double free and segfault on utf8 containing regexes

Debian Bug report logs - #454792
double free and segfault on utf8 containing regexes

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Don Armstrong <don@debian.org>

To: submit@bugs.debian.org

Subject: double free and segfault on utf8 containing regexes

Date: Fri, 7 Dec 2007 14:03:25 -0800

[Message part 1 (text/plain, inline)]

Package: perl
Severity: serious
Version: 5.8.8-7etch4
Tags: security

A trivial program containing a regex with UTF8 characters causes a
double free error and segfault:

#!/usr/bin/perl -w -CSDA
use strict;
use utf8;
use encoding 'utf8';
use locale;

my $ans='Ostrów';
$_="whatever...";
if (/^$ans| $ans/) { print "I was wrong, sorry...\n"}

[Attached as well for convenience, along with output.]

I've set the severity to serious and tagged with security as there is
(apparently) a possibility that this could result in execution of
arbitrary code. [I don't have any proof of concept for this or a CVE
though, so feel free to detag and lower severity.]

This is also filed upstream as #48156 [will mark it forwarded after I
receive the ack.]

[We're seeing this quite a bit in the anti-spam bits of the BTS, so a
patch which fixes this would be nice. ;-)]


Don Armstrong

-- 
Clothes make the man. Naked people have little or no influence on
society.
 -- Mark Twain 

http://www.donarmstrong.com              http://rzlab.ucr.edu

[test_output.txt (text/plain, attachment)]

[test.pl (text/x-perl, attachment)]

Message #14 received at 454792@bugs.debian.org (full text, mbox, reply):

From: "Alex Muntada" <alexm@alexm.org>

To: 454792@bugs.debian.org

Subject: using utf8 module instead of enconding should work

Date: Sun, 16 Mar 2008 15:38:22 +0100

As commented on this Perl Monks node:
http://perlmonks.org/?node_id=674382

The utf8 module works fine with Unicode in Perl regexes,
so in the sample above just remove the "use encoding ..."
line to get rid of the double free bug.

HTH

-- 
Alex Muntada <alexm@alexm.org>
http://alexm.org/

Message #19 received at 454792@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: Don Armstrong <don@debian.org>, 454792@bugs.debian.org

Subject: Re: Bug#454792: double free and segfault on utf8 containing regexes

Date: Sun, 6 Apr 2008 22:10:13 +0300

found 454792 5.10.0-7
thanks

On Fri, Dec 07, 2007 at 02:03:25PM -0800, Don Armstrong wrote:
> Package: perl
> Severity: serious
> Version: 5.8.8-7etch4
> Tags: security
> 
> A trivial program containing a regex with UTF8 characters causes a
> double free error and segfault:

> *** glibc detected *** debugperl: double free or corruption (!prev): 0x081e20e0 ***

There are still problems with 5.10.0, but they only show up for me with
'debugperl -Dm'. Note that '-Dm' crashes anyway when it's done due to
#474613, but we don't get that far here.

(BTW, the '-CSDA' perl option in the original example doesn't affect
 this and needs to be removed when testing with 5.10.0.)

5.10.0-7 on amd64:

*** glibc detected *** debugperl: malloc(): memory corruption: 0x000000000077faf8 ***

Backtrace:

