perl regex vulnerability - debian - pcre only?
Mike Astle
astle at lokku.com
Tue Nov 6 12:59:29 GMT 2007
That don't look so good:
----
"[...] discovered a flaw in Perl's regular
expression engine. Specially crafted input to a regular expression can
cause Perl to improperly allocate memory, resulting in the possible
execution of arbitrary code with the permissions of the user running
Perl."
https://rhn.redhat.com/errata/RHSA-2007-0966.html
Also...
http://www.debian.org/security/2007/dsa-1399
----
I only see new pcre3 packages for debian. Is this a problem with just
pcre or perl itself?
-mike
More information about the london.pm
mailing list