code.ossystems Code Review - openembedded-core.git/commit

perl: fix for CVE-2010-4777

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0,
5.14.0, and other versions, when running with debugging enabled,
allows context-dependent attackers to cause a denial of service
(assertion failure and application exit) via crafted input that
is not properly handled when using certain regular expressions,
as demonstrated by causing SpamAssassin and OCSInventory to
crash.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777
(From OE-Core rev: 368df9f13ddf124e6aaaec06c02ab698c9e0b6c3)

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

author	yanjun.zhu <yanjun.zhu@windriver.com>
	Tue, 20 May 2014 01:27:47 +0000 (09:27 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 10 Oct 2014 14:05:52 +0000 (15:05 +0100)
commit	73aff6efb3374427234a3615ffca07874f22f3fa
tree	609f7f1acc7c9bfc60c57713541e4a729dc3d2ae	tree \| snapshot
parent	8b9164029153fa06520bd5b6349245c2ac1f605f	commit \| diff

meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/perl/perl-native_5.14.3.bb		diff \| blob \| history
meta/recipes-devtools/perl/perl_5.14.3.bb		diff \| blob \| history