perl regex vulnerability - debian - pcre only?
jns at gellyfish.com
Tue Nov 6 13:25:49 GMT 2007
On Tue, 2007-11-06 at 12:59 +0000, Mike Astle wrote:
> That don't look so good:
> "[...] discovered a flaw in Perl's regular
> expression engine. Specially crafted input to a regular expression can
> cause Perl to improperly allocate memory, resulting in the possible
> execution of arbitrary code with the permissions of the user running
> I only see new pcre3 packages for debian. Is this a problem with just
> pcre or perl itself?
these are separate issues - pcre is a different code base. Also perl
5.8.0 is five years old now, but it would be typical of a software
packager to sit on the patches and not push them upstream.
This signature kills bloggers
More information about the london.pm