Author: matthew Date: 2011-11-25 13:48:30 -0700 (Fri, 25 Nov 2011) New Revision: 2336
Added: trunk/perl/perl-5.14.2-security_fix-1.patch Log: Add security patch for Perl-5.14.2. Added: trunk/perl/perl-5.14.2-security_fix-1.patch =================================================================== --- trunk/perl/perl-5.14.2-security_fix-1.patch (rev 0) +++ trunk/perl/perl-5.14.2-security_fix-1.patch 2011-11-25 20:48:30 UTC (rev 2336) @@ -0,0 +1,22 @@ +Submitted by: Matt Burgess <matthew at linuxfromscratch dot org> +Date: 2011-11-25 +Inital Package Version: 5.14.2 +Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3597 +Upstream Status: From Upstream +Description: Fixed an arbitrary code execution vulnerability in Perl's Digest + module + +diff -Naur perl-5.14.2.orig/cpan/Digest/Digest.pm perl-5.14.2/cpan/Digest/Digest.pm +--- perl-5.14.2.orig/cpan/Digest/Digest.pm 2010-12-30 02:07:15.000000000 +0000 ++++ perl-5.14.2/cpan/Digest/Digest.pm 2011-11-20 20:22:27.306414256 +0000 +@@ -35,7 +35,9 @@ + ($class, @args) = @$class if ref($class); + no strict 'refs'; + unless (exists ${"$class\::"}{"VERSION"}) { +- eval "require $class"; ++ my $pm_file = $class . ".pm"; ++ $pm_file =~ s{::}{/}g; ++ eval { require $pm_file }; + if ($@) { + $err ||= $@; + next; -- http://linuxfromscratch.org/mailman/listinfo/patches FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
