[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About the security issues affecting libconfig-model-perl in Wheezy


Thank you. I will update the security tracker from minor issue to unaffected.

/ Ola

Sent from a phone

Den 17 maj 2017 14:34 skrev "Dominique Dumont" <dod@debian.org>:
On Tuesday, 16 May 2017 23:26:10 CEST you wrote:
> The Debian LTS team recently reviewed the security issue(s) affecting your
> package in Wheezy:
> https://security-tracker.debian.org/tracker/CVE-2017-0373
> https://security-tracker.debian.org/tracker/CVE-2017-0374

Wheezy is not impacted by CVE-2017-0373. The problematic file did not exist
back then.

Fixing CVE-2017-0374 on wheezy and jessie is moot because '.' is still
included in @INC in the perl shipped with these releases.

Likewise, fixing CVE-2017-0373 is not really useful: there's not much point in
removing 'lib' from @INC (due to the spurious "use lib;") if '.' is also in

All the best
 https://github.com/dod38fr/   -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/  -o-   irc: dod at irc.debian.org

Reply to: