diff options
author | Steve Hay <steve.m.hay@googlemail.com> | 2018-03-23 21:20:24 +0000 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2018-03-23 21:20:24 +0000 |
commit | afb642cf5a5d0b53d7bceb50b3a7f58cc9311d72 (patch) | |
tree | 2693e9f45e6cb8035297e2b16c290edf96597834 | |
parent | abe1e6c568b96bcb382dfa4f61c56d1ab001ea51 (diff) | |
download | perl-afb642cf5a5d0b53d7bceb50b3a7f58cc9311d72.tar.gz |
perldelta - Update security fixes section
-rw-r--r-- | pod/perldelta.pod | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 90629327de..f87ffbca3b 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -14,11 +14,22 @@ L<perl5261delta>, which describes differences between 5.26.0 and 5.26.1. =head1 Security -XXX Any security-related notices go here. In particular, any security -vulnerabilities closed should be noted here rather than in the -L</Selected Bug Fixes> section. +=head2 [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c) -[ List each security issue as a =head2 entry ] +A crafted regular expression could cause a heap buffer write overflow, with +control over the bytes written. +L<[perl #132227]|https://rt.perl.org/Public/Bug/Display.html?id=132227> + +=head2 [CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c) + +Matching a crafted locale dependent regular expression could cause a heap +buffer read overflow and potentially information disclosure. +L<[perl #132063]|https://rt.perl.org/Public/Bug/Display.html?id=132063> + +=head2 [CVE-2018-6913] heap-buffer-overflow in S_pack_rec + +C<pack()> could cause a heap buffer write overflow with a large item count. +L<[perl #131844]|https://rt.perl.org/Public/Bug/Display.html?id=131844> =head1 Incompatible Changes |