Control: severity -1 normal On Tue, Feb 18, 2025 at 05:01:55PM +0100, Vincent Lefevre wrote:
> Control: forwarded -1 https://github.com/Perl/perl5/issues/23010 > > This is a bug visible in the perl code, so I've just reported the bug > upstream. Thanks. > (Not sure about the severity, but this can yield incorrect file > operations in the involved directory, which may be very problematic > if this directory is untrusted.) There's a preliminary patch upstream at https://github.com/Perl/perl5/pull/23019 but it looks like it's not going to be in 5.42. I'm certainly not going to backport it before it's ready. It doesn't look like upstream is treating this as a serious security issue, so I'm lowering the severity. Please discuss the security concerns upstream if you want this to change. -- Niko Tyni nt...@debian.org
