Bug#689314: marked as done (perl: segfaults when echoing a very long string [CVE-2012-5195])

Wed, 10 Oct 2012 12:36:18 -0700 

Your message dated Wed, 10 Oct 2012 19:33:12 +0000
with message-id <[email protected]>
and subject line Bug#689314: fixed in perl 5.14.2-14
has caused the Debian Bug report #689314,
regarding perl: segfaults when echoing a very long string [CVE-2012-5195]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
689314: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689314
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: perl
Version: 5.14.2-13
Severity: normal

# perl -le 'print "v"x(2**31+1) ."=1"'                                          
     
Segmentation fault 

Trying to reproduce the error from
http://git.kernel.org/?p=libs/klibc/klibc.git;a=commitdiff;h=127b17bb38dbfc95386a52b2159f059221d33497
on Debian wheezy/amd64.

Interestingly enough, Debian lenny/amd64 works just fine.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh-static

Versions of packages perl depends on:
ii  libbz2-1.0    1.0.6-4
ii  libc6         2.13-35
ii  libdb5.1      5.1.29-5
ii  libgdbm3      1.8.3-11
ii  perl-base     5.14.2-13
ii  perl-modules  5.14.2-13
ii  zlib1g        1:1.2.7.dfsg-13

Versions of packages perl recommends:
ii  netbase  5.0

Versions of packages perl suggests:
pn  libterm-readline-gnu-perl | libterm-readline-perl-perl  <none>
ii  make                                                    3.81-8.2
pn  perl-doc                                                <none>

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: perl
Source-Version: 5.14.2-14

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <[email protected]> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 10 Oct 2012 21:17:36 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.14 
libperl-dev perl
Architecture: source all amd64
Version: 5.14.2-14
Distribution: unstable
Urgency: high
Maintainer: Niko Tyni <[email protected]>
Changed-By: Niko Tyni <[email protected]>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.14 - shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
Closes: 689314
Changes: 
 perl (5.14.2-14) unstable; urgency=high
 .
   * [SECURITY] CVE-2012-5195: fix a heap buffer overrun with
     the 'x' string repeat operator. (Closes: #689314)
Checksums-Sha1: 
 0fa0a577774d7edddbcba98f4d893ae6c60071ed 1729 perl_5.14.2-14.dsc
 82dcf4e5bd8b2523e5c74389092ed3762e9a9da6 139457 perl_5.14.2-14.debian.tar.gz
 a530ee2042eeb76e7ea9238e8c4f0703cda8aee2 75536 
libcgi-fast-perl_5.14.2-14_all.deb
 0a506dd59b65499cfb307458c56acc4b7e525616 8167364 perl-doc_5.14.2-14_all.deb
 a502b2b9452a7e5ccc2f9dc6487ad4c95a694b15 3441550 perl-modules_5.14.2-14_all.deb
 1205249b2f0386e0ecb037f191d86a611532b829 1535070 perl-base_5.14.2-14_amd64.deb
 f6f8a974387f6f73af686a251810d89664a11a08 8006206 perl-debug_5.14.2-14_amd64.deb
 8e0c0b46af1a9f04db1f58b3af3e7aae57a11531 1176 libperl5.14_5.14.2-14_amd64.deb
 a14367becba92ad9fbe558879e6e723c8328a0af 3320866 
libperl-dev_5.14.2-14_amd64.deb
 5decf1dc26e86213cbe6fa6c856f7410952f6069 4424162 perl_5.14.2-14_amd64.deb
Checksums-Sha256: 
 a9de2518d0a2d66891cd8ec4bd5f0f955eed1a2082b3c3fa3067af737ca200ba 1729 
perl_5.14.2-14.dsc
 6dc01d6788f2208b794080e77dd6302a2b2af27f2cd67e1a14dcadddcbb7ab1e 139457 
perl_5.14.2-14.debian.tar.gz
 0907697ac1f5bdbc6c28abffc817dd6ce4fbbc594002baa374b9c5c1051b0d12 75536 
libcgi-fast-perl_5.14.2-14_all.deb
 2e6a736563187e09996585a6b84d82d4d34272ec6708e6117379844de5d3906c 8167364 
perl-doc_5.14.2-14_all.deb
 d84ebe4a149b802fccc66eb3f273b65b26c132f0cd717775e2e4764690c10eab 3441550 
perl-modules_5.14.2-14_all.deb
 1a4abb408c6b728fa0d00471036da9260bebc194277559aef9a6781f14cb4aea 1535070 
perl-base_5.14.2-14_amd64.deb
 29cb6c4900bf5e6658c35ccef442c781c57a29f131760fdc533429bf6803b945 8006206 
perl-debug_5.14.2-14_amd64.deb
 2d25dc015dbb729036aa032d7049fe8b685d8ce2e5c2661cdafafbcb6e6d0d18 1176 
libperl5.14_5.14.2-14_amd64.deb
 133735f02f416bfe7291c791fec5eeadd164253c37cb808ea6e1988ce1a9152e 3320866 
libperl-dev_5.14.2-14_amd64.deb
 f5a7b2e02b100c07aa3f62bde7286ec67a65a71e516847a0be0b2d49f848d0c2 4424162 
perl_5.14.2-14_amd64.deb
Files: 
 57784b092f7e5f56f69dfc69876ce9c1 1729 perl standard perl_5.14.2-14.dsc
 4108bbec738d432b025f6073f00ebea0 139457 perl standard 
perl_5.14.2-14.debian.tar.gz
 4cf4b1974618d3c4bcc32470ebe1fa4b 75536 perl optional 
libcgi-fast-perl_5.14.2-14_all.deb
 62da056bf4c991f2f52cba3b6bd251d1 8167364 doc optional 
perl-doc_5.14.2-14_all.deb
 7e0d99886bd1440d59accd9d7f5846a6 3441550 perl standard 
perl-modules_5.14.2-14_all.deb
 b2975f6a3fae78d15b35c83c4983daee 1535070 perl required 
perl-base_5.14.2-14_amd64.deb
 da71d36c0cf342b054edc28efd14cfac 8006206 debug extra 
perl-debug_5.14.2-14_amd64.deb
 cb4bdf0b66a759ef0accfec948c39d1b 1176 libs optional 
libperl5.14_5.14.2-14_amd64.deb
 9ac0c7825282e182e2d53522313ed894 3320866 libdevel optional 
libperl-dev_5.14.2-14_amd64.deb
 17d5f6c17501562fd8c4002f72ddeeda 4424162 perl standard perl_5.14.2-14_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlB1yIkACgkQiyizGWoHLTk5cwCfQpnuyyo3HdpOUAaAyNXXjYX6
wmoAoIQQ8VLA38qSpwTgAlwtIWWEnjiZ
=DuJm
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to