Overview

File _patchinfo of Package patchinfo.15355

<patchinfo incident="15355">
  <issue tracker="bnc" id="1171866">VUL-0: CVE-2020-12723: perl: corruption of the intermediate language state of a compiled regular expression</issue>
  <issue tracker="bnc" id="1171863">VUL-0: CVE-2020-10543: perl: heap buffer overflow in regular expression compiler which overwrites memory allocated with attacker's data</issue>
  <issue tracker="bnc" id="1172348">L3-Question: Perl warning: _FORTIFY_SOURCE requires compiling with optimization (-O)</issue>
  <issue tracker="bnc" id="1171864">VUL-0: CVE-2020-10878: perl: integer overflows may allow an attacker to  insert instructions into the compiled form of a Perl regular expression</issue>
  <issue tracker="cve" id="2020-10543"/>
  <issue tracker="cve" id="2020-12723"/>
  <issue tracker="cve" id="2020-10878"/>
  <packager>mlschroe</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for perl</summary>
  <description>This update for perl fixes the following issues:

- CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have 
  allowed overwriting of allocated memory with attacker's data (bsc#1171863).
- CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of 
  instructions into the compiled form of Perl regular expression (bsc#1171864).
- CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a 
  compiled regular expression (bsc#1171866).
- Fixed a bad warning in features.ph (bsc#1172348).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places