[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [xsawyerx@gmail.com: CVE-2016-1238: Important unsafe module load path flaw]

On Mon, 25 Jul 2016 21:46:46 +0200, gregor herrmann wrote:

> On Mon, 25 Jul 2016 15:15:30 +0100, Dominic Hargreaves wrote:
> > Please could team members look at the patches I've applied in the
> > jessie-security branches of
> > - libmodule-build-perl
[..]
> The former three are done by Salavatore (libmime*) and me (M::B).

For Module::Build there's an interesting comment at
https://github.com/Perl-Toolchain-Gang/Module-Build/issues/69#issuecomment-23520
0181
which leads into territory outside my knowledge/comfort zone.

Perl and security gurus, please take over :)


Cheers,
gregor

-- 
 .''`.  Homepage https://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer -  https://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   BOFH excuse #278:  The Dilithium Crystals need to be rotated.
Reply to: