Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Salvatore Bonaccorso <carnil <at> debian.org>
Subject: Bug#698174: perl: double-free in load subroutine for Digest::SHA
Newsgroups: gmane.linux.debian.devel.secure-testing.general
Date: Monday 14th January 2013 20:46:55 UTC (over 3 years ago)
Source: perl
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi

Upload of Digest::SHA 5.81 mentions the following:

5.81  Mon Jan 14 05:17:08 MST 2013
	- corrected load subroutine (SHA.pm) to prevent double-free
		-- Bug #82655: Security issue - segfault
		-- thanks to Victor Efimov and Nicholas Clark
			for technical expertise and suggestions

Upstream bugreport is [1] and it was also sent to
[email protected] list.

 [1]: https://rt.cpan.org/Ticket/Display.html?id=82655

Regards,
Salvatore

- -- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ9G61AAoJEHidbwV/2GP+pJ0QAJmEnr/5XhLS2tu5ag9B3pkH
haWpU9x0y40/bXyEVN0hdTiaoj+0kkJn+pvayg1kElMKF9mwfzwLkN4+K103yXm7
DK4Ys7Eewdlfewqo+7cjZXNAtKMUpkcgZOSvdNoqxkvn+GsnH1tCiMxVuYSInC1/
g+K23W1cfVRNtKfVhxX/tDPHj7z5r/rUg5q/XUJRKJSzHSTo/wHLAeTBLY3fxKUg
gTOZwDnf0SFMevOMHbRPAaDliz9pVWAES3R+sj+z9cNtXE1zfCTi9rHNiy/DUTEX
IGlzh2C2AuKY6/oocx/FjN0F0OJu1XfkeyN1zgG8kNl3KJ0jaSRY1HWmTn5RV7HZ
BPeqzl5DKMW/bBH4iMm08h5C6nyzOx99ZxJcRbWDbqsJguVB6QEibOn41TcF4HWZ
oAgsIwQYYAEjJP/H/3zoLGYh+s4e12lgyzITL0XU/6RgLUvneS4MO67W/eGQNBn+
yuiBX/ZMOuG18/l/oysrhfEZTZ76vBgWuekp4NtgOjt3t7ufjHB7/i/iUgpZh1Oj
zHLFJZvlmsxasNhNMykCFHgKjSvIPRhnd9a1Yoz9Z8Hcm3PbMy4ECfn8RnVLLzVl
ksE/89iTAbEFhCYezZuGI9r7QwO81tUbl6eMaA/INJ3sE2rTRzh7hPzbDQdweCSq
9UycAnYQXk8TLe36lpGE
=iEM4
-----END PGP SIGNATURE-----
 
CD: 2ms