Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 483448 (CVE-2012-5195) - <dev-lang/perl-5.16.3 : Buffer overflow (CVE-2012-5195)
Summary: <dev-lang/perl-5.16.3 : Buffer overflow (CVE-2012-5195)
Status: RESOLVED FIXED
Alias: CVE-2012-5195
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on: 461898
Blocks:
  Show dependency tree
 
Reported: 2013-09-03 01:44 UTC by GLSAMaker/CVETool Bot
Modified: 2014-01-19 16:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2013-09-03 01:44:17 UTC
CVE-2012-5195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5195):
  Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl
  5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows
  context-dependent attackers to cause a denial of service (memory consumption
  and crash) or possibly execute arbitrary code via the 'x' string repeat
  operator.


Looks like the only thing that needs stabilizing is 5.12.5. @maintainers: good to stabilize it?
Comment 1 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2013-09-03 11:32:44 UTC
we'll stabilize 5.16.3 ASAP. (bug 461898)
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-01-19 16:38:40 UTC
This issue was resolved and addressed in
 GLSA 201401-11 at http://security.gentoo.org/glsa/glsa-201401-11.xml
by GLSA coordinator Chris Reffett (creffett).