oss-sec mailing list archives
CVE request:Perl bug #48156
From: Jonathan Smith <smithj () freethemallocs com>
Date: Sun, 20 Apr 2008 17:43:37 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Florian Weimer wrote: | Debian will release a security update for Perl bug #48156. This looks a | bit like a heap overflow in valgrind. I consider the DoS vector | important enough (which manifest on i386), so I haven't checked if it is | exploitable beyond that. | | This is just a heads-up, in case someone else wants to release an | update. The issue itself is already public (also via Debian bug | #454792). Thanks for the info. Since this is already public, I'm CCing oss-security. I've reproduced the crash on rPath Linux 2, with perl 5.8.8. On rPL 1, perl 5.8.7 does not crash, but valgrind shows overflows. So, we'll probably need a CVE. Steve? smithj -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkgL8UkACgkQCG91qXPaRek4EQCfQfem29oadZ+DVJoSK/Ti0weA //0AnRICT5rf/KGfvOfJ+bxDg69k6bDj =bTwa -----END PGP SIGNATURE-----
Current thread:
- CVE request:Perl bug #48156 Jonathan Smith (Apr 20)
- Re: CVE request:Perl bug #48156 Steven M. Christey (Apr 23)
- Re: CVE request:Perl bug #48156 Florian Weimer (Apr 24)
- Re: CVE request:Perl bug #48156 Steven M. Christey (Apr 23)