Control: clone -1 -2 Control: affects -2 perlcritic Control: tag -1 - security Control: severity -2 important
On Mon, 15 May 2017, Jakub Wilk wrote: > Control: tags -1 + security > > * Paul Wise <p...@debian.org>, 2016-08-13, 15:09: > > There is some code which causes perlcritic to create or overwrite a > > perltidy.ERR file in the current directory. > > Perl::Tidy tries to delete existing perltidy.ERR; but if deleting fails, it > proceeds as if nothing happened. This can be abused to overwrite arbitrary > files via symlink attack: Yeah, this definitely looks like a bug in perltidy. I've cloned and reassigned this to perltidy since the underlying security issue needs to be fixed there. Perlcritic can work around it by using -se et al. -- Don Armstrong https://www.donarmstrong.com Whatever you do will be insignificant, but it is very important that you do it. -- Mohandas Karamchand Gandhi