Bug#582978: perl: safe.pm code injection vulnerability
Michael Gilbert
michael.s.gilbert at gmail.com
Tue May 25 00:36:39 UTC 2010
Package: perl
Version: 5.10.1-12
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for perl.
CVE-2010-1974[0]:
| Multiple unspecified vulnerabilities in the Safe (aka Safe.pm) module
| before 2.25 for Perl allow context-dependent attackers to inject and
| execute arbitrary code via vectors related to "automagic methods."
| NOTE: this might overlap CVE-2010-1169 or CVE-2010-1447.
The current version of perl in unstable has safe.pm 2.18, so that just
needs to be updated to version 2.25.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1974
http://security-tracker.debian.org/tracker/CVE-2010-1974
More information about the Perl-maintainers
mailing list