CVSROOT: /cvs Module name: ports Changes by: [email protected] 2010/09/08 01:44:03
Modified files:
www/p5-libwww : Makefile distinfo
Log message:
- SECURITY UPDATE of p5-libwww to 5.835
CVE-2010-2253: lwp-download in libwww-perl before 5.835 does not reject
downloads to filenames that begin with a . (dot) character, which allows
remote servers to create or overwrite files and possibly execute arbitrary
code.
from ian mcwilliam, ok sthen@