#0  0x00002afb031d41d5 in raise () from /lib/libc.so.6
#1  0x00002afb031d5680 in abort () from /lib/libc.so.6
#2  0x00002afb0320cf4b in ?? () from /lib/libc.so.6
#3  0x00002afb0321201d in ?? () from /lib/libc.so.6
#4  0x00002afb032142a6 in ?? () from /lib/libc.so.6
#5  0x00002afb03215266 in ?? () from /lib/libc.so.6
#6  0x00002afb03215e17 in realloc () from /lib/libc.so.6
#7  0x000000000045eb9a in Perl_safesysrealloc (where=0x8b08b0, size=168) at util.c:178
#8  0x000000000049493f in Perl_sv_grow (my_perl=<value optimized out>, sv=0x88de88, newlen=144)
    at sv.c:1437
#9  0x0000000000495962 in Perl_sv_catpvn_flags (my_perl=0x77f010, dsv=0x88de88, 
    sstr=0x79b738 "/usr/share/perl5", slen=16, flags=0) at sv.c:4241
#10 0x000000000049b826 in Perl_sv_catsv_flags (my_perl=0x77f010, dsv=0x88de88, ssv=0x784008, flags=2)
    at sv.c:4302
#11 0x00000000004b908a in Perl_pp_require (my_perl=0x77f010) at pp_ctl.c:3457
#12 0x00000000004533f1 in Perl_runops_debug (my_perl=0x77f010) at dump.c:1931
#13 0x0000000000472618 in Perl_call_sv (my_perl=0x77f010, sv=0x7a2610, flags=6) at perl.c:2646
#14 0x0000000000472b50 in Perl_call_list (my_perl=0xc32, oldscope=8, paramList=0x7a2400) at perl.c:5195
#15 0x000000000042239b in S_process_special_blocks (my_perl=0x77f010, fullname=<value optimized out>, 
    gv=0x7a26d0, cv=0x7a2610) at op.c:5631
#16 0x000000000042defe in Perl_newATTRSUB (my_perl=0x77f010, floor=166, o=<value optimized out>, 
    proto=<value optimized out>, attrs=0x0, block=0x7b2040) at op.c:5604
#17 0x000000000042cbe8 in Perl_utilize (my_perl=0x77f010, aver=1, floor=166, version=0x0, idop=0x7b1b50, 
    arg=0x0) at op.c:3757
#18 0x00000000005391ed in Perl_yyparse (my_perl=0x77f010) at perly.y:654
#19 0x00000000004b5f9c in S_doeval (my_perl=0x77f010, gimme=0, startop=0x0, outside=0x0, seq=0)
    at pp_ctl.c:2916
#20 0x00000000004b8c1b in Perl_pp_require (my_perl=0x77f010) at pp_ctl.c:3520
#21 0x00000000004533f1 in Perl_runops_debug (my_perl=0x77f010) at dump.c:1931
#22 0x0000000000472618 in Perl_call_sv (my_perl=0x77f010, sv=0x7a2208, flags=6) at perl.c:2646
#23 0x0000000000472b50 in Perl_call_list (my_perl=0xc32, oldscope=2, paramList=0x7a2310) at perl.c:5195
#24 0x000000000042239b in S_process_special_blocks (my_perl=0x77f010, fullname=<value optimized out>, 
    gv=0x7a22e0, cv=0x7a2208) at op.c:5631
#25 0x000000000042defe in Perl_newATTRSUB (my_perl=0x77f010, floor=27, o=<value optimized out>, 
    proto=<value optimized out>, attrs=0x0, block=0x7a8000) at op.c:5604
#26 0x000000000042cbe8 in Perl_utilize (my_perl=0x77f010, aver=1, floor=27, version=0x0, idop=0x7a98f0, 
    arg=0x7a8b60) at op.c:3757
#27 0x00000000005391ed in Perl_yyparse (my_perl=0x77f010) at perly.y:654
#28 0x0000000000474ac1 in S_parse_body (my_perl=0x77f010, env=0x0, xsinit=0x4214c0 <xs_init>)
    at perl.c:2230
#29 0x0000000000475a83 in perl_parse (my_perl=0x77f010, xsinit=0x4214c0 <xs_init>, argc=3, 
    argv=0x7fffa81bde88, env=0x0) at perl.c:1650
#30 0x000000000042146b in main (argc=3, argv=0x7fffa81bde88, env=0x7fffa81bdea8) at perlmain.c:111

Cheers,
-- 
Niko Tyni   ntyni@debian.org

Message #26 received at 454792@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: Don Armstrong <don@debian.org>, 454792@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#454792: double free and segfault on utf8 containing regexes

Date: Mon, 7 Apr 2008 21:46:26 +0300

[Message part 1 (text/plain, inline)]

notfound 454792 5.10.0-7
close 454792 5.10.0-1
tag 454792 patch etch
thanks

> On Fri, Dec 07, 2007 at 02:03:25PM -0800, Don Armstrong wrote:
> > Package: perl
> > Severity: serious
> > Version: 5.8.8-7etch4
> > Tags: security
> > 
> > A trivial program containing a regex with UTF8 characters causes a
> > double free error and segfault:
> 
> > *** glibc detected *** debugperl: double free or corruption (!prev): 0x081e20e0 ***
> 
> There are still problems with 5.10.0, but they only show up for me with
> 'debugperl -Dm'. Note that '-Dm' crashes anyway when it's done due to
> #474613, but we don't get that far here.

Further investigation shows that the -Dm problems are a separate issue
specific to 5.10.0. I'll discuss those in #474613.

