debian-security-announce June 2011 archive
Main Archive Page > Month Archives  > debian-security-announce archives
debian-security-announce: Re: [SECURITY] [DSA 2265-1] perl secur

Re: [SECURITY] [DSA 2265-1] perl security update

From: Junior Gamez Aguilera <junior.gamez_at_nospam>
Date: Wed Jun 22 2011 - 18:49:02 GMT

after applying this upgrade mailscanner stop working, it start to enter
in a continuous cicle of restart. please could you verify this?
I have to go back to previous version in order to put mailscanner to work.

El 20/06/2011 02:15 p.m., Florian Weimer escribió:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2265-1
> Florian Weimer
> June 20, 2011
> -------------------------------------------------------------------------
> Package : perl
> Vulnerability : lack of tainted flag propagation
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2011-1487
> Debian Bug : 622817
> Mark Martinec discovered that Perl incorrectly clears the tainted flag
> on values returned by case conversion functions such as "lc". This
> may expose preexisting vulnerabilities in applications which use these
> functions while processing untrusted input. No such applications are
> known at this stage. Such applications will cease to work when this
> security update is applied because taint checks are designed to
> prevent such unsafe use of untrusted input data.
> For the oldstable distribution (lenny), this problem has been fixed in
> version 5.10.0-19lenny4.
> For the stable distribution (squeeze), this problem has been fixed in
> version 5.10.1-17squeeze1.
> For the testing distribution (wheezy), this problem has been fixed in
> version <missing>.
> For the testing distribution (wheezy) and the unstable distribution
> (sid), this problem has been fixed in version 5.10.1-20.
> We recommend that you upgrade your perl packages.
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at:
> Mailing list:

-- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. -- To UNSUBSCRIBE, email to with a subject of "unsubscribe". Trouble? Contact Archive: