Debian alert DLA-1601-1 (perl)

From: Emilio Pozuelo Monfort <pochu@debian.org> To: debian-lts-announce@lists.debian.org Subject: [SECURITY] [DLA 1601-1] perl security update Date: Fri, 30 Nov 2018 16:10:04 +0100 Message-ID: <9d352d13-4640-fd7c-7e03-310ca5d3e097@debian.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : perl Version : 5.20.2-3+deb8u12 CVE ID : CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv leading to a heap-based buffer overflow with attacker-controlled input. For Debian 8 "Jessie", this problem has been fixed in version 5.20.2-3+deb8u12. We recommend that you upgrade your perl packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlwBUsgACgkQnUbEiOQ2 gwIf2w/9G932X/2dDd4h4zqnEg4ccJnjEdAYYn8fmnEXnnAdTxT8UvUIcjCP22Ck Vj7iXOSzcMwe+5soFOV26xZiCI4mI+pfrUme+auR95ITvw9UY8vFoRhQYSLT14qK RTcE3govwcKSJ7nf53fIx9xAgoSUmhJBSepFUlY+4ZttDISvIYAUlTQ8HxYzRPsz cgnK4Df5KKCR+okx9p2QraXqvb+LWzruLUba5qcLN5GnPS2M610BaeEyuZ8p0wy2 WTX0jKUhVtBq4WdumidGf3g5LoUed1uhfRBJXsfCLj0hiS+bTyhganc1GEJSGXqv 1fEgrhPkRX3ozMX6xZOfkHe+hggZe7RVTZeGAvym5WvlLt72u75NLwWhz+oGutGN JeAvPCG3cULL0xHMORMfMKmso1zvhMWqpbtgVTxlIfxEbPD+iVrNvrgH5y6vXrVb bWM2fkCZBljwLAUWBSIAZYr/LND95F6fGwFWEr73tcpjOgAQzPp9YuW+wsEwQuLN JDqGobQs4lzgig6BnGUDccvBryVyyFdZhZfyTpv2edFPlDvZ0r7M2TJ7zNDTZ7UU WQXDugQdD0wjnamF7WnihtUkZujZkj0WUp+D4J4+VaN2TbdFreys1VQ3pluIcnUm 54WlBWcFc9orDCAac85HVgJtzDk1Pl5WC/Wp+51gtszvY7lVqcY= =hM7Q -----END PGP SIGNATURE-----