The utf8 regexp crash is fixed upstream by 

Change 29204 by merijn@merijn-pc09 on 2006/11/04 19:15:19

    Subject: Re: [perl #40641] crash with unicode characters in regex comment
    From: SADAHIRO Tomoyuki <bqw10602@nifty.com>
    Date: Sat, 04 Nov 2006 21:53:50 +0900
    Message-Id: <20061104215302.3325.BQW10602@nifty.com>

which is in 5.10.0, so closing at 5.10.0-1 (ie. fixed-in-experimental).

It was backported to the 5.8-maint branch as change 32364 after 5.8.8
was released.

> > I've set the severity to serious and tagged with security as there is
> > (apparently) a possibility that this could result in execution of
> > arbitrary code. [I don't have any proof of concept for this or a CVE
> > though, so feel free to detag and lower severity.]

I'm unsure about the security implications. Will ask for opinions on p5p.
Cc'ing the security team to get them in the loop.

> > This is also filed upstream as #48156 [will mark it forwarded after I
> > receive the ack.]

Apparently [perl #40641] is a duplicate of the same issue. I'll send
note about this in the upstream ticket.

> > [We're seeing this quite a bit in the anti-spam bits of the BTS, so a
> > patch which fixes this would be nice. ;-)]

I'm attaching a patch for 5.8.8-12 (sid), and it applies with minimal
fuzz against 5.8.8-7etch4 too. I have built 5.8.8-12 with this and
verified that it doesn't crash anymore.

As mentioned earlier in this report, 'use utf8' instead of 
'use encoding "utf8"' is a (possibly incomplete) workaround.

Cheers,
-- 
Niko Tyni   ntyni@debian.org

[27_fix_regcomp_utf8 (text/plain, attachment)]

Message #39 received at 454792@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: Don Armstrong <don@debian.org>, 454792@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#454792: double free and segfault on utf8 containing regexes

Date: Sun, 20 Apr 2008 22:18:18 +0300

severity 454792 important
tag 454792 - security
thanks

On Mon, Apr 07, 2008 at 09:46:26PM +0300, Niko Tyni wrote:
> > On Fri, Dec 07, 2007 at 02:03:25PM -0800, Don Armstrong wrote:
> > > Package: perl
> > > Severity: serious
> > > Version: 5.8.8-7etch4
> > > Tags: security
> > > 
> > > A trivial program containing a regex with UTF8 characters causes a
> > > double free error and segfault:
> > 
> > > *** glibc detected *** debugperl: double free or corruption (!prev): 0x081e20e0 ***

> > > I've set the severity to serious and tagged with security as there is
> > > (apparently) a possibility that this could result in execution of
> > > arbitrary code. [I don't have any proof of concept for this or a CVE
> > > though, so feel free to detag and lower severity.]
> 
> I'm unsure about the security implications. Will ask for opinions on p5p.
> Cc'ing the security team to get them in the loop.

No response from either in two weeks, so it seems that nobody is
particularly concerned. Detagging and lowering the severity as suggested.
If anybody disagrees, please speak up and undo the control part.

Cheers,
-- 
Niko Tyni   ntyni@debian.org

Message #48 received at 454792@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>

To: Niko Tyni <ntyni@debian.org>

Cc: Don Armstrong <don@debian.org>, 454792@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#454792: double free and segfault on utf8 containing regexes

Date: Sun, 20 Apr 2008 21:46:34 +0200

* Niko Tyni:

>> I'm unsure about the security implications. Will ask for opinions on p5p.
>> Cc'ing the security team to get them in the loop.
>
> No response from either in two weeks, so it seems that nobody is
> particularly concerned.

It's potentially security-relevant if it can be exploited by
UTF-8-decoding some input within the script.

Has there been any reaction on perl-5-porters (I guess this is what p5p
stands for)?

Message #53 received at 454792@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>

To: Niko Tyni <ntyni@debian.org>

Cc: Don Armstrong <don@debian.org>, 454792@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#454792: double free and segfault on utf8 containing regexes

Date: Sun, 20 Apr 2008 21:47:54 +0200

* Florian Weimer:

> * Niko Tyni:
>
>>> I'm unsure about the security implications. Will ask for opinions on p5p.
>>> Cc'ing the security team to get them in the loop.
>>
>> No response from either in two weeks, so it seems that nobody is
>> particularly concerned.
>
> It's potentially security-relevant if it can be exploited by
> UTF-8-decoding some input within the script.

