On Sun, Oct 26, 2014 at 04:04:17PM -0600, Alexander Bluhm wrote: > CVSROOT: /cvs > Module name: src > Changes by: [email protected] 2014/10/26 16:04:17 > > Modified files: > gnu/usr.bin/perl: MANIFEST patchlevel.h > gnu/usr.bin/perl/dist/Data-Dumper: Dumper.pm Dumper.xs > Added files: > gnu/usr.bin/perl/dist/Data-Dumper/t: recurse.t > > Log message: > Fix a possibly infinite recursion in Perl Data::Dumper. > > Derived from Perl git commit http://perl5.git.perl.org/perl.git > 19be3be6968e2337bcdfe480693fff795ecd1304 > Add a configuration variable/option to limit recursion when dumping > deep data structures. > Defaults the limit to 1000, which can be reduced or increase, or > eliminated by setting it to 0. > This patch addresses CVE-2014-4330. This bug was found and > reported by: LSE Leading Security Experts GmbH employee Markus > Vervier. > > >From Maximilian Pascher; OK schwarze@ afresh1@
and OK millert@
