Front page | perl.perl5.porters |
Postings from February 2017
(this report covers two weeks)
I spent the majority of my time over the last two weeks going through
my security list inbox and administering and/or working on tickets in
the security queue. There's a lot of old cruft there, where for example it
had been decided it wasn't a security issue after all, or where an issue
had been fixed but a debate as to whether to packport had petered out,
and had now become moot.
There's quite a lot of tickets in the security queue due to fuzzing, where
if the fuzzer detects a use-after-free or buffer overrun for example, the
reporter submits it to the security queue rather than the normal queue.
Once examined, 95% of the time it will be found to be harmless or
non-exploitable, but until someone has assessed and fixed it, it lingers
as an open security ticket.
We're now down to 22 open tickets, and none still marked as new.
I closed about 6 tickets and furthered discussions on about 10 others
(mainly about whether its okay to close them).
2017/01/23
0:42 process p5p mailbox
0:36 RT #130617 Perl_rpeep: Assertion ....
0:55 RT #130621 Segfault in Perl_vwarner (util.c:2051)
3:21 RT #129285 Perl_gv_fullname4 assertion
2017/01/24
4:30 general housekeeping
2017/01/25
0:45 process p5p mailbox
2017/01/26
2:51 review security tickets
2017/01/27
1:09 process p5p mailbox
1:17 RT #130651] regcomp.c:6881 Assertion `expr' failed
2017/01/28
0:30 process p5p mailbox
# ----
2017/01/30
0:40 process p5p mailbox
1:19 RT #130661 perly.c:341: Perl_yyparse: Assertion failed
1:03 RT #130667 Perl_sv_clear Assertion `SvTYPE(sv) != ...
0:52 RT #130669 Perl_sv_2nv_flags: Assertion `SvTYPE(sv) != ...
0:49 RT #130648 S_pat_upgrade_to_utf8 Assertion ...
2017/01/31
0:35 process p5p mailbox
2017/02/01
1:33 process p5p mailbox
1:56 RT #130650 heap-use-after-free in S_free_codeblocks
2017/02/02
0:27 process p5p mailbox
5:17 review security tickets
2017/02/03
0:14 review security tickets
2:00 RT #130703 heap-buffer-overflow in Perl_pp_formline
2017/02/04
0:59 review security tickets
2:29 RT #130703 heap-buffer-overflow in Perl_pp_formline
SUMMARY:
3:21 RT #129285 Perl_gv_fullname4 assertion
0:36 RT #130617 Perl_rpeep: Assertion ....
0:55 RT #130621 Segfault in Perl_vwarner (util.c:2051)
0:49 RT #130648 S_pat_upgrade_to_utf8 Assertion ...
1:56 RT #130650 heap-use-after-free in S_free_codeblocks
1:17 RT #130651] regcomp.c:6881 Assertion `expr' failed
1:19 RT #130661 perly.c:341: Perl_yyparse: Assertion failed
1:03 RT #130667 Perl_sv_clear Assertion `SvTYPE(sv) != ...
0:52 RT #130669 Perl_sv_2nv_flags: Assertion `SvTYPE(sv) != ...
4:29 RT #130703 heap-buffer-overflow in Perl_pp_formline
4:30 general housekeeping
6:21 process p5p mailbox
9:21 review security tickets
------
36:49 TOTAL (HH::MM)
--
Diplomacy is telling someone to go to hell in such a way that they'll
look forward to the trip