Package: perl
Version: 5.12.4-3
Severity: grave
Tags: security
Justification: user security hole
Encode 2.44 has been released with the following change:
! Unicode/Unicode.xs
Addressed the following:
Date: Fri, 22 Jul 2011 13:58:43 +0200
From: Robert Zacek <za...@avast.com>
To: perl5-security-rep...@perl.org
Subject: Unicode.xs!decode_xs n-byte heap-overflow
This has been fixed in libencode-perl 2.44-1; it probably also needs
fixing in perl.
The relevant patch appears to be
<http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5>
I haven't seen any further details about this one, but setting severity
to grave for now.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
