Re: perl regex vulnerability - debian - pcre only?

To: london.pm@london.pm.org
Cc: debian-security@lists.debian.org
Subject: Re: perl regex vulnerability - debian - pcre only?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 06 Nov 2007 21:12:03 +0100
Message-id: <[🔎] 87zlxrkub0.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 20071106171046.GA27934@localhost.localdomain> (paddy@panici.net's message of "Tue, 6 Nov 2007 17:10:46 +0000")
References: <47306531.8090107@lokku.com> <[🔎] 20071106171046.GA27934@localhost.localdomain>

> http://security-tracker.debian.net/tracker/CVE-2007-5116
>
> is uninformative, but that is cve id that redhat and others are
> referring to.

I've added some more information, including a link to the upstream patch
(whose essence applies cleanly to the versions in sarge and etch).

As a side effect of the problem described in

  <http://lists.debian.org/debian-devel-announce/2007/11/msg00001.html>

building security updates involves even more manual work than usual.  I
can't say for sure when we will release the update, I'm afraid, but I
hope it won't take much longer.

Reply to:

References:
- Re: perl regex vulnerability - debian - pcre only?
  - From: paddy@panici.net

Prev by Date: Re: perl regex vulnerability - debian - pcre only?
Next by Date: Oldrich Melski je mimo kancelář.
Previous by thread: Re: perl regex vulnerability - debian - pcre only?
Next by thread: Oldrich Melski je mimo kancelář.
Index(es):
- Date
- Thread