Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2010-4777

Source

Debian Bug report logs - #628836
perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions

Package: perl-debug; Maintainer for perl-debug is Niko Tyni <ntyni@debian.org>; Source for perl-debug is src:perl (PTS, buildd, popcon).

Reported by: Dominic Hargreaves <dom@earth.li>

Date: Wed, 1 Jun 2011 18:24:02 UTC

Severity: important

Tags: fixed-upstream, security

Fixed in version 5.18.0-1

Done: Dominic Hargreaves <dom@earth.li>

Bug is archived. No further changes may be made.

Forwarded to http://rt.perl.org/rt3/Public/Bug/Display.html?id=76538

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Niko Tyni <ntyni@debian.org>:
Bug#628836; Package perl-debug. (Wed, 01 Jun 2011 18:24:05 GMT) (full text, mbox, link).

Acknowledgement sent to Dominic Hargreaves <dom@earth.li>:
New Bug report received and forwarded. Copy sent to Niko Tyni <ntyni@debian.org>. (Wed, 01 Jun 2011 18:24:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: perl-debug
Severity: important

Tags: security

<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4777>

Confirmed by Moritz on lenny and squeeze with debugperl from perl-debug
only; therefore it doesn't need a DSA.

Apparently fixed in 5.14.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#628836; Package perl-debug. (Thu, 02 Jun 2011 16:09:08 GMT) (full text, mbox, link).

Acknowledgement sent to Niko Tyni <ntyni@debian.org>:
Extra info received and forwarded to list. (Thu, 02 Jun 2011 16:09:08 GMT) (full text, mbox, link).

Message #10 received at 628836@bugs.debian.org (full text, mbox, reply):

forwarded 628836 http://rt.perl.org/rt3/Public/Bug/Display.html?id=76538
thanks

On Wed, Jun 01, 2011 at 07:21:50PM +0100, Dominic Hargreaves wrote:
> Package: perl-debug
> Severity: important
> 
> Tags: security
> 
> <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4777>
> 
> Confirmed by Moritz on lenny and squeeze with debugperl from perl-debug
> only; therefore it doesn't need a DSA.
> 
> Apparently fixed in 5.14.

Michael Schroeder noted in [perl #76538] that this still fails on 5.14.0
with -DDEBUGGING (our /usr/bin/debugperl from perl-debug):

#!/usr/bin/debugperl
my @x = ("AX=B","AAAAAAX=");
utf8::upgrade($x[1]);
for (@x) {
m{^([^=]+?)X\s*=.+$};
print "-> $1\n";
}

-- 
Niko Tyni   ntyni@debian.org

Set Bug forwarded-to-address to 'http://rt.perl.org/rt3/Public/Bug/Display.html?id=76538'. Request was from Niko Tyni <ntyni@debian.org> to control@bugs.debian.org. (Thu, 02 Jun 2011 16:09:10 GMT) (full text, mbox, link).

Added tag(s) security. Request was from Dominic Hargreaves <dom@earth.li> to control@bugs.debian.org. (Fri, 10 Jun 2011 19:57:04 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Mon, 02 Mar 2015 17:00:23 GMT) (full text, mbox, link).

Reply sent to Dominic Hargreaves <dom@earth.li>:
You have taken responsibility. (Fri, 01 Apr 2016 23:09:14 GMT) (full text, mbox, link).

Notification sent to Dominic Hargreaves <dom@earth.li>:
Bug acknowledged by developer. (Fri, 01 Apr 2016 23:09:14 GMT) (full text, mbox, link).

Message #21 received at 628836-done@bugs.debian.org (full text, mbox, reply):

Version: 5.18.0-1

On Thu, Jun 02, 2011 at 07:05:11PM +0300, Niko Tyni wrote:
> forwarded 628836 http://rt.perl.org/rt3/Public/Bug/Display.html?id=76538
> thanks
> 
> On Wed, Jun 01, 2011 at 07:21:50PM +0100, Dominic Hargreaves wrote:
> > Package: perl-debug
> > Severity: important
> > 
> > Tags: security
> > 
> > <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4777>
> > 
> > Confirmed by Moritz on lenny and squeeze with debugperl from perl-debug
> > only; therefore it doesn't need a DSA.
> > 
> > Apparently fixed in 5.14.
> 
> Michael Schroeder noted in [perl #76538] that this still fails on 5.14.0
> with -DDEBUGGING (our /usr/bin/debugperl from perl-debug):
> 
> #!/usr/bin/debugperl
> my @x = ("AX=B","AAAAAAX=");
> utf8::upgrade($x[1]);
> for (@x) {
> m{^([^=]+?)X\s*=.+$};
> print "-> $1\n";
> }

Subsequent discussions suggest that this is now fixed, in 5.18.0
if not 5.14.0. Closing.

Dominic.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 30 Apr 2016 07:34:16 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:13:12 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions

Debian Bug report logs - #628836
perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions

Vulmon Search

About

Products

Connect

perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions

Debian Bug report logs - #628836 perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions

Vulmon Search

About

Products

Connect

Debian Bug report logs - #628836
perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions