Your message dated Fri, 06 Jun 2025 13:02:38 +0000
with message-id <e1unwiu-00dbgx...@fasolo.debian.org>
and subject line Bug#1107311: fixed in libfile-find-rule-perl 0.34-4~deb12u1
has caused the Debian Bug report #1107311,
regarding libfile-find-rule-perl: CVE-2011-10007
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1107311: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107311
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libfile-find-rule-perl
Version: 0.34-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/richardc/perl-file-find-rule/pull/4
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libfile-find-rule-perl.
CVE-2011-10007[0]:
| File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary
| Code Execution when `grep()` encounters a crafted filename. A file
| handle is opened with the 2 argument form of `open()` allowing an
| attacker controlled filename to provide the MODE parameter to
| `open()`, turning the filename into a command to be executed.
| Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl
| -MFile::Find::Rule \ -E
| 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user)
| gid=1000(user) groups=1000(user),100(users)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2011-10007
https://www.cve.org/CVERecord?id=CVE-2011-10007
[1] https://github.com/richardc/perl-file-find-rule/pull/4
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libfile-find-rule-perl
Source-Version: 0.34-4~deb12u1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libfile-find-rule-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated
libfile-find-rule-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Jun 2025 14:32:51 +0200
Source: libfile-find-rule-perl
Architecture: source
Version: 0.34-4~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1107311
Changes:
libfile-find-rule-perl (0.34-4~deb12u1) bookworm-security; urgency=high
.
* Rebuild for bookworm-security.
.
libfile-find-rule-perl (0.34-4) unstable; urgency=high
.
* Team upload.
* Fix for CVE-2011-10007: Use 3 arg open in grep() (Closes: #1107311)
Checksums-Sha1:
ea95d95f7d2f24ae0dfa53f1b6ef749232075e40 2463
libfile-find-rule-perl_0.34-4~deb12u1.dsc
05fe46cc142279b0716d058a51f7214bd80d34ff 16165
libfile-find-rule-perl_0.34.orig.tar.gz
f0762213e99f33f0875096abddb01e1cd3f67f23 4672
libfile-find-rule-perl_0.34-4~deb12u1.debian.tar.xz
Checksums-Sha256:
9d0e916c8d636266152c1f06627dcef5c678fabf331df822182d67fb4c6fb739 2463
libfile-find-rule-perl_0.34-4~deb12u1.dsc
7e6f16cc33eb1f29ff25bee51d513f4b8a84947bbfa18edb2d3cc40a2d64cafe 16165
libfile-find-rule-perl_0.34.orig.tar.gz
0c10d769cee30a960a7e68d60b6f891855162b0a23865791d5eb2022a6f7fd43 4672
libfile-find-rule-perl_0.34-4~deb12u1.debian.tar.xz
Files:
61628ee4c6420352dd08a19bc16ac4bd 2463 perl optional
libfile-find-rule-perl_0.34-4~deb12u1.dsc
a7aa9ad4d8ee87b2a77b8e3722768712 16165 perl optional
libfile-find-rule-perl_0.34.orig.tar.gz
eeeb0f455799b4fecce7a0a15c9e82b7 4672 perl optional
libfile-find-rule-perl_0.34-4~deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhBjupfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EYXYQAJF41uq7TiO8BtUf+2N1oKQIhv8ApBa1
iLUB0xyU5I1/ePimisp+7x9CXgMZ8mgLQ2uxnlYoH1X2ut7FCxvOXt3iBKzNBlIJ
AfqmaoIiqjJnQB+vypZ2yGJk4XdrzOeUIznh7l/pukHP9rmXesxs5pJD021cOIh1
GMvT9v7Yvp77gvtod2vDZq+1/bkfBnZQgR+wXyyk+NZToyqHitKjEX+fn/CguCbm
LxB1iJKxnetAQ/CS7Vm+fsX+XSsMPhrQUt6MBS7iMSY8JUo+v68MS8+SYyEedp7O
v9nGd8cDCmBh8wFvTEx1xQkE5Xe3lJuEA/fDL8J0Q5SPI3Cv0rODT8zJlovnKF6s
lba2URoexwbbSYdEJXH7tfORBtLTxjj7fDoL+iR38uIIsNzpjckdviS89o7OnLZe
74vX0RYK9S8c4iEeS1YndUIS3vyP961YuHrKtfnnFaP95OYfVfCJX6/PKcfLKFd9
e59eguSaFhEixIR8Q4S+C5SoOKdf/BRDy10L9i9WHHHthBZ2RxCVjBuu+AX+YQGt
NUHq9Pru081i8ra4PDuXYkNAvpjnBIKop1F7xFIWwLojdon22l2GfMj68oNgGtRZ
1Cg5NvUmhOSmOTQAvkXaEA5xTBP/eHEq1UQmKTzcvYqBZAv6QIOQE/QfstrYGSvQ
4GruYDDDSpXv
=u5kL
-----END PGP SIGNATURE-----
pgpdFkPboDF4b.pgp
Description: PGP signature
--- End Message ---
