Product: Security Response
https://bugzilla.redhat.com/show_bug.cgi?id=884354
Vincent Danen <vdanen(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|perl: possible arbitrary |CVE-2012-6329 perl:
|code execution via |possible arbitrary code
|Locale::Maketext |execution via
| |Locale::Maketext
Alias| |CVE-2012-6329
--- Comment #6 from Vincent Danen <vdanen(a)redhat.com> ---
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-6329 to
the following vulnerability:
Name: CVE-2012-6329
URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
Assigned: 20121210
Reference:
http://sourceforge.net/mailarchive/message.php?msg_id=30219695
Reference:
http://openwall.com/lists/oss-security/2012/12/11/4
Reference:
http://code.activestate.com/lists/perl5-porters/187763/
Reference:
http://code.activestate.com/lists/perl5-porters/187746/
Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=884354
Reference:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224
Reference:
http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod
Reference:
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486a...
Reference:
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329
The _compile function in Maketext.pm in the Locale::Maketext
implementation in Perl before 5.17.7 does not properly handle
backslashes and fully qualified method names during compilation of
bracket notation, which allows context-dependent attackers to execute
arbitrary commands via crafted input to an application that accepts
translation strings from users, as demonstrated by the TWiki
application before 5.1.3, and the Foswiki application 1.0.x through
1.0.10 and 1.1.x through 1.1.6.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=DLUKWyOMfX&a=cc_unsubscribe