In perl.git, the branch maint-5.14 has been updated
<http://perl5.git.perl.org/perl.git/commitdiff/60ebb1cd3cd83939be9254493cfe7e58f41c52f2?hp=b675304e3fdbcce3ef853b06b6ebe870d99faa7e>
- Log -----------------------------------------------------------------
commit 60ebb1cd3cd83939be9254493cfe7e58f41c52f2
Author: Dominic Hargreaves <d...@earth.li>
Date: Wed Oct 10 22:01:49 2012 +0100
disarm RC2 bump
M patchlevel.h
commit d071228b493635c854a7e702424548601e05af43
Author: Dominic Hargreaves <d...@earth.li>
Date: Wed Oct 10 18:03:12 2012 +0100
bump version to RC2
M patchlevel.h
commit 2c702c1ede23c39ecab0b9effeee41a42dc6764e
Author: Dominic Hargreaves <d...@earth.li>
Date: Wed Oct 10 17:45:51 2012 +0100
refresh Acknowledgements
M pod/perldelta.pod
commit bb1ae21680de484afe11207a004caa1f352326dc
Author: Dominic Hargreaves <d...@earth.li>
Date: Wed Oct 10 17:19:18 2012 +0100
perldelta for heap buffer overrun fix
M pod/perldelta.pod
-----------------------------------------------------------------------
Summary of changes:
pod/perldelta.pod | 22 ++++++++++++++++------
1 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 7e9b646..95f209a 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -30,6 +30,16 @@ the algorithm name used, or be able to execute arbitrary
Perl code already.
This problem has been fixed.
+=head2 Heap buffer overrun in 'x' string repeat operator (CVE-2012-5195)
+
+Poorly written perl code that allows an attacker to specify the count to
+perl's 'x' string repeat operator can already cause a memory exhaustion
+denial-of-service attack. A flaw in versions of perl before 5.15.5 can
+escalate that into a heap buffer overrun; coupled with versions of glibc
+before 2.16, it possibly allows the execution of arbitrary code.
+
+This problem has been fixed.
+
=head1 Incompatible Changes
There are no changes intentionally incompatible with 5.14.0. If any
@@ -208,18 +218,18 @@ C</[[:lower:]]/i> and C</[[:upper:]]/i> no longer matched
the opposite case.
=head1 Acknowledgements
Perl 5.14.3 represents approximately 12 months of development since Perl 5.14.2
-and contains approximately 1,900 lines of changes across 61 files from 20
+and contains approximately 2,300 lines of changes across 64 files from 22
authors.
Perl continues to flourish into its third decade thanks to a vibrant community
of users and developers. The following people are known to have contributed the
improvements that became Perl 5.14.3:
-Abigail, Carl Hayter, Dave Rolsky, David Mitchell, Dominic Hargreaves, Father
-Chrysostomos, Florian Ragwitz, H.Merijn Brand, Jilles Tjoelker, Karl
-Williamson, Leon Timmermans, Michael G Schwern, Nicholas Clark, Niko Tyni, Pino
-Toscano, Ricardo Signes, Salvador Fandiño, Samuel Thibault, Steve Hay, Tony
-Cook.
+Abigail, Andy Dougherty, Carl Hayter, Chris 'BinGOs' Williams, Dave Rolsky,
+David Mitchell, Dominic Hargreaves, Father Chrysostomos, Florian Ragwitz,
+H.Merijn Brand, Jilles Tjoelker, Karl Williamson, Leon Timmermans, Michael G
+Schwern, Nicholas Clark, Niko Tyni, Pino Toscano, Ricardo Signes, Salvador
+Fandiño, Samuel Thibault, Steve Hay, Tony Cook.
The list above is almost certainly incomplete as it is automatically generated
from version control history. In particular, it does not include the names of
--
Perl5 Master Repository
