Package: perl-base Version: 5.22.1-3 Severity: important Tags: fixed-upstream patch
I will upload a fix for unstable later today. A stable update has been prepared with the security team. ----- Forwarded message from Ricardo Signes <[email protected]> ----- Date: Mon, 11 Jan 2016 08:53:12 -0500 From: Ricardo Signes <[email protected]> To: [email protected] Subject: CVE-2015-8607: XS File::Spec::canonpath loses taint List-Id: <perl5-porters.perl.org> User-Agent: Mutt/1.5.23 (2014-03-12) I have just pushed fixes to blead, maint-5.22, and maint-5.20 for https://rt.perl.org/Ticket/Display.html?id=126862 PathTools 3.62 is now available on CPAN, or will be momentarily. In this bug, the XS version of canonpath does not preserve taint. If you rely on taint checking for security, you should upgrade your PathTools. For more details on this issuse, see the RT ticket linked above. -- rjbs ----- End forwarded message -----
