Debian has issued an advisory today (September 21): https://www.debian.org/security/2017/dsa-3982 Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to the registered maintainer.
Assignee: bugsquad => shlomifCC: (none) => marja11
Fedora has issued an advisory for this today (October 2): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UOKIACN6UTXROW3HWROMUCE52VWGRIHH/
According to https://metacpan.org/changes/distribution/perl these two issues were fixed in 5.26.1 which is now in cauldron. Setting the keywords accordingly.
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOVersion: Cauldron => 6
perl-5.22.3-3.1.mga6 submitted to 6 core/updates-testing - please test after it is built - http://pkgsubmit.mageia.org/ .
Thanks Shlomi. For Mageia 5, can you do anything about the issues in Bug 19051?
Built for this update: perl-5.20.1-8.7.mga5 perl-base-5.20.1-8.7.mga5 perl-devel-5.20.1-8.7.mga5 perl-doc-5.20.1-8.7.mga5 perl-5.22.3-3.1.mga6 perl-base-5.22.3-3.1.mga6 perl-devel-5.22.3-3.1.mga6 perl-doc-5.22.3-3.1.mga6 from SRPMS: perl-5.20.1-8.7.mga5.src.rpm perl-5.22.3-3.1.mga6.src.rpm
Shouldn't this bug be assigned to QA?
(In reply to Frédéric Buclin from comment #7) > Shouldn't this bug be assigned to QA? yes, it should be.
Shlomi, please see Comment 5.
Shlomi, it'd be great if you could help finish fixing the issues from Bug 19051.
Blocks: (none) => 19051
Mageia 5 will be handled in Bug 19051 (still waiting on fixes for some modules). Advisory: ======================== Updated perl packages fix security vulnerabilities: Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a remote attacker to cause a denial of service via a specially crafted regular expression with the case-insensitive modifier (CVE-2017-12837). Jakub Wilk reported a buffer over-read flaw in the regular expression parser, allowing a remote attacker to cause a denial of service or information leak (CVE-2017-12883). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883 https://www.debian.org/security/2017/dsa-3982 ======================== Updated packages in core/updates_testing: ======================== perl-5.22.3-3.1.mga6 perl-base-5.22.3-3.1.mga6 perl-devel-5.22.3-3.1.mga6 perl-doc-5.22.3-3.1.mga6 from perl-5.22.3-3.1.mga6.src.rpm
Assignee: shlomif => qa-bugsCC: (none) => shlomifWhiteboard: MGA5TOO => (none)
Just testing that packages like drakrpm still work. Validating the update.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA6-64-OK MGA6-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0049.html
Status: NEW => RESOLVEDResolution: (none) => FIXED