diff options
author | Florian Ragwitz <rafl@debian.org> | 2011-09-05 13:43:50 +0200 |
---|---|---|
committer | Florian Ragwitz <rafl@debian.org> | 2011-09-05 14:00:57 +0200 |
commit | 2fb8701d0595f8b51f4c99fa8a7ad46e47e34b4e (patch) | |
tree | 8cc895d3506d7e140f354695ab616db5d7dda191 | |
parent | 2e8de60ec6c36c8169bd4264125ac5c519ce6920 (diff) | |
download | perl-2fb8701d0595f8b51f4c99fa8a7ad46e47e34b4e.tar.gz |
Perldelta for the CVE-2011-2939 fix
-rw-r--r-- | pod/perldelta.pod | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 0c5dbf2338..9ba515b57a 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -28,6 +28,11 @@ execution attacks. There are no known exploits in the wild. The problem has be corrected by explicitly disabling all unsupported flags and setting unused function pointers to null. Bug reported by Clément Lecigne. +=head2 C<Encode> decode_xs n-byte heap-overflow (CVE-2011-2939) + +A bug in C<Encode> could, on certain inputs, cause the heap to overflow. +This problem has been corrected. Bug reported by Robert Zacek. + =head1 Incompatible Changes There are no changes intentionally incompatible with 5.14.0. If any @@ -49,6 +54,12 @@ None =item * +L<Encode> has been upgraded from version 2.42 to 2.42_01. + +See L</Security>. + +=item * + L<File::Glob> has been upgraded from version 1.12 to version 1.13. See L</Security>. |