perl regex vulnerability - debian - pcre only?
paddy at panici.net
Tue Nov 6 17:10:46 GMT 2007
On Tue, Nov 06, 2007 at 12:59:29PM +0000, Mike Astle wrote:
> That don't look so good:
> "[...] discovered a flaw in Perl's regular
> expression engine. Specially crafted input to a regular expression can
> cause Perl to improperly allocate memory, resulting in the possible
> execution of arbitrary code with the permissions of the user running
> I only see new pcre3 packages for debian. Is this a problem with just
> pcre or perl itself?
is uninformative, but that is cve id that redhat and others are
(Apologies for the cross-post. please set follow-ups correctly
according to proportions of debian, security, perl, beer, buffy
and a pony. Thank you.)
More information about the london.pm