Summary: | <dev-lang/perl-5.16.3, <perl-core/locale-maketext-1.230.0: Two Code Injection Vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Torsten Veller (RETIRED) <tove> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | perl |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/51498/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 461898 | ||
Bug Blocks: |
Description
Torsten Veller (RETIRED)
2012-12-26 08:25:32 UTC
So this affects <perl-core/locale-maketext-1.230.0. I don't understand all of the perl module virtualization stuff, so @perl team: does this affect dev-lang/perl's built-in locale-maketext, or does it affect the older versions of the core package as well? *ping* perl team, need info here. (In reply to Chris Reffett from comment #2) > *ping* perl team, need info here. Looks like this affected to perl distribution. But which versions? (In reply to Chris Reffett from comment #4) > But which versions? <5.17.7. this bug related to CVE-2012-6329 This patch already backported in perl-5.16.3 @security, please vote. added to existing glsa draft. This issue was resolved and addressed in GLSA 201401-11 at http://security.gentoo.org/glsa/glsa-201401-11.xml by GLSA coordinator Chris Reffett (creffett). |