update: perl #1288
Labels
advisory/only-sdk
affects only Flatcar SDK
advisory
security advisory
cvss/HIGH
> 7 && < 9 assessed CVSS
security
security concerns
Comments
dongsupark
added
security
github-project-automation
bot
moved this to 📝 Needs Triage
in Flatcar tactical, release planning, and roadmap
dongsupark
moved this from 📝 Needs Triage
to 🪵Backlog
in Flatcar tactical, release planning, and roadmap
2 tasks
dongsupark
moved this from 🪵Backlog
to ⚒️ In Progress
in Flatcar tactical, release planning, and roadmap
github-project-automation
bot
moved this from ⚒️ In Progress
to Implemented
in Flatcar tactical, release planning, and roadmap
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Name: perl
CVEs: CVE-2023-47038
CVSSs: 7.8
Action Needed: update to >= 5.38.2
Summary:
A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can
cause a one-byte attacker controlled buffer overflow in a heap allocated buffer.
The 5.34.2, 5.36.2 and 5.38.1 releases were issued with fixes for these issues.
However, there were issues with those releases, as noted in the email at https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267365.html and thus versions 5.34.3, 5.36.3 and 5.38.2 were released to fix those issues: https://www.nntp.perl.org/group/perl.perl5.porters/2023/11/msg267400.html
refmap.gentoo: https://bugs.gentoo.org/918612
The text was updated successfully, but these errors were encountered: