On Fri, Aug 21, 2009 at 11:35:12AM +0200, Giuseppe Iuculano wrote: > the following CVE (Common Vulnerabilities & Exposures) id was > published for libcompress-raw-bzip2-perl. > > CVE-2009-1884[0]: > | Off-by-one error in the bzinflate function in Bzip2.xs in the > | Compress-Raw-Bzip2 module before 2.018 for Perl allows > | context-dependent attackers to cause a denial of service (application > | hang or crash) via a crafted bzip2 compressed stream that triggers a > | buffer overflow, a related issue to CVE-2009-1391.
Hi Bas, FYI I'm preparing stable updates of perl and libcompress-raw-zlib-perl because of the identical issue in Compress-Raw-Zlib (CVE-2009-1391). The security team recommended this because they are too busy to prepare DSAs for such minor issues. Please consider updating libcompress-raw-bzip2-perl too. The window for the next stable update is closing this weekend. Cheers, -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
