[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About the security issues affecting libconfig-model-perl in Wheezy

On Tuesday, 16 May 2017 23:26:10 CEST you wrote:
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Wheezy:
> https://security-tracker.debian.org/tracker/CVE-2017-0373
> https://security-tracker.debian.org/tracker/CVE-2017-0374

Wheezy is not impacted by CVE-2017-0373. The problematic file did not exist 
back then.

Fixing CVE-2017-0374 on wheezy and jessie is moot because '.' is still 
included in @INC in the perl shipped with these releases.

Likewise, fixing CVE-2017-0373 is not really useful: there's not much point in 
removing 'lib' from @INC (due to the spurious "use lib;") if '.' is also in 

All the best
 https://github.com/dod38fr/   -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/  -o-   irc: dod at irc.debian.org

Reply to: