Bug#690178: unblock: perl/5.14.2-14

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#690178: unblock: perl/5.14.2-14
From: Niko Tyni <ntyni@debian.org>
Date: Wed, 10 Oct 2012 22:29:32 +0300
Message-id: <[🔎] 20121010192932.25985.1127.reportbug@madeleine.local.invalid>
Reply-to: Niko Tyni <ntyni@debian.org>, 690178@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package perl

It contains a minimal security fix for CVE-2012-5195.

We'll address the other open RC bug (#688842) once this is in,
I wanted to handle the urgency=high thing first.

diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog
--- perl-5.14.2/debian/changelog	2012-09-07 01:36:13.000000000 +0300
+++ perl-5.14.2/debian/changelog	2012-10-10 21:17:40.000000000 +0300
@@ -1,3 +1,10 @@
+perl (5.14.2-14) unstable; urgency=high
+
+  * [SECURITY] CVE-2012-5195: fix a heap buffer overrun with
+    the 'x' string repeat operator. (Closes: #689314)
+
+ -- Niko Tyni <ntyni@debian.org>  Wed, 10 Oct 2012 21:17:36 +0300
+
 perl (5.14.2-13) unstable; urgency=low
 
   * Apply patch fixing IPC::Open3 when command is '-' (Closes: #683894)
diff -Nru perl-5.14.2/debian/patches/fixes/string_repeat_overrun.diff perl-5.14.2/debian/patches/fixes/string_repeat_overrun.diff
--- perl-5.14.2/debian/patches/fixes/string_repeat_overrun.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.14.2/debian/patches/fixes/string_repeat_overrun.diff	2012-10-10 21:16:46.000000000 +0300
@@ -0,0 +1,35 @@
+From a62ad82c162c6e8152d22f237baa809caac15e6f Mon Sep 17 00:00:00 2001
+From: Andy Dougherty <doughera@lafayette.edu>
+Date: Thu, 27 Sep 2012 09:52:18 -0400
+Subject: avoid calling memset with a negative count
+
+Poorly written perl code that allows an attacker to specify the count to
+perl's 'x' string repeat operator can already cause a memory exhaustion
+denial-of-service attack. A flaw in versions of perl before 5.15.5 can
+escalate that into a heap buffer overrun; coupled with versions of glibc
+before 2.16, it possibly allows the execution of arbitrary code.
+
+The flaw addressed to this commit has been assigned identifier
+CVE-2012-5195.
+
+Origin: upstream, http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
+Bug-Debian: http://bugs.debian.org/689314
+Patch-Name: fixes/string_repeat_overrun.diff
+---
+ util.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/util.c b/util.c
+index 0ea39c6..230211e 100644
+--- a/util.c
++++ b/util.c
+@@ -3319,6 +3319,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I
+ {
+     PERL_ARGS_ASSERT_REPEATCPY;
+ 
++    if (count < 0)
++	Perl_croak_nocontext("%s",PL_memory_wrap);
++
+     if (len == 1)
+ 	memset(to, *from, count);
+     else if (count) {
diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series
--- perl-5.14.2/debian/patches/series	2012-09-07 01:36:17.000000000 +0300
+++ perl-5.14.2/debian/patches/series	2012-10-10 21:16:46.000000000 +0300
@@ -60,3 +60,4 @@
 debian/perl5db-x-terminal-emulator.patch
 fixes/socket_cache_propagate.diff
 fixes/ipc_open3.diff
+fixes/string_repeat_overrun.diff


unblock perl/5.14.2-14

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Follow-Ups:
- Bug#690178: marked as done (unblock: perl/5.14.2-14)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Bug#629125: New version 0.29-1 of ensymble (fixes: #616799, #629125)
Next by Date: Bug#685752: unblock: live-tools/3.0.9-1
Previous by thread: Re: Request for update of package capi4hylafax (with debdiff)
Next by thread: Bug#690178: marked as done (unblock: perl/5.14.2-14)
Index(es):
- Date
- Thread