Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
View Bug Activity | Format For Printing | XML | Clone This Bug
RedHat: A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl. (CVE-2007-5116) https://rhn.redhat.com/errata/RHSA-2007-0966.html
Perl, please advise. A patch can be found at URL, I don't know the upstream status of it.
Perl, please advise.
We are aware of it, however there's no status upstream yet. I'll handle it anyway =)
What's the status here?
- still nothing upstream - I have an ebuild ready to be released but I'm waiting for some feedback from the security team :)
patch commited in perl-5.8.8-r3
Thanks Antoine. Arches, please test and mark stable perl-5.8.8-r3. Target keywords: "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
Stable for sparc. All tests run cleanly, autotools work, ....
Stable for HPPA.
Tested on amd64, please mark stable Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.19-rc1-git3 x86_64) ================================================================= System uname: 2.6.19-rc1-git3 x86_64 AMD Opteron(tm) Processor 842 Timestamp of tree: Tue, 13 Nov 2007 00:02:01 +0000 app-shells/bash: 3.2_p17 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.61-r1 sys-devel/automake: 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=opteron -O2 -fomit-frame-pointer -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=opteron -O2 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer multilib-strict sandbox sfperms strict test unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl amd64 berkdb bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm iconv ipv6 isdnlog midi mmx mudflap ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session spl sse sse2 ssl tcpd test truetype-fonts type1-fonts unicode vim-syntax xorg zlib zsh-completion" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i810 mach64 mga neomagic nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
x86 stable
alpha/ia64 stable
ppc64 stable
ppc stable
amd64 done...
request filed.
Back to ebuild, this patch broke the thing on any 64bit arch (Bug 199518) 18 Nov 2007; <solar@gentoo.org> -files/perl-5.8.8-lib64.patch, +files/perl-5.8.8-libbits.patch, perl-5.8.8-r2.ebuild, perl-5.8.8-r3.ebuild: - fixed the lib64 patch that was breaking on amd64 32ul.
Revbump to -r4 to clean up the mess in bug #199518 (see suggestion in comment 22).
(In reply to comment #18) > Revbump to -r4 to clean up the mess in bug #199518 (see suggestion in comment > 22). Is that our target to be stabled?
(In reply to comment #19) > Is that our target to be stabled? Yes. -r4 is what -r3 was before the mess introduced by the patch in the bug mentioned above.
Ah, it's already stable. Thanks.
GLSA 200711-28, sorry for the delay.
Does not affect current (2008.0) release. Removing release.
