Re: [SECURITY] [DSA 3441-1] perl security update

Mon, 11 Jan 2016 08:38:24 -0800 

Unsunscribe

On Monday, 11 January 2016, Salvatore Bonaccorso <[email protected]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3441-1                   [email protected]
> <javascript:;>
> https://www.debian.org/security/                     Salvatore Bonaccorso
> January 11, 2016                      https://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : perl
> CVE ID         : CVE-2015-8607
> Debian Bug     : 810719
>
> David Golden of MongoDB discovered that File::Spec::canonpath() in Perl
> returned untainted strings even if passed tainted input. This defect
> undermines taint propagation, which is sometimes used to ensure that
> unvalidated user input does not reach sensitive code.
>
> The oldstable distribution (wheezy) is not affected by this problem.
>
> For the stable distribution (jessie), this problem has been fixed in
> version 5.20.2-3+deb8u2.
>
> For the unstable distribution (sid), this problem will be fixed soon.
>
> We recommend that you upgrade your perl packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: [email protected] <javascript:;>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCgAGBQJWk8zeAAoJEAVMuPMTQ89Ebo0P/Ak7kASx5X+T9MUYsRFFLiRO
> lrQb26F5kfIRB/Uqy/LJDphCvNIo+IzBiEshZXXMCAphFc8xOKetrzWqVDXyvY4L
> IE2Q9Lna/u4s88MmnZsG6WoS/MnMAL9bJNASLGrTNJRz+/ROXSx9/GkCMQaj3LHU
> 6tjiMi5xDIFVwqvRRnvXVs+xDzw556QpakMixAuX18eADbTMFOeq1uybArN1iaoW
> CU+b28vT6vqYYJnfWENAKPFK7eEBB5dWskSSdcQXQvFmN9LKSSQ+THTvnga/JERs
> vUKkO+C6GnbPy0M/XD6pH4mppClcIeIpXdfHZq+ecvZCS1SGeX+qZ9FATn1rYwFI
> qZMCs0EYW72VUmSDyqQTI2DDZMZbI8TnQDcImcjjCwv/KURdQzPydPgG6MHZXt5o
> dJw6M/X2kwfWkWN0bzrH0jLfjqKG4fd5Bjq6pHPjL64QVsEyuimZRZrntS72hq45
> yroSke0zPExEprZoVDH6BXgftB2W9ucf4B/6UoMzl9dAODF/ZZiK2BCxv+IZPK3C
> /i9pSiBQVAVJZlKyCDdr0A85P1uNY2skSNDJYFoZ5Ny/I6QiOMulmo+nk3kcNXzi
> kihiB2647SwTJTYfpuGpjiapqWhXxUu2bXvVOHcEoyVt9qiQmgIg6v1KiBcwzk+9
> r8T3o1hI97FrZvrHOjlH
> =XctV
> -----END PGP SIGNATURE-----
>
>

Reply via email to