Perl CVE-2013-1667 Input Rehashing Denial of Service Vulnerability

Posted by tshearn on 2013-04-19 07:37

Does this apply to active perl 5.14.2.1402-MSWin32-x64-295342? I know that it applies to the more generic version of Perl 5.14.x. Will ActiveState release a product specific patch to address this issue?

grahams
ActiveState Staff
Mon, 2013-04-22 09:08

ActivePerl 5.14.4.1405 and 5.16.3.1603 were released 21-Mar-2013 with the patches for this CVE.

The problem is in core Perl. It is not patchable without moving to a newer Perl.