From ${URL} : A bug in perl can cause regular expressions an malformed UTF8 inputs to go into a forever loop and consume 100% CPU. The issue was found to drive a realworld web application into an infinite loop" The Upstream bugreport about this issue: https://rt.perl.org/Public/Bug/Display.html?id=123562 Upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5 (which e.g. has been as well cherry-picked back to the maint-5.22 branch). @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This is fixed in Perl 5.22.1. It makes no sense to stabilize 5.22.1 now, since 5.22.2 with more security fixes comes out in a few days. -> Let's wait for that.
(In reply to Andreas K. Hüttel from comment #1) > This is fixed in Perl 5.22.1. > > It makes no sense to stabilize 5.22.1 now, since 5.22.2 with more security > fixes comes out in a few days. -> Let's wait for that. Perl 5.22.2 was released today and is already available in Gentoo. Stabilization will be handled in bug 567482 after a testing period. Please wait for now; arches will be CC'ed in bug 567482 when we're ready to go ahead.
(In reply to Andreas K. Hüttel from comment #2) > (In reply to Andreas K. Hüttel from comment #1) > > This is fixed in Perl 5.22.1. > > > > It makes no sense to stabilize 5.22.1 now, since 5.22.2 with more security > > fixes comes out in a few days. -> Let's wait for that. > > Perl 5.22.2 was released today and is already available in Gentoo. > Stabilization will be handled in bug 567482 after a testing period. Please > wait for now; arches will be CC'ed in bug 567482 when we're ready to go > ahead. Perl 5.22.2 is ready for stabilization; please proceed in bug 567482. There you can find the full list of packages to be stabilized.
Added to existing GLSA.
This issue was resolved and addressed in GLSA 201701-75 at https://security.gentoo.org/glsa/201701-75 by GLSA coordinator Thomas Deutschmann (whissi).