Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 20 Apr 2008 17:43:37 -0800
From: Jonathan Smith <>
To: "Steven M. Christey" <>
CC: Florian Weimer <>,,
Subject: CVE request:Perl bug #48156

Hash: SHA1

Florian Weimer wrote:
| Debian will release a security update for Perl bug #48156.  This looks a
| bit like a heap overflow in valgrind.  I consider the DoS vector
| important enough (which manifest on i386), so I haven't checked if it is
| exploitable beyond that.
| This is just a heads-up, in case someone else wants to release an
| update.  The issue itself is already public (also via Debian bug
| #454792).

Thanks for the info. Since this is already public, I'm CCing oss-security.

I've reproduced the crash on rPath Linux 2, with perl 5.8.8. On rPL 1,
perl 5.8.7 does not crash, but valgrind shows overflows.

So, we'll probably need a CVE. Steve?


Version: GnuPG v2.0.9 (GNU/Linux)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.