Re: [SECURITY] [DSA 2586-1] perl security update

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 2586-1] perl security update
From: Louise Bonadio <lb@vanguardsa.ch>
Date: Wed, 12 Dec 2012 08:24:28 +0000
Message-id: <[🔎] CCEDFDA4.222A3%lb@vanguardsa.ch>
In-reply-to: <87zk1kv1yq.fsf@mid.deneb.enyo.de>

Please remove gb@vanguardsa.ch from your list.

He no longer works for our company and his email inbox is readen only for
emergencies.

Regards,

Louise Bonadio

-----
Louise Bonadio
Chief Legal Officer

Vanguard SA
22, rue de l'Athénée
1206 Genève

TVA n° 724 090





Le 11.12.12 20:11, « Florian Weimer » <fw@deneb.enyo.de> a écrit :

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- 
>-------------------------------------------------------------------------
>Debian Security Advisory DSA-2586-1                   security@debian.org
>http://www.debian.org/security/
>December 11, 2012                      http://www.debian.org/security/faq
>- 
>-------------------------------------------------------------------------
>
>Package        : perl
>Vulnerability  : several
>Problem type   : remote
>Debian-specific: no
>CVE ID         : CVE-2012-5195 CVE-2012-5526
>Debian Bug     : 689314 693420 695223
>
>Two vulnerabilities were discovered in the implementation of the Perl
>programming language:
>
>CVE-2012-5195
>	The "x" operator could cause the Perl interpreter to crash
>	if very long strings were created.
>
>CVE-2012-5526
>	The CGI module does not properly escape LF characters
>	in the Set-Cookie and P3P headers.
>
>In addition, this update adds a warning to the Storable documentation
>that this package is not suitable for deserializing untrusted data.
>
>For the stable distribution (squeeze), these problems have been fixed in
>version 5.10.1-17squeeze4.
>
>For the unstable distribution (sid), these problems have been fixed in
>version 5.14.2-16.
>
>We recommend that you upgrade your perl packages.
>
>Further information about Debian Security Advisories, how to apply
>these updates to your system and frequently asked questions can be
>found at: http://www.debian.org/security/
>
>Mailing list: debian-security-announce@lists.debian.org
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.10 (GNU/Linux)
>
>iQEcBAEBAgAGBQJQx4YKAAoJEL97/wQC1SS+/VkIAIpSd3dfeM3O7ggbBmmhYTrW
>Ugj+6/U+re95NccRkev2cwMq15ZAD24IQWJC9ALs+zQp22kr3LTgUq7apviHLst2
>LNdBvZVx5YKYQMhScu92vRij/q5SJmvmIzfdZxLMiF+YJm+7rno/m75PSQA9qAB1
>LlhYHWX9ehLC2G6XLRs0HJl+ROaFmyxv1EC7MYqOk06VMoAsjN6u77L+A27lG0Hx
>CJYN7+4IDQO+Jd9nKMyPGQWE3XisbyOE/IJvytquRYgxVCD933Z4nLhz9RyTYL2k
>Zn12cAfgzxKhBjokIlfHwOQfrIKOBWA2OQSHaDJQQ1tAJ27ml2KyZZL2AiS9Lg0=
>=sJXD
>-----END PGP SIGNATURE-----
>
>
>-- 
>To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact
>listmaster@lists.debian.org
>Archive: http://lists.debian.org/87zk1kv1yq.fsf@mid.deneb.enyo.de
>

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2586-1] perl security update
  - From: georg@riseup.net

Prev by Date: Re: Profesyonel tasarım
Next by Date: Re: [SECURITY] [DSA 2586-1] perl security update
Previous by thread: Re: Profesyonel tasarım
Next by thread: Re: [SECURITY] [DSA 2586-1] perl security update
Index(es):
- Date
- Thread