[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1102984: marked as done (unblock/preapproval: perl/5.40.1-3 CVE-2024-56406)

Your message dated Mon, 14 Apr 2025 05:27:15 +0000
with message-id <E1u4CLj-001qA0-2z@respighi.debian.org>
and subject line unblock perl
has caused the Debian Bug report #1102984,
regarding unblock/preapproval: perl/5.40.1-3 CVE-2024-56406
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1102984: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102984
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: perl@packages.debian.org, perl@packages.debian.org
Control: affects -1 + src:perl

Hi, please pre-approve the attached one line security fix for sid/trixie
for CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a
heap buffer overflow when transliterating non-ASCII bytes.

  https://lists.security.metacpan.org/cve-announce/msg/28708725/

A DSA update for bookworm is already uploaded and being processed by
the security team.

Thanks for your work,
-- 
Niko Tyni   ntyni@debian.org

diff -Nru perl-5.40.1/debian/changelog perl-5.40.1/debian/changelog
--- perl-5.40.1/debian/changelog	2025-02-16 17:16:32.000000000 +0200
+++ perl-5.40.1/debian/changelog	2025-04-12 18:34:34.000000000 +0300
@@ -1,3 +1,9 @@
+perl (5.40.1-3) unstable; urgency=high
+
+  * [SECURITY] CVE-2024-56406: Fix heap-buffer-overflow with tr//
+
+ -- Niko Tyni <ntyni@debian.org>  Sat, 12 Apr 2025 18:34:34 +0300
+
 perl (5.40.1-2) unstable; urgency=medium
 
   * Refresh cross support files with 5.40.1-1 results.
diff -Nru perl-5.40.1/debian/patches/fixes/CVE-2024-56406.diff perl-5.40.1/debian/patches/fixes/CVE-2024-56406.diff
--- perl-5.40.1/debian/patches/fixes/CVE-2024-56406.diff	1970-01-01 02:00:00.000000000 +0200
+++ perl-5.40.1/debian/patches/fixes/CVE-2024-56406.diff	2025-04-12 18:34:34.000000000 +0300
@@ -0,0 +1,31 @@
+From: Karl Williamson <khw@cpan.org>
+Date: Wed, 18 Dec 2024 18:25:29 -0700
+Subject: CVE-2024-56406: Heap-buffer-overflow with tr//
+
+This was due to underallocating needed space.  If the translation forces
+something to become UTF-8 that is initially bytes, that UTF-8 could
+now require two bytes where previously a single one would do.
+
+(cherry picked from commit f93109c8a6950aafbd7488d98e112552033a3686)
+
+commit 385e8759c3ff1e7f7f996bd4ea391074d61d48c1
+Author:     Karl Williamson <khw@cpan.org>
+AuthorDate: 2024-12-18 18:25:29 -0700
+Commit:     Steve Hay <steve.m.hay@googlemail.com>
+CommitDate: 2025-03-30 11:59:51 +0100
+---
+ op.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/op.c b/op.c
+index 3fc23ec..aeee88e 100644
+--- a/op.c
++++ b/op.c
+@@ -6649,6 +6649,7 @@ S_pmtrans(pTHX_ OP *o, OP *expr, OP *repl)
+                  * same time.  But otherwise one crosses before the other */
+                 if (t_cp < 256 && r_cp_end > 255 && r_cp != t_cp) {
+                     can_force_utf8 = TRUE;
++                    max_expansion = MAX(2, max_expansion);
+                 }
+             }
+ 
diff -Nru perl-5.40.1/debian/patches/series perl-5.40.1/debian/patches/series
--- perl-5.40.1/debian/patches/series	2025-01-19 00:25:46.000000000 +0200
+++ perl-5.40.1/debian/patches/series	2025-04-12 18:34:34.000000000 +0300
@@ -40,3 +40,4 @@
 debian/configure-regen.diff
 fixes/json-pp-options.diff
 fixes/test-harness-bailout.diff
+fixes/CVE-2024-56406.diff

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: