On Tuesday, 16 May 2017 23:26:10 CEST you wrote: > The Debian LTS team recently reviewed the security issue(s) affecting your > package in Wheezy: > https://security-tracker.debian.org/tracker/CVE-2017-0373 > https://security-tracker.debian.org/tracker/CVE-2017-0374
Wheezy is not impacted by CVE-2017-0373. The problematic file did not exist back then. Fixing CVE-2017-0374 on wheezy and jessie is moot because '.' is still included in @INC in the perl shipped with these releases. Likewise, fixing CVE-2017-0373 is not really useful: there's not much point in removing 'lib' from @INC (due to the spurious "use lib;") if '.' is also in @INC. All the best -- https://github.com/dod38fr/ -o- http://search.cpan.org/~ddumont/ http://ddumont.wordpress.com/ -o- irc: dod at irc.debian.org
