Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to
cause a denial of service (memory corruption and crash) via a crafted regular
expression containing UTF8 characters. NOTE: this issue might only be
present on certain operating systems.
See the Debian bug for details, patch is in the 5.8 stable branch and to be released as 5.8.9.
(In reply to comment #1)
> See the Debian bug for details, patch is in the 5.8 stable branch and to be
> released as 5.8.9.
I've commited patched ebuilds for perl and libperl:
I've used the patch from debian and tested with:
(In reply to comment #2)
> (In reply to comment #1)
> > See the Debian bug for details, patch is in the 5.8 stable branch and to be
> > released as 5.8.9.
*pong* -- see comment #3
(In reply to comment #3)
> I've commited patched ebuilds for perl and libperl:
Arches, please test and mark stable.
Target "alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 release s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd
t/op/filetest.............................Can't locate Config_heavy.pl in @INC (@INC
contains: ../lib) at ../lib/Config.pm line 66.
# Looks like you planned 10 tests but ran 5.
FAILED--expected 10 tests, saw 5
Nevertheless, both stable for HPPA.
Sparc stable for both. All tests seem good on sparc.
glsa request filed
Fixed in release snapshot.
not quite fixed ;-)