Sorry, forget that, different bug.

Message #58 received at 454792@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>

To: Niko Tyni <ntyni@debian.org>

Cc: Don Armstrong <don@debian.org>, 454792@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#454792: double free and segfault on utf8 containing regexes

Date: Sun, 20 Apr 2008 21:56:23 +0200

* Florian Weimer:

> * Florian Weimer:
>
>> * Niko Tyni:
>>
>>>> I'm unsure about the security implications. Will ask for opinions on p5p.
>>>> Cc'ing the security team to get them in the loop.
>>>
>>> No response from either in two weeks, so it seems that nobody is
>>> particularly concerned.
>>
>> It's potentially security-relevant if it can be exploited by
>> UTF-8-decoding some input within the script.
>
> Sorry, forget that, different bug.

Okay, next opinion, after actually investigating the bug (not so much
"different bug", but "wrong impression after seeing the uuencode blob"):

This bug also happens with

  if (/^\Q$ans\E| \Q$ans\E/) { print "I was wrong, sorry...\n"}

(the recommended method of including untrusted input in regular
expressions).  As a result, I fear that it opens a DoS vector in quite a
few services.

How much testing has this patch:

http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792

received?

Are there any other issues we should bundle with an update?

Message #63 received at 454792@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: Florian Weimer <fw@deneb.enyo.de>

Cc: Don Armstrong <don@debian.org>, 454792@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#454792: double free and segfault on utf8 containing regexes

Date: Mon, 21 Apr 2008 00:06:03 +0300

On Sun, Apr 20, 2008 at 09:46:34PM +0200, Florian Weimer wrote:
 
> >> I'm unsure about the security implications. Will ask for opinions on p5p.
> >> Cc'ing the security team to get them in the loop.
> >
> > No response from either in two weeks, so it seems that nobody is
> > particularly concerned.
> 
> It's potentially security-relevant if it can be exploited by
> UTF-8-decoding some input within the script.
> 
> Has there been any reaction on perl-5-porters (I guess this is what p5p
> stands for)?
 
No reaction except a mention in "This Week on perl5-porters":

 http://www.nntp.perl.org/group/perl.perl5.porters/2008/04/msg135902.html

On Sun, Apr 20, 2008 at 09:56:23PM +0200, Florian Weimer wrote:

> Okay, next opinion, after actually investigating the bug (not so much
> "different bug", but "wrong impression after seeing the uuencode blob"):
> 
> This bug also happens with
> 
>   if (/^\Q$ans\E| \Q$ans\E/) { print "I was wrong, sorry...\n"}
> 
> (the recommended method of including untrusted input in regular
> expressions).  As a result, I fear that it opens a DoS vector in quite a
> few services.
> 
> How much testing has this patch:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=26;filename=27_fix_regcomp_utf8;att=1;bug=454792
> 
> received?

It's picked from the upstream branch that's soon going to be released
as 5.8.9.

I have verified that it fixes the reported segfault and built a local
package passing the test suite on i386/sid on top of 5.8.8-12.

> Are there any other issues we should bundle with an update?

Please look at #470676, which I also Cc'd the security team about today.

No other issues that I know about. Brendan?

Cheers,
-- 
Niko Tyni   ntyni@debian.org

Message #72 received at 454792-close@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>

