Re: maint-5.14, maint-5.12: speak now or forever...

From: Niko Tyni <nty...@debian.org>

Thu, 8 Mar 2012 21:29:51 +0200

On Tue, Mar 06, 2012 at 10:46:01AM -0500, Ricardo Signes wrote:

> So:  if you (whether you are a committer or not!) know of some> significant bug that exists in a maintenance branch, and that could be> fixed by the application of fixes from a later branch, I implore you to> make noise.

Digest-1.16 in 5.14.2 and 5.12.4 has an exploitable eval in its new() method,
labelled as CVE-2011-3597, fixed in Digest by
 https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
and in blead by commit a2fa999d41c94d622051667d897fedca90be1828 .

See https://rt.cpan.org/Public/Bug/Display.html?id=71390

use Digest; my $input = q{MD;5;print qq[I own you\n]}; Digest->new($input);
-- 
Niko Tyni   nty...@debian.org

Recent Messages in this Thread
maint-5.14, maint-5.12: speak now or forever...	Ricardo Signes	Mar 06, 2012 03:46 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Todd Rinaldo	Mar 06, 2012 04:03 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Robin Barker	Mar 06, 2012 08:45 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Salvador Fandino	Mar 07, 2012 09:17 am
Re: maint-5.14, maint-5.12: speak now or forever...	Ævar Arnfjörð Bjarmason	Mar 07, 2012 09:40 pm
RE: maint-5.14, maint-5.12: speak now or forever...	Jan Dubois	Mar 07, 2012 09:50 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Ævar Arnfjörð Bjarmason	Mar 07, 2012 10:00 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Reini Urban	Mar 08, 2012 03:53 am
Re: maint-5.14, maint-5.12: speak now or forever...	Rafael Garcia-Suarez	Mar 08, 2012 02:10 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Anders Melchiorsen	Mar 08, 2012 07:07 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Niko Tyni	Mar 08, 2012 07:29 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Dominic Hargreaves	Mar 16, 2012 10:23 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Tom Hukins	Mar 16, 2012 03:03 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Steffen Mueller	Mar 16, 2012 09:56 pm
Re: maint-5.14, maint-5.12: speak now or forever...	Nicholas Clark	Mar 17, 2012 08:41 am
Re: maint-5.14, maint-5.12: speak now or forever...	Ricardo Signes	Mar 06, 2012 07:40 pm

◄ Messages in this thread ►

Previous post: Re: maint-5.14, maint-5.12: speak now or forever...

Next post: pop @INC (".")

Subscribe to the perl5-porters RSS feed

Accounts

List Archives

Feedback & Information

ActiveState

© 2019 ActiveState Software Inc. All rights reserved. ActiveState®, Komodo®, ActiveState Perl Dev Kit®, ActiveState Tcl Dev Kit®, ActivePerl®, ActivePython®, and ActiveTcl® are registered trademarks of ActiveState. All other marks are property of their respective owners.