diff options
author | Steve Hay <steve.m.hay@googlemail.com> | 2017-09-10 13:18:50 +0100 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2017-09-10 14:13:34 +0100 |
commit | 8e3611893e41b8448eab2b9994ff770afc8398a3 (patch) | |
tree | cb12a7fbce0e7b153418588e9d55e528b9abf11f | |
parent | 205f8363fb14aa2b2995fd16da66583bd6b47f4f (diff) | |
download | perl-8e3611893e41b8448eab2b9994ff770afc8398a3.tar.gz |
perldelta for 96c83ed78a, 2be4edede4 and 8586647e33
(cherry picked from commit d1107db027ad52d2f50e348218625a8e122ca9eb)
-rw-r--r-- | pod/perldelta.pod | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 5afd79ea00..ea92d294d1 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -20,6 +20,26 @@ L</Selected Bug Fixes> section. [ List each security issue as a =head2 entry ] +=head2 [CVE-2017-12837] Heap buffer overflow in regular expression compiler + +Compiling certain regular expression patterns with the case-insensitive +modifier could cause a heap buffer overflow and crash perl. This has now been +fixed. +L<[perl #131582]|https://rt.perl.org/Public/Bug/Display.html?id=131582> + +=head2 [CVE-2017-12883] Buffer over-read in regular expression parser + +For certain types of syntax error in a regular expression pattern, the error +message could either contain the contents of a random, possibly large, chunk of +memory, or could crash perl. This has now been fixed. +L<[perl #131598]|https://rt.perl.org/Public/Bug/Display.html?id=131598> + +=head2 [CVE-2017-12814] C<$ENV{$key}> stack buffer overflow on Windows + +A possible stack buffer overflow in the C<%ENV> code on Windows has been fixed +by removing the buffer completely since it was superfluous anyway. +L<[perl #131665]|https://rt.perl.org/Public/Bug/Display.html?id=131665> + =head1 Incompatible Changes There are no changes intentionally incompatible with 5.24.2. If any exist, |