To: 454792-close@bugs.debian.org

Subject: Bug#454792: fixed in perl 5.8.8-7etch4

Date: Sun, 04 May 2008 07:52:31 +0000

Source: perl
Source-Version: 5.8.8-7etch4

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.8.8-7etch4_all.deb
  to pool/main/p/perl/libcgi-fast-perl_5.8.8-7etch4_all.deb
libperl-dev_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/libperl-dev_5.8.8-7etch4_amd64.deb
libperl5.8_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/libperl5.8_5.8.8-7etch4_amd64.deb
perl-base_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl-base_5.8.8-7etch4_amd64.deb
perl-debug_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl-debug_5.8.8-7etch4_amd64.deb
perl-doc_5.8.8-7etch4_all.deb
  to pool/main/p/perl/perl-doc_5.8.8-7etch4_all.deb
perl-modules_5.8.8-7etch4_all.deb
  to pool/main/p/perl/perl-modules_5.8.8-7etch4_all.deb
perl-suid_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl-suid_5.8.8-7etch4_amd64.deb
perl_5.8.8-7etch4.diff.gz
  to pool/main/p/perl/perl_5.8.8-7etch4.diff.gz
perl_5.8.8-7etch4.dsc
  to pool/main/p/perl/perl_5.8.8-7etch4.dsc
perl_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl_5.8.8-7etch4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 454792@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Florian Weimer <fw@deneb.enyo.de> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 22 Apr 2008 21:59:42 +0200
Source: perl
Binary: perl-base libcgi-fast-perl libperl-dev perl-debug perl-modules perl libperl5.8 perl-suid perl-doc
Architecture: source amd64 all
Version: 5.8.8-7etch4
Distribution: stable-security
Urgency: high
Maintainer: Brendan O'Dea <bod@debian.org>
Changed-By: Florian Weimer <fw@deneb.enyo.de>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.8 - Shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - The Pathologically Eclectic Rubbish Lister
 perl-debug - Debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
 perl-suid  - Runs setuid Perl scripts
Closes: 454792
Changes: 
 perl (5.8.8-7etch4) stable-security; urgency=high
 .
   * Apply patch to fix a heap overflow in the UTF-8 regexp compiler.
     Closes: 454792.
Files: 
 a76db5d6c1c52e969641f262971d671b 1033 perl standard perl_5.8.8-7etch4.dsc
 456e57f3e1d3c9ec432175496a646030 96868 perl standard perl_5.8.8-7etch4.diff.gz
 b0ff6226ffb342f1e2c8c53c32caf5b3 40980 perl optional libcgi-fast-perl_5.8.8-7etch4_all.deb
 ed4582d9dede3e6c429d7501c3111e72 7348546 doc optional perl-doc_5.8.8-7etch4_all.deb
 dbbb5c3c64e2384db97b4b487610bc5e 2313432 perl standard perl-modules_5.8.8-7etch4_all.deb
 61e1d09c98fb1fb5f12483ae9f63ab79 808850 perl required perl-base_5.8.8-7etch4_amd64.deb
 3ca5eb6e7cc032d82753d33ad83b4a01 2734908 perl optional perl-debug_5.8.8-7etch4_amd64.deb
 22480b2f4bded243ae1f621f0fe59fef 32800 perl optional perl-suid_5.8.8-7etch4_amd64.deb
 25a444e727fd3a6d204bc6a536dfa30d 1010 libs optional libperl5.8_5.8.8-7etch4_amd64.deb
 81613abb6e184e1ff68f673b3b08f3bd 630448 libdevel optional libperl-dev_5.8.8-7etch4_amd64.deb
 f1ecc46e8ea9796aae6c7874c283c57d 4238138 perl standard perl_5.8.8-7etch4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSA5Rgr97/wQC1SS+AQIFRwf/VPRnUMQ6qqSFYXJCIiTjIgUTppEjMzrw
iYQ+rTwWp3jeZZ+vxhQ4rA46+PYU1h40AS+su51tl5Bfav8gvp80/DsmcSU9XphI
kSpY/sV6qyVb0vyO6C8ByPWkbdMWgY5oHCgq7HtmVzZmEsR7f4r4ak715iO4FqUX
O/trJQYN+zbTLjSz54taTzp/aJZiBAZNaTRoi0hHqMDQdzylO9vJqZl3/zIW+7Qt
Oh9SwWEbrW7tCbINNNJjbOIi5tSSIyfYtQSkh/gi40IitkoU/P50P8m0mtLztHED
xC6P+FgPlj7899JHhAx5mGYkcg111WYA5zsHKADPnDJbCJ8uvN1ksA==
=fJhs
-----END PGP SIGNATURE-----

Message #82 received at 454792-close@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>

