develooper Front page | perl.perl5.porters | Postings from April 2016

Re: [perl #123562] Regexp-matching "hangs" indefinitely on illegalinput using binmode :utf8 using 100%CPU

Thread Previous | Thread Next
From:
demerphq
Date:
April 23, 2016 06:25
Subject:
Re: [perl #123562] Regexp-matching "hangs" indefinitely on illegalinput using binmode :utf8 using 100%CPU
Message ID:
CANgJU+WcOLfZtOoe8Jp9xQPuazaSMXC5qxgDRf9N_C+tvRWo4A@mail.gmail.com
On 22 April 2016 at 12:19, Dominic Hargreaves via RT
<perlbug-followup@perl.org> wrote:
> On Wed Apr 20 05:04:56 2016, dom wrote:
>> This issue is being treated as a security issue by Debian; see
>>
>> http://www.openwall.com/lists/oss-security/2016/04/20/5
>>
>> If p5p agrees that this is a correct assessment (it seems so to me)
>> then it should be queued for 5.20.4, I presume?
>>
>> The Debian bug reporter has rebased the patch for 5.20, but I haven't
>> reviewed that:
>>
>> https://bugs.debian.org/821848
>
> This issue has been assigned CVE-2015-8853.

FYI: I pushed backport patches for Karls fix for 5.18.2 and 5.18.4

I can do other backports if needed.

Yves


-- 
perl -Mre=debug -e "/just|another|perl|hacker/"

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About