oss-sec mailing list archives
CVE-2009-3626 assigment notification - Perl - perl-5.10.1
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 23 Oct 2009 20:51:34 +0200
Hello Steve, vendors, Mark Martinec reported Perl crash while processing utf-8 character with large and invalid codepoint. References: ---------- https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 (original source) http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 (perl bug) http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/ (PoC) Affected versions: ------------------ Have checked Perl of versions perl-5.8.0, perl-5.8.5, perl-5.8.8, perl-5.10.0 is not vulnerable to this flaw. Issue was confirmed in Perl of version perl-5.10.1, as available at: http://www.cpan.org/src/perl-5.10.1.tar.gz CVE identifier: --------------- CVE identifier of CVE-2009-3626 has been already assigned to this issue. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE-2009-3626 assigment notification - Perl - perl-5.10.1 Jan Lieskovsky (Oct 23)