Bug#582806: perl: CVE-2010-1974: multiple unspecified vulnerabilities in Safe
Niko Tyni
ntyni at debian.org
Sun May 23 19:58:05 UTC 2010
Package: perl
Version: 5.10.1-12
Severity: important
Tags: security
X-Debbugs-Cc: team at security.debian.org
Quoting http://security-tracker.debian.org/tracker/CVE-2010-1974 :
Multiple unspecified vulnerabilities in the Safe (aka Safe.pm) module
before 2.25 for Perl allow context-dependent attackers to inject and
execute arbitrary code via vectors related to "automagic methods." NOTE:
this might overlap CVE-2010-1169 or CVE-2010-1447.
The best description I'm aware of is at
http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html
I expect lenny is affected just as much as sid/squeeze. Not sure if we
need a DSA. Setting the severity to 'important' for now.
Please note that there's potential for regression: Safe-2.27 breaks at
least libpetal-perl, see #582805.
Security team, I'd love some help with this.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list