UbuntuUpdates.org

Package "perl-debug"

Name: perl-debug

Description:

debug-enabled Perl interpreter

Latest version: 5.30.0-9ubuntu0.2
Release: focal (20.04)
Level: security
Repository: main
Head package: perl
Homepage: http://dev.perl.org/perl5/

Links


Download "perl-debug"


Other versions of "perl-debug" in Focal

Repository Area Version
base main 5.30.0-9build1
updates main 5.30.0-9ubuntu0.2

Changelog

Version: 5.30.0-9ubuntu0.2 2020-10-26 12:06:53 UTC

  perl (5.30.0-9ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in regex compiler
    - debian/patches/fixes/CVE-2020-10543.patch: prevent integer overflow
      from nested regex quantifiers in regcomp.c.
    - CVE-2020-10543
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/fixes/CVE-2020-10878-1.patch: extract
      rck_elide_nothing in embed.fnc, embed.h, proto.h, regcomp.c.
    - debian/patches/fixes/CVE-2020-10878-2.patch: use long jumps if there
      is any possibility of overflow in regcomp.c.
    - CVE-2020-10878
  * SECURITY UPDATE: regex intermediate language state corruption
    - debian/patches/fixes/CVE-2020-12723.patch: avoid mutating regexp
      program within GOSUB in embed.fnc, embed.h, proto.h, regcomp.c,
      t/re/pat.t.
    - CVE-2020-12723

 -- Marc Deslauriers <email address hidden> Mon, 19 Oct 2020 06:56:54 -0400

CVE-2020-10543 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2020-10878 Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could l
CVE-2020-12723 regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.



About   -   Send Feedback to @ubuntu_updates