[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2009-3626 assigment notification - Perl - perl-5.10.1
From: Jan Lieskovsky <jlieskov () redhat ! com>
Date: 2009-10-23 18:51:34
Message-ID: 4AE1FB36.1030909 () redhat ! com
[Download RAW message or body]
Hello Steve, vendors,
Mark Martinec reported Perl crash while processing utf-8 character
with large and invalid codepoint.
References:
----------
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 (original source)
http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 (perl bug)
http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/ (PoC)
Affected versions:
------------------
Have checked Perl of versions perl-5.8.0, perl-5.8.5, perl-5.8.8, perl-5.10.0
is not vulnerable to this flaw.
Issue was confirmed in Perl of version perl-5.10.1, as available at:
http://www.cpan.org/src/perl-5.10.1.tar.gz
CVE identifier:
---------------
CVE identifier of CVE-2009-3626 has been already assigned to this issue.
Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic