[Security-team] Fwd: CVS commit: pkgsrc/lang/perl5

[Dmitry V. Levin]

On Wed, Nov 07, 2007 at 03:13:27PM +0600, Slava Semushin wrote:
> JFYI: вдруг ещё не в курсе.

Давно в курсе.

> ---------- Forwarded message ----------
> From: Matthias Drochner <drochner / netbsd.org>
> Date: 07.11.2007 1:54
> Subject: CVS commit: pkgsrc/lang/perl5
> To: pkgsrc-changes / netbsd.org
> 
> Module Name:    pkgsrc
> Committed By:   drochner
> Date:           Tue Nov  6 19:54:53 UTC 2007
> 
> Modified Files:
>         pkgsrc/lang/perl5: Makefile distinfo
> Added Files:
>         pkgsrc/lang/perl5/patches: patch-da
> 
> Log Message:
> add a patch from Redhat bugzilla #323571 to fix CVE-2007-5116:
> A flaw was found in Perl's regular expression engine. Specially crafted
> input to a regular expression can cause Perl to improperly allocate memory,
> possibly resulting in arbitrary code running with the permissions of the
> user running Perl.

Это не совсем так: не specially crafted input, а specially crafted regexp.
Короче говоря, ничего срочного.


-- 
ldv
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип     : application/pgp-signature
Размер  : 189 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url     : <http://lists.altlinux.org/pipermail/security-team/attachments/20071107/f2d2183b/attachment-0002.bin>