Package: perl Version: 5.10.0-19 Severity: grave Tags: security Justification: user security hole
A security vulnverability was found in Compress::Raw::Zlib: Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause the perl process at least to hang or to crash. This causes a remote DoS in amavisd-new. The perl package in lenny and sid contains Compress::Raw::Zlib 2.008. There is also a separate package libcompress-raw-zlib-perl More information can be found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391 _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team