Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 448632 - <dev-lang/perl-5.16.3, <perl-core/locale-maketext-1.230.0: Two Code Injection Vulnerabilities
Summary: <dev-lang/perl-5.16.3, <perl-core/locale-maketext-1.230.0: Two Code Injection...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/51498/
Whiteboard: B3 [glsa]
Keywords:
Depends on: 461898
Blocks:
  Show dependency tree
 
Reported: 2012-12-26 08:25 UTC by Torsten Veller (RETIRED)
Modified: 2014-01-19 16:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Torsten Veller (RETIRED) gentoo-dev 2012-12-26 08:25:32 UTC
+++ This bug was initially created as a clone of Bug #446376 +++

http://perl5.git.perl.org/perl.git/commitdiff/1735f6f53ca19f99c6e9e39496c486af323ba6a8?hp=569ba91fcdabdc53eb4284f860a25273bd7fe4e1
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-07-07 16:50:06 UTC
So this affects <perl-core/locale-maketext-1.230.0. I don't understand all of the perl module virtualization stuff, so @perl team: does this affect dev-lang/perl's built-in locale-maketext, or does it affect the older versions of the core package as well?
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-31 21:53:36 UTC
*ping* perl team, need info here.
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-08-31 22:23:54 UTC
(In reply to Chris Reffett from comment #2)
> *ping* perl team, need info here.

Looks like this affected to perl distribution.
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 01:42:32 UTC
But which versions?
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-11-24 15:59:17 UTC
(In reply to Chris Reffett from comment #4)
> But which versions?

<5.17.7.

this bug related to CVE-2012-6329
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-12-09 11:37:59 UTC
This patch already backported in perl-5.16.3
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-12-19 14:55:28 UTC
@security, please vote.
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-12-19 15:09:18 UTC
added to existing glsa draft.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2014-01-19 16:38:33 UTC
This issue was resolved and addressed in
 GLSA 201401-11 at http://security.gentoo.org/glsa/glsa-201401-11.xml
by GLSA coordinator Chris Reffett (creffett).