| Summary: | <=dev-lang/perl-5.10.1 DOS (CVE-2009-3626) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED LATER | ||
| Severity: | trivial | CC: | perl |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Stefan Behte (RETIRED)
2009-11-13 23:25:18 UTC
5.10.1 was fixed: | 27 Oct 2009; Torsten Veller <tove@gentoo.org> perl-5.10.1.ebuild: | Fix RT69973: disable non-unicode case insensitive trie matching (#290194) 5.8.8 is not vulerable. I only grepped for the CVE identifier and UTF. #290194 only lists dev-perl/HTML-Parser and has a different CVE; I didn't look into this too deeply...if I understood it correctly, you are 100% it's the same bug/already fixed? I'm just wondering about the different CVE numbers. (In reply to comment #2) > if I understood it correctly, you are 100% it's the same bug/already > fixed? I'm just wondering about the different CVE numbers. Jepp. Bug #290194 links the spamassassin bug which is about the HTML-Parser and the perl bug so both were fixed. *** This bug has been marked as a duplicate of bug 290194 *** 27 Oct 2009; Torsten Veller <tove@gentoo.org> perl-5.10.1.ebuild: Fix RT69973: disable non-unicode case insensitive trie matching (#290194) Changing the ebuild in place does not fix the vulnerability for users that have it installed. Please revbump. perl-5.10.1 is still package.mask'ed and i left a note on the tracker bug <https://bugs.gentoo.org/show_bug.cgi?id=280724#c1> to bump i when it gets unmasked. Ok, I was not aware it is p.masked. Sorry for the noise. |