Foresight: perl
Posted by Bill Keys   
Previous versions of the perl package contain a buffer overflow in the regular expression parsing code which could allow an attacker to execute arbitrary code via a program which uses perl to parse untrusted input as a regular expression.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0069-1
Published: 2007-11-11

Rating: Minor

Updated Versions:
   perl=/conary.rpath.com@rpl:devel//1/5.8.7-8.2-1
   group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.1-0.2-3

References:
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116

Description:
   Previous versions of the perl package contain a buffer overflow in the
   regular expression parsing code which could allow an attacker to execute
   arbitrary code via a program which uses perl to parse untrusted input as a
   regular expression.

   Foresight Linux does not include any such program by default.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iQIVAwUBRzfiXtfwEn07iAtZAQJZvBAAkyoO3qAWS0vWHBFkQgiCl9vf2The5zoW
5B++Z19q8v1QriFmCoa5FfaLrHHajxt5FzjA4gnxM25YBYrM98XTwj567woz62EX
dPxYsNaiR3+nKpnygPwRpbhO4s//KLvPlfGWG3Z37fTUigGcNJEerpFLu0io+ESK
qR8gG28zQV0mwvccY/r83KA+vx0mhG7zl9ZrsKzHc/W+dXLrnqxsBNnPtPz0Xvth
W2g40wrUJ267f8ZhWigrwxCquJg6X4XBUU2ge0PFveI+AySbxsYhxO8mBF41ZWS4
0yW+9f8X+2cVjiwTv6evShkAm0opW45dETOgL9mKXd0A30tDVXmqlEv2I3dQnWZO
fQ1rx+AdTVZ7ZTkrXJ1FvZHMzQ+nMbQOGLg/cuF4uEgnkBDr1qCkPxzM7VtsG5WG
IkAIPGqyGrdDfXVdu1hWf3VJYcMl98Ybp34xeWGz5nvO8myvbCZdzWoCcaIHKVsM
elgqAEgQQpZ96yIfjLZ9dVivE5sMOTdJQvuhDMunrtOZP3/o+kDNRWIrTIZjYiRg
/14fwuOeQxIHqvC1gKCdQFAZ+JcyzCD9ET71oAfXsc6RKTz4xAUrcdLEXbd2Ge2i
/+QBMeeGb+tCI+RqREVYuMrtLMap4A3aNPiH9EjFMeGBM7oExU9nmgD1kreEE0Rf
i5g5bQ987vM=
=p0Vt
-----END PGP SIGNATURE-----