CVS: cvs.openbsd.org: src

Andrew Fresh Thu, 03 Mar 2016 08:17:27 -0800

CVSROOT:        /cvs
Module name:    src
Changes by:     afre...@cvs.openbsd.org 2016/03/03 09:16:09


Modified files:
        gnu/usr.bin/perl: Tag: OPENBSD_5_7 perl.c 
        gnu/usr.bin/perl/vms: Tag: OPENBSD_5_7 vms.c 

Log message:
Fix for perl CVE-2016-2381

Prior to this patch, when an environment variable "X" appears multiple times in
envp, perl could return different values for $ENV{"X"} than that provided by
getenv("X").  Further, subprocessses could inherit surprising environment
variables because of this.

from Ricardo Signes <rjbs cpan.org>

This problem was originally reported by Stephane Chazelas.

http://perl5.git.perl.org/perl.git/commit/7098efff946437a2db6013d12c4fc3193fc328ce
http://perl5.git.perl.org/perl.git/commit/2c2d7ae2ec598bff43f056060e4a83656066a4c4

CVS: cvs.openbsd.org: src

Reply via email to