On Wed, 19 Apr 2023 20:43:38 +0200, Salvatore Bonaccorso wrote:

> > 2.13 adds the additional required path component, so maybe you are
> > right and we should consider the CVE addressed on the package side
> > with the addition of the cpan_path key.
> 
> Discussed this today with Moritz: Let's do that and consider it fixed
> with the 2.13 introducing change. Much more can probably not be done.

Great, thanks to you and Moritz.


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   

Attachment: signature.asc
Description: Digital Signature

Reply via email to