Bug#721102: perl-modules: CVE-2013-1437 Module::Metadata doc issue
Dominic Hargreaves
dom at earth.li
Tue Aug 27 23:24:59 UTC 2013
Package: perl-modules
Version: 5.14.2-21
Severity: important
Tags: fixed-upstream
This CVE relates to the fact that Module::Metadata docs imply that
the module being analyzed isn't executed, but to get the version
number code execution does happen. The same issue should be fixed
in the separate Module::Metadata package.
Fixed in sid in
http://anonscm.debian.org/gitweb/?p=perl/perl.git;a=commit;h=306408a7d8d7aa85860b711a565a047e488884a0
More information about the Perl-maintainers
mailing list