Debian Bug report logs -
#450794
CVE-2007-5116 buffer overflow in the polymorphic opcode regcomp.c
Reported by: Nico Golde <nion@debian.org>
Date: Sat, 10 Nov 2007 18:03:01 UTC
Severity: grave
Tags: patch, security
Merged with 450456
Found in version perl/5.8.8-11.1
Fixed in version perl/5.8.8-12
Done: Brendan O'Dea <bod@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Brendan O'Dea <bod@debian.org>
:
Bug#450794
; Package perl
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
New Bug report received and forwarded. Copy sent to Brendan O'Dea <bod@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: perl
Version: 5.8.8-11.1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for perl.
CVE-2007-5116[0]:
| Buffer overflow in the polymorphic opcode support in the Regular
| Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent
| attackers to execute arbitrary code by switching from byte to Unicode
| (UTF) characters in a regular expression.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
This is a serious issue which might lead to code execution.
This was already fixed in stable security and we are working
on fixing this in testing-security.
There is a patch for this on:
http://public.activestate.com/cgi-bin/perlbrowse/30647
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Brendan O'Dea <bod@debian.org>
:
Bug#450794
; Package perl
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Brendan O'Dea <bod@debian.org>
.
(full text, mbox, link).
Message #10 received at 450794@bugs.debian.org (full text, mbox, reply):
# Automatically generated email from bts, devscripts version 2.10.10
# white, you forgot to add the bug number to the cve list so i missed your bug ;-P
merge 450456 450794
Merged 450456 450794.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org
.
(Sat, 10 Nov 2007 18:09:05 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org
:
Bug#450794
; Package perl
.
(full text, mbox, link).
Acknowledgement sent to Brendan O'Dea <bod@debian.org>
:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #17 received at 450794@bugs.debian.org (full text, mbox, reply):
On Sat, Nov 10, 2007 at 07:00:17PM +0100, Nico Golde wrote:
>the following CVE (Common Vulnerabilities & Exposures) id was
>published for perl.
Upload is waiting for ftp-master to come back.
--bod
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 17 Dec 2007 07:46:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:50:40 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.