To: 454792-close@bugs.debian.org

Subject: Bug#454792: fixed in perl 5.8.8-7etch4

Date: Sun, 04 May 2008 19:52:15 +0000

Source: perl
Source-Version: 5.8.8-7etch4

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.8.8-7etch4_all.deb
  to pool/main/p/perl/libcgi-fast-perl_5.8.8-7etch4_all.deb
libperl-dev_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/libperl-dev_5.8.8-7etch4_amd64.deb
libperl5.8_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/libperl5.8_5.8.8-7etch4_amd64.deb
perl-base_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl-base_5.8.8-7etch4_amd64.deb
perl-debug_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl-debug_5.8.8-7etch4_amd64.deb
perl-doc_5.8.8-7etch4_all.deb
  to pool/main/p/perl/perl-doc_5.8.8-7etch4_all.deb
perl-modules_5.8.8-7etch4_all.deb
  to pool/main/p/perl/perl-modules_5.8.8-7etch4_all.deb
perl-suid_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl-suid_5.8.8-7etch4_amd64.deb
perl_5.8.8-7etch4.diff.gz
  to pool/main/p/perl/perl_5.8.8-7etch4.diff.gz
perl_5.8.8-7etch4.dsc
  to pool/main/p/perl/perl_5.8.8-7etch4.dsc
perl_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl_5.8.8-7etch4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 454792@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Florian Weimer <fw@deneb.enyo.de> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 25 Apr 2008 21:12:00 +0200
Source: perl
Binary: perl-base libcgi-fast-perl libperl-dev perl-debug perl-modules perl libperl5.8 perl-suid perl-doc
Architecture: source amd64 all
Version: 5.8.8-7etch4
Distribution: stable-security
Urgency: high
Maintainer: Brendan O'Dea <bod@debian.org>
Changed-By: Florian Weimer <fw@deneb.enyo.de>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.8 - Shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - The Pathologically Eclectic Rubbish Lister
 perl-debug - Debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
 perl-suid  - Runs setuid Perl scripts
Closes: 454792
Changes: 
 perl (5.8.8-7etch4) stable-security; urgency=high
 .
   * Actually apply the patch to fix CVE-2008-1927, a heap overflow in the
     UTF-8 regexp compiler.  Closes: #454792.
Files: 
 a64a02ca01379537d6b203f10b4057b0 1033 perl standard perl_5.8.8-7etch4.dsc
 ac6b2e452c2062c5e98148f55220b9f3 99389 perl standard perl_5.8.8-7etch4.diff.gz
 dfc3818aa0723f40b5ef8d5ca73d06e6 41038 perl optional libcgi-fast-perl_5.8.8-7etch4_all.deb
 36d0578f3232446b96d10f3488c23949 7348642 doc optional perl-doc_5.8.8-7etch4_all.deb
 6150633786b45319e72c73ab60a20d5a 2313550 perl standard perl-modules_5.8.8-7etch4_all.deb
 02d678a10a760c707043700080fe6677 809292 perl required perl-base_5.8.8-7etch4_amd64.deb
 cc9d44d140168420a31f976087a6848b 2735170 perl optional perl-debug_5.8.8-7etch4_amd64.deb
 153d300bc6ffad71441acf04afde4803 32798 perl optional perl-suid_5.8.8-7etch4_amd64.deb
 650fb6254665901c0cb840f910954a11 1010 libs optional libperl5.8_5.8.8-7etch4_amd64.deb
 14542161388a8c503c7a7abb6d33d4d4 630678 libdevel optional libperl-dev_5.8.8-7etch4_amd64.deb
 6e0392904c08c4fba6bb93ee1ace7dd0 4237990 perl standard perl_5.8.8-7etch4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSBIz7r97/wQC1SS+AQLk0Af/bJfCFzsX+UaTgjQWVaSkIZKVzRAX4tUA
5W5OJ3MoTXmR64bQnPIv1anS6ovz/Y9pIj7iqMcslkICXQUMdIba85z36HgoOcRz
2M1y08OSbj52xv4p+Bip+B+8hMfNQbz99Tb3vKoCYE9hK8aQ3fBmPG6YG35FgHA2
w+gSIkMFw6dWOpV0ZSzU5U7WxcBn+JDVXcxiaBHG6ShOQa5a1IuFFuMEyP1cDp2E
jhLXYzF3CkRT5oo0GCobzUqlT1nzb1PicSEsnw1UmN8i0juumw1T/Qcpz8aS7/yk
dHa1AOXNCMl61aG6LFCheH62VXhI4lbdPrZBnwuHKRdtRAtB2p79Pw==
=gmuV
-----END PGP SIGNATURE-----

Message #92 received at 454792-close@bugs.debian.org (full text, mbox, reply):

