1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
=encoding utf8
=head1 NAME
perldelta - what is new for perl v5.24.4
=head1 DESCRIPTION
This document describes differences between the 5.24.3 release and the 5.24.4
release.
If you are upgrading from an earlier release such as 5.24.2, first read
L<perl5243delta>, which describes differences between 5.24.2 and 5.24.3.
=head1 Security
=head2 [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
A crafted regular expression could cause a heap buffer write overflow, with
control over the bytes written.
L<[perl #132227]|https://rt.perl.org/Public/Bug/Display.html?id=132227>
=head2 [CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
Matching a crafted locale dependent regular expression could cause a heap
buffer read overflow and potentially information disclosure.
L<[perl #132063]|https://rt.perl.org/Public/Bug/Display.html?id=132063>
=head2 [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
C<pack()> could cause a heap buffer write overflow with a large item count.
L<[perl #131844]|https://rt.perl.org/Public/Bug/Display.html?id=131844>
=head1 Incompatible Changes
There are no changes intentionally incompatible with 5.24.3. If any exist,
they are bugs, and we request that you submit a report. See L</Reporting
Bugs> below.
=head1 Modules and Pragmata
=head2 Updated Modules and Pragmata
=over 4
=item *
L<Module::CoreList> has been upgraded from version 5.20170922_24 to 5.20180414_24.
=back
=head1 Selected Bug Fixes
=over 4
=item *
The C<readpipe()> built-in function now checks at compile time that it has only
one parameter expression, and puts it in scalar context, thus ensuring that it
doesn't corrupt the stack at runtime.
L<[perl #4574]|https://rt.perl.org/Public/Bug/Display.html?id=4574>
=back
=head1 Acknowledgements
XXX Generate this with:
perl Porting/acknowledgements.pl v5.24.3..HEAD
=head1 Reporting Bugs
If you find what you think is a bug, you might check the articles recently
posted to the comp.lang.perl.misc newsgroup and the perl bug database at
L<https://rt.perl.org/> . There may also be information at
L<http://www.perl.org/> , the Perl Home Page.
If you believe you have an unreported bug, please run the L<perlbug> program
included with your release. Be sure to trim your bug down to a tiny but
sufficient test case. Your bug report, along with the output of C<perl -V>,
will be sent off to perlbug@perl.org to be analysed by the Perl porting team.
If the bug you are reporting has security implications which make it
inappropriate to send to a publicly archived mailing list, then see
L<perlsec/SECURITY VULNERABILITY CONTACT INFORMATION>
for details of how to report the issue.
=head1 SEE ALSO
The F<Changes> file for an explanation of how to view exhaustive details on
what changed.
The F<INSTALL> file for how to build Perl.
The F<README> file for general stuff.
The F<Artistic> and F<Copying> files for copyright information.
=cut
|