Re: [xsawyerx@gmail.com: CVE-2016-1238: Important unsafe module load path flaw]
On Mon, 25 Jul 2016 21:46:46 +0200, gregor herrmann wrote:
> On Mon, 25 Jul 2016 15:15:30 +0100, Dominic Hargreaves wrote:
> > Please could team members look at the patches I've applied in the
> > jessie-security branches of
> > - libmodule-build-perl
[..]
> The former three are done by Salavatore (libmime*) and me (M::B).
For Module::Build there's an interesting comment at
https://github.com/Perl-Toolchain-Gang/Module-Build/issues/69#issuecomment-23520
0181
which leads into territory outside my knowledge/comfort zone.
Perl and security gurus, please take over :)
Cheers,
gregor
--
.''`. Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - https://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- BOFH excuse #278: The Dilithium Crystals need to be rotated.
Reply to: