perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominic Hargreaves <>
Subject perl/hash_attack.t fails with 5.10.1 + CVE-2013-1667 fix
Date Tue, 12 Mar 2013 23:51:07 GMT

When trying to fix this issue in Debian stable, I found that the
patch at

does not stop the test failing when applied to 2.0.4 (as currently
found in Debian stable) and built against the current perl package
in Debian stable (5.10 + the rehashing fix). t/logs/error_log simply says:

[Tue Mar 12 21:09:23 2013] [error] [client] Failed to mount the hash collision attack
at /home/dom/working/pkg-perl/git/libapache2-mod-perl2/t/response/TestPerl/
line 112, <fh00003Makefile> line 1.\n

This is the change:

which differs a bit from that applied to 5.14:

although interestingly both test changes are identical.

Help to pin down this difference in behaviour would be appreciated.

The source for the package in question is at;a=shortlog;h=refs/heads/dom/squeeze-702821


Dominic Hargreaves |
PGP key 5178E2A5 from (keyserver,web,email)

View raw message