From: Florian Weimer <fw@deneb.enyo.de>

To: 454792-close@bugs.debian.org

Subject: Bug#454792: fixed in perl 5.8.8-7etch4

Date: Sat, 26 Jul 2008 09:57:50 +0000

Source: perl
Source-Version: 5.8.8-7etch4

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.8.8-7etch4_all.deb
  to pool/main/p/perl/libcgi-fast-perl_5.8.8-7etch4_all.deb
libperl-dev_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/libperl-dev_5.8.8-7etch4_amd64.deb
libperl5.8_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/libperl5.8_5.8.8-7etch4_amd64.deb
perl-base_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl-base_5.8.8-7etch4_amd64.deb
perl-debug_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl-debug_5.8.8-7etch4_amd64.deb
perl-doc_5.8.8-7etch4_all.deb
  to pool/main/p/perl/perl-doc_5.8.8-7etch4_all.deb
perl-modules_5.8.8-7etch4_all.deb
  to pool/main/p/perl/perl-modules_5.8.8-7etch4_all.deb
perl-suid_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl-suid_5.8.8-7etch4_amd64.deb
perl_5.8.8-7etch4.diff.gz
  to pool/main/p/perl/perl_5.8.8-7etch4.diff.gz
perl_5.8.8-7etch4.dsc
  to pool/main/p/perl/perl_5.8.8-7etch4.dsc
perl_5.8.8-7etch4_amd64.deb
  to pool/main/p/perl/perl_5.8.8-7etch4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 454792@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Florian Weimer <fw@deneb.enyo.de> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 25 Apr 2008 21:12:00 +0200
Source: perl
Binary: perl-base libcgi-fast-perl libperl-dev perl-debug perl-modules perl libperl5.8 perl-suid perl-doc
Architecture: source amd64 all
Version: 5.8.8-7etch4
Distribution: stable-security
Urgency: high
Maintainer: Brendan O'Dea <bod@debian.org>
Changed-By: Florian Weimer <fw@deneb.enyo.de>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.8 - Shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - The Pathologically Eclectic Rubbish Lister
 perl-debug - Debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
 perl-suid  - Runs setuid Perl scripts
Closes: 454792
Changes: 
 perl (5.8.8-7etch4) stable-security; urgency=high
 .
   * Actually apply the patch to fix CVE-2008-1927, a heap overflow in the
     UTF-8 regexp compiler.  Closes: #454792.
Files: 
 a64a02ca01379537d6b203f10b4057b0 1033 perl standard perl_5.8.8-7etch4.dsc
 ac6b2e452c2062c5e98148f55220b9f3 99389 perl standard perl_5.8.8-7etch4.diff.gz
 dfc3818aa0723f40b5ef8d5ca73d06e6 41038 perl optional libcgi-fast-perl_5.8.8-7etch4_all.deb
 36d0578f3232446b96d10f3488c23949 7348642 doc optional perl-doc_5.8.8-7etch4_all.deb
 6150633786b45319e72c73ab60a20d5a 2313550 perl standard perl-modules_5.8.8-7etch4_all.deb
 02d678a10a760c707043700080fe6677 809292 perl required perl-base_5.8.8-7etch4_amd64.deb
 cc9d44d140168420a31f976087a6848b 2735170 perl optional perl-debug_5.8.8-7etch4_amd64.deb
 153d300bc6ffad71441acf04afde4803 32798 perl optional perl-suid_5.8.8-7etch4_amd64.deb
 650fb6254665901c0cb840f910954a11 1010 libs optional libperl5.8_5.8.8-7etch4_amd64.deb
 14542161388a8c503c7a7abb6d33d4d4 630678 libdevel optional libperl-dev_5.8.8-7etch4_amd64.deb
 6e0392904c08c4fba6bb93ee1ace7dd0 4237990 perl standard perl_5.8.8-7etch4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSBIz7r97/wQC1SS+AQLk0Af/bJfCFzsX+UaTgjQWVaSkIZKVzRAX4tUA
5W5OJ3MoTXmR64bQnPIv1anS6ovz/Y9pIj7iqMcslkICXQUMdIba85z36HgoOcRz
2M1y08OSbj52xv4p+Bip+B+8hMfNQbz99Tb3vKoCYE9hK8aQ3fBmPG6YG35FgHA2
w+gSIkMFw6dWOpV0ZSzU5U7WxcBn+JDVXcxiaBHG6ShOQa5a1IuFFuMEyP1cDp2E
jhLXYzF3CkRT5oo0GCobzUqlT1nzb1PicSEsnw1UmN8i0juumw1T/Qcpz8aS7/yk
dHa1AOXNCMl61aG6LFCheH62VXhI4lbdPrZBnwuHKRdtRAtB2p79Pw==
=gmuV
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.