CVE-2008-1927 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1927): Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
See the Debian bug for details, patch is in the 5.8 stable branch and to be released as 5.8.9.
(In reply to comment #1) > See the Debian bug for details, patch is in the 5.8 stable branch and to be > released as 5.8.9. > *ping*
I've commited patched ebuilds for perl and libperl: =dev-lang/perl-5.8.8-r5 =sys-devel/libperl-5.8.8-r2 I've used the patch from debian and tested with: <http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=test.pl;att=2;bug=454792>
(In reply to comment #2) > (In reply to comment #1) > > See the Debian bug for details, patch is in the 5.8 stable branch and to be > > released as 5.8.9. > > > > *ping* *pong* -- see comment #3
(In reply to comment #3) > I've commited patched ebuilds for perl and libperl: > > =dev-lang/perl-5.8.8-r5 > =sys-devel/libperl-5.8.8-r2 > Arches, please test and mark stable. Target "alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 release s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd
t/op/filetest.............................Can't locate Config_heavy.pl in @INC (@INC contains: ../lib) at ../lib/Config.pm line 66. # Looks like you planned 10 tests but ran 5. FAILED--expected 10 tests, saw 5 Nevertheless, both stable for HPPA.
Sparc stable for both. All tests seem good on sparc.
ppc64 stable
x86 stable
amd64 stable
alpha/ia64 stable
ppc stable
glsa request filed
Fixed in release snapshot.
not quite fixed ;-)
GLSA 200805-17