diff options
author | David Mitchell <davem@iabyn.com> | 2013-03-03 20:28:01 +0000 |
---|---|---|
committer | David Mitchell <davem@iabyn.com> | 2013-03-03 20:28:01 +0000 |
commit | ccc1261f04a369b34ff7c08841c19f7db9d7166e (patch) | |
tree | c1e5d7ba66bba1b8eaebb3fac9ddb666a73ae524 | |
parent | 78c29bba6adca113363434fac1ad2dc15f32aa8b (diff) | |
download | perl-ccc1261f04a369b34ff7c08841c19f7db9d7166e.tar.gz |
update perldelta with previous two cherrypicks
-rw-r--r-- | pod/perldelta.pod | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index c3e7ca5871..2bfb698987 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -23,9 +23,17 @@ No changes since 5.14.0. =head1 Security -This release contains a number of minor security fixes. These are -included mainly to allow the test suite to pass cleanly with the clang -compiler's address sanitizer facility. +This release contains one major and a number of minor security fixes. +These latter are included mainly to allow the test suite to pass cleanly +with the clang compiler's address sanitizer facility. + +=head2 CVE-2013-1667: memory exhaustion with arbitrary hash keys + +With a carefully crafted set of hash keys (for example arguments on a +URL), it is possible to cause a hash to consume a large amount of memory +and CPU, and thus possibly to achieve a Denial-of-Service. + +This problem has been fixed. =head2 [perl #111594] Socket::unpack_sockaddr_un heap-buffer-overflow @@ -62,6 +70,13 @@ an assignment, could crash. Fairly harmless. This problem has been fixed. +=head2 wrap-around with IO on long strings + +Reading or writing strings greater than 2**31 bytes in size could segfault +due to integer wraparound. + +This problem has been fixed. + =head1 Incompatible Changes There are no changes intentionally incompatible with 5.14.0. If any |