OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 03-Dec-2005 14:24:09
Branch: HEAD Handle: 2005120313240900
Added files:
openpkg-web/security OpenPKG-SA-2005.025-perl.txt
Log:
release OpenPKG Security Advisory 2005.025 (perl)
Summary:
Revision Changes Path
1.1 +51 -0 openpkg-web/security/OpenPKG-SA-2005.025-perl.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2005.025-perl.txt
============================================================================
$ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.025-perl.txt
--- /dev/null 2005-12-03 14:24:07 +0100
+++ OpenPKG-SA-2005.025-perl.txt 2005-12-03 14:24:09 +0100
@@ -0,0 +1,51 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+________________________________________________________________________
+
+OpenPKG Security Advisory The OpenPKG Project
+http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
+OpenPKG-SA-2005.025 03-Dec-2005
+________________________________________________________________________
+
+Package: perl
+Vulnerability: integer overflow, arbitrary code execution
+OpenPKG Specific: no
+
+Affected Releases: Affected Packages: Corrected Packages:
+OpenPKG CURRENT <= perl-5.8.7-20050921 >= perl-5.8.7-20051203
+OpenPKG 2.5 <= perl-5.8.7-2.5.0 >= perl-5.8.7-2.5.1
+OpenPKG 2.4 <= perl-5.8.7-2.4.0 >= perl-5.8.7-2.4.1
+OpenPKG 2.3 <= perl-5.8.6-2.3.0 >= perl-5.8.6-2.3.1
+
+Description:
+ According to a security advisory from Dyad Security [0], an integer
+ overflow bug exists in the Perl [1] programming language. The integer
+ overflow is in the format string functionality (Perl_sv_vcatpvfn) of
+ Perl and allows attackers to overwrite arbitrary memory and possibly
+ execute arbitrary code via format string specifiers with large values.
+ The Common Vulnerabilities and Exposures (CVE) project assigned the id
+ CVE-2005-3962 [2] to the problem.
+________________________________________________________________________
+
+References:
+ [0] http://www.dyadsecurity.com/perl-0002.html
+ [1] http://www.perl.org/
+ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962
+________________________________________________________________________
+
+For security reasons, this advisory was digitally signed with the
+OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the
+OpenPKG project which you can retrieve from http://pgp.openpkg.org and
+hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
+for details on how to verify the integrity of this advisory.
+________________________________________________________________________
+
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQFDkZxrgHWT4GPEy58RAikXAKCUQaaaYqxG3+QTRQtNVL5YLXvaMgCdGZqn
+MTL3qjtRNoCw7vT6iRUDRs8=
+=jRTP
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
