Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 483448 (CVE-2012-5195)

Summary: <dev-lang/perl-5.16.3 : Buffer overflow (CVE-2012-5195)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: perl
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 461898    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2013-09-03 01:44:17 UTC
CVE-2012-5195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5195):
  Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl
  5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows
  context-dependent attackers to cause a denial of service (memory consumption
  and crash) or possibly execute arbitrary code via the 'x' string repeat
  operator.


Looks like the only thing that needs stabilizing is 5.12.5. @maintainers: good to stabilize it?
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-09-03 11:32:44 UTC
we'll stabilize 5.16.3 ASAP. (bug 461898)
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-01-19 16:38:40 UTC
This issue was resolved and addressed in
 GLSA 201401-11 at http://security.gentoo.org/glsa/glsa-201401-11.xml
by GLSA coordinator Chris Reffett (creffett).