Bug#810719: perl: CVE-2015-8607: XS File::Spec::canonpath loses taint
Dominic Hargreaves
dom at earth.li
Mon Jan 11 14:40:29 UTC 2016
Package: perl-base
Version: 5.22.1-3
Severity: important
Tags: fixed-upstream patch
I will upload a fix for unstable later today. A stable update has been
prepared with the security team.
----- Forwarded message from Ricardo Signes <perl.p5p at rjbs.manxome.org> -----
Date: Mon, 11 Jan 2016 08:53:12 -0500
From: Ricardo Signes <perl.p5p at rjbs.manxome.org>
To: perl5-porters at perl.org
Subject: CVE-2015-8607: XS File::Spec::canonpath loses taint
List-Id: <perl5-porters.perl.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
I have just pushed fixes to blead, maint-5.22, and maint-5.20 for
https://rt.perl.org/Ticket/Display.html?id=126862
PathTools 3.62 is now available on CPAN, or will be momentarily.
In this bug, the XS version of canonpath does not preserve taint. If you rely
on taint checking for security, you should upgrade your PathTools.
For more details on this issuse, see the RT ticket linked above.
--
rjbs
----- End forwarded message -----
More information about the Perl-maintainers
mailing list