This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: Security advisory: perl (CVE-2005-3962)
On Thu, Dec 29, 2005 at 09:55:16AM +0100, Gerrit P. Haase wrote:
> Corinna schrieb:
>
> > On Dec 9 13:51, Yaakov S (Cygwin Ports) wrote:
> >> Gerrit,
> >>
> >> Perl is vulnerable to format string programming errors, that could be
> >> exploited to execute arbitrary code.
> >>
> >> Patch:
> >> http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/dev-lang/perl/files/perl-exp_intwrap.patch
>
> > Gerrit? Ping?
>
> Ah, yes. Will revisit this issue today.
The offical patch:
http://search.cpan.org/CPAN/authors/id/N/NW/NWCLARK/sprintf-5.8.7.patch
There were also a few subsequent patches to printf stuff, not directly
related to the above security advisory, and a fix to Sys::Syslog which
IIRC was.