Disclosing several CVEs

Front page | perl.perl5.porters | Postings from April 2018

From:

Sawyer X

Date:

April 14, 2018 14:11

Subject:

Disclosing several CVEs

Message ID:

d7fa2128-7df4-6efd-3b62-b874fd6492b5@gmail.com

Hi,

With the release of 5.24.4 and 5.26.2, I hereby moved the following
CVE-related RT tickets:

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.



I want to thank the reporters of the issues (for their discovery,
reporting, and patience), our vendors for their patience and support,
for the people who worked on resolving this issues, and the security team.

Sawyer X.

Disclosing several CVEs by Sawyer X

nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About