A weakness has been reported in the Convert::UUlib module for Perl, which can potentially be exploited by malicious people to potentially cause a DoS (Denial of Service) . The weakness is caused due to an off-by-one error in the "UURepairData()" function (uulib/uunconc.c) when handling a incomplete uuencoded string. This can be exploited to write a single NULL byte outside the bounds of a heap-based buffer in an application using the vulnerable library. The weakness is reported in versions prior to 1.34.
It seems like we should stabilize dev-perl/Convert-UUlib-1.340. Is that correct? If yes, please CC arches and add STABLEREQ keyword.
Correct.
Please stabilize =dev-perl/Convert-UUlib-1.340
ppc/ppc64 stable
amd64 done
x86 stable
alpha/arm/ia64/m68k/s390/sh/sparc stable
Stable for HPPA.
Thanks, folks. GLSA Vote: no.
GLSA Vote: no, closing noglsa.