I had a peek last night at the change log of Debian's perl. Saw some security fixes I don't remember having seen come back to p5p.
http://packages.debian.org/changelogs/pool/main/p/perl/perl_5.8.4-4/changelog http://ftp.debian.org/debian/pool/main/p/perl/perl_5.8.4-4.diff.gz perl (5.8.4-4) unstable; urgency=low * SECURITY [CAN-2004-0976]: patches from Trustix for insecure temp file usage (thanks to Joey Hess for analysis; closes #278404). - Some unsafe examples in the DB_File POD. - Use of the unsafe tmpnam in the ext/DB_File/t/db-recno.t test script. - Use of unsafe temporary file names in ext/Devel/PPPort/PPPort.pm . - An example in MakeMaker.pm that suggets setting PREFIX=/tmp/myperl5 and another that suggets setting DESTDIR=/tmp/ . - Insecure use of /tmp file in instmodsh. - Insecure use of /tmp file in lib/Memoize/t/tie.t, tie_gdbm.t, tie_ndbm.t, tie_sdbm.t, tie_storable.t, probably exploitable at build time if these tests are run. - Use of insecure temp file in POD docs in lib/perl5db.pl and also an insecure temp file in the setterm() function in that program. -- Michael G Schwern [EMAIL PROTECTED] http://www.pobox.com/~schwern/ If the women don't find you handsome, they should at least find you handy. -- Red Green
