Re: About the security issues affecting libconfig-model-perl in Wheezy
On Tuesday, 16 May 2017 23:26:10 CEST you wrote:
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Wheezy:
> https://security-tracker.debian.org/tracker/CVE-2017-0373
> https://security-tracker.debian.org/tracker/CVE-2017-0374
Wheezy is not impacted by CVE-2017-0373. The problematic file did not exist
back then.
Fixing CVE-2017-0374 on wheezy and jessie is moot because '.' is still
included in @INC in the perl shipped with these releases.
Likewise, fixing CVE-2017-0373 is not really useful: there's not much point in
removing 'lib' from @INC (due to the spurious "use lib;") if '.' is also in
@INC.
All the best
--
https://github.com/dod38fr/ -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/ -o- irc: dod at irc.debian.org
Reply to: