develooper Front page | perl.perl5.porters | Postings from April 2018

Disclosing several CVEs

Sawyer X
April 14, 2018 14:11
Disclosing several CVEs
Message ID:

With the release of 5.24.4 and 5.26.2, I hereby moved the following
CVE-related RT tickets:

* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec

Reported by GwanYeong Kim, fixed by Tony Cook.

* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)

Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.

* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)

Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.

I want to thank the reporters of the issues (for their discovery,
reporting, and patience), our vendors for their patience and support,
for the people who worked on resolving this issues, and the security team.

Sawyer X. Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About