Re: [xsawyerx@gmail.com: CVE-2016-1238: Important unsafe module load path flaw]

To: debian-perl@lists.debian.org
Subject: Re: [xsawyerx@gmail.com: CVE-2016-1238: Important unsafe module load path flaw]
From: Dominic Hargreaves <dom@earth.li>
Date: Tue, 26 Jul 2016 11:29:21 +0100
Message-id: <[🔎] 20160726102921.GX27403@urchin.earth.li>
In-reply-to: <[🔎] 20160726101742.GF17190@colleen.colgarra.priv.at>
References: <[🔎] 20160725141530.GA27403@urchin.earth.li> <[🔎] 20160725194646.rdnbspu5oyz57slu@jadzia.comodo.priv.at> <[🔎] 20160726101742.GF17190@colleen.colgarra.priv.at>

On Tue, Jul 26, 2016 at 12:17:42PM +0200, gregor herrmann wrote:
> On Mon, 25 Jul 2016 21:46:46 +0200, gregor herrmann wrote:
> 
> > On Mon, 25 Jul 2016 15:15:30 +0100, Dominic Hargreaves wrote:
> > > Please could team members look at the patches I've applied in the
> > > jessie-security branches of
> > > - libmodule-build-perl
> [..]
> > The former three are done by Salavatore (libmime*) and me (M::B).
> 
> For Module::Build there's an interesting comment at
> https://github.com/Perl-Toolchain-Gang/Module-Build/issues/69#issuecomment-23520
> 0181
> which leads into territory outside my knowledge/comfort zone.
> 
> Perl and security gurus, please take over :)

Thanks, I've commented.

Dominic.

Reply to:

References:
- [xsawyerx@gmail.com: CVE-2016-1238: Important unsafe module load path flaw]
  - From: Dominic Hargreaves <dom@earth.li>
- Re: [xsawyerx@gmail.com: CVE-2016-1238: Important unsafe module load path flaw]
  - From: gregor herrmann <gregoa@debian.org>
- Re: [xsawyerx@gmail.com: CVE-2016-1238: Important unsafe module load path flaw]
  - From: gregor herrmann <gregoa@debian.org>

Prev by Date: Re: [xsawyerx@gmail.com: CVE-2016-1238: Important unsafe module load path flaw]
Next by Date: Re: RC bug status for perl packages (re '.' in @INC removal)
Previous by thread: Re: [xsawyerx@gmail.com: CVE-2016-1238: Important unsafe module load path flaw]
Next by thread: RC bug status for perl packages (re '.' in @INC removal)
Index(es):
- Date
- Thread