KF (lists) wrote: > Much thanks on the quick response and fix. > Attached are the PoC for each condition incase you were wondering how > exploitable this *was*. > > Do you have any idea what the span of this bug is (like what versions > are affected)?
I'd say every release since we have PerlIO, e.g. every 5.8.x for x in 0..6. > Will there be a new release or perl announcement about > this bug(s)? That's to be appreciated by the maint pumpking. Vendors are of course encouraged to grab those patches. A new package of perl for mandrakelinux is already on its way to the mirrors, and an security advisory accordingly on BugTraq. > And finally, was this actually the buggy line of code for the overflow > or was it elsewhere? Yes. Actually only threaded perls were affected.
