'[oss-security] CVE-2009-3626 assigment notification - Perl - perl-5.10.1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2009-3626 assigment notification - Perl - perl-5.10.1
From:       Jan Lieskovsky <jlieskov () redhat ! com>
Date:       2009-10-23 18:51:34
Message-ID: 4AE1FB36.1030909 () redhat ! com
[Download RAW message or body]

Hello Steve, vendors,

   Mark Martinec reported Perl crash while processing utf-8 character
with large and invalid codepoint.

References:
----------
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 (original source)
http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 (perl bug)
http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/ (PoC)

Affected versions:
------------------
Have checked Perl of versions perl-5.8.0, perl-5.8.5, perl-5.8.8, perl-5.10.0
is not vulnerable to this flaw.

Issue was confirmed in Perl of version perl-5.10.1, as available at:

http://www.cpan.org/src/perl-5.10.1.tar.gz

CVE identifier:
---------------
CVE identifier of CVE-2009-3626 has been already assigned to this issue.

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic