]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 4537185) | patch
perl: fix for CVE-2010-4777
authoryanjun.zhu <yanjun.zhu@windriver.com>
Tue, 20 May 2014 01:27:47 +0000 (09:27 +0800)
committerSaul Wold <sgw@linux.intel.com>
Fri, 23 May 2014 17:45:07 +0000 (10:45 -0700)
commit368df9f13ddf124e6aaaec06c02ab698c9e0b6c3
treeb2770d6226cc192a355280b3726fad6e9f3bdd5ctree | snapshot
parent45371858129bbad8f4cfb874e237374a5ba8db4ccommit | diff
perl: fix for CVE-2010-4777

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0,
5.14.0, and other versions, when running with debugging enabled,
allows context-dependent attackers to cause a denial of service
(assertion failure and application exit) via crafted input that
is not properly handled when using certain regular expressions,
as demonstrated by causing SpamAssassin and OCSInventory to
crash.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
meta/recipes-devtools/perl/perl-5.14.3/perl-5.14.3-fix-CVE-2010-4777.patch [new file with mode: 0644] blob
meta/recipes-devtools/perl/perl-native_5.14.3.bb diff | blob | history
meta/recipes-devtools/perl/perl_5.14.3.bb diff | blob | history
Mirror of the official openembedded-core repository