_5.10.0-19lenny2_all.deb
to pool/main/p/perl/perl-modules_5.10.0-19lenny2_all.deb
perl_5.10.0-19lenny2.diff.gz
to pool/main/p/perl/perl_5.10.0-19lenny2.diff.gz
perl_5.10.0-19lenny2.dsc
to pool/main/p/perl/perl_5.10.0-19lenny2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 532736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 27 Aug 2009 23:12:30 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid libperl5.10 libperl-dev perl
Architecture: all source
Version: 5.10.0-19lenny2
Distribution: stable
Urgency: high
Maintainer: Brendan O'Dea <bod@debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Closes: 516289 528332 532736
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl5.10 - Shared Perl library
libperl-dev - Perl library: development files
perl-base - minimal Perl system
perl-debug - Debug-enabled Perl interpreter
perl-doc - Perl documentation
perl - Larry Wall's Practical Extraction and Report Language
perl-modules - Core Perl modules
perl-suid - Runs setuid Perl scripts
Changes:
perl (5.10.0-19lenny2) stable; urgency=low
.
* Fix a typo in the replaces/conflicts/provides: libcpan-plus-perl
should have been libcpanplus-perl. (Closes: #516289)
* Fix a memory leak with the map operator. (Closes: #528332)
.
perl (5.10.0-19lenny1) stable-security; urgency=high
.
* [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
(Closes: #532736)
Checksums-Sha1:
3fb1ca3cbf85aa420f03939478ab3f1d27f8bd70 3197670 perl-modules_5.10.0-19lenny2_all.deb
4b83a97715958ef5a54bfffffcc3258e94a4ce7c 142470 perl_5.10.0-19lenny2.diff.gz
a3f790f433bbea589fa1126c6777889ed63eb5ba 1331 perl_5.10.0-19lenny2.dsc
afd0d36e65e37095899f87c8488998397a630070 8217858 perl-doc_5.10.0-19lenny2_all.deb
ea0d6e2f07fe44ab72693d4af9c4c98a10d1dc20 44730 libcgi-fast-perl_5.10.0-19lenny2_all.deb
Checksums-Sha256:
58d46b059c7578a79e3504b1dc7e5e380a3102747aba53c1359b36ffbf08a485 44730 libcgi-fast-perl_5.10.0-19lenny2_all.deb
7e3961ce2928dd63fbd1166e8568c78b4059d767462ac34b3df5cc6678e7dd90 1331 perl_5.10.0-19lenny2.dsc
a1aa1fd48c79cc55ef8642732bcbcf06c77a6277bd1d56ab0da02b4f23c9aa45 8217858 perl-doc_5.10.0-19lenny2_all.deb
b0734bc8b625149cb32954977bd3dadfaafe5644b80f7432d389c8b8e18a61e4 142470 perl_5.10.0-19lenny2.diff.gz
fc5ad5b5c515169b5e083e0f97774fe26a23b0000ba404bafaeda545449428ac 3197670 perl-modules_5.10.0-19lenny2_all.deb
Files:
055bed89b91888926a7e7540e20e99b0 1331 perl standard perl_5.10.0-19lenny2.dsc
670ca856380c4b9c4ab9a291c02cfb01 142470 perl standard perl_5.10.0-19lenny2.diff.gz
930e49d0d99ea2dfda1a274a0722d193 3197670 perl standard perl-modules_5.10.0-19lenny2_all.deb
c38b659f557ebbe13d7a44b038d76474 8217858 doc optional perl-doc_5.10.0-19lenny2_all.deb
ef22c0691afcd9f03d300effedf71867 44730 perl optional libcgi-fast-perl_5.10.0-19lenny2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqW/fAACgkQiyizGWoHLTmJOACfS/o8WsSPLTfB5oTpO1N4g/xd
T1QAn2ee9aNVwO20STHuqkGx9VRj8BCa
=N2aR
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 03 Oct 2009 07:36:37 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:36:08 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.