On Fri, Apr 01, 2016 at 11:21:45PM +0100, Dominic Hargreaves wrote:
> On Mon, Mar 12, 2012 at 09:49:59PM +0200, Niko Tyni wrote:
> > Just a note that this topic has resurfaced upstream; the thread starts at
> >
> > http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2012-03/msg00265.html
>
>
Control: forwarded -1 https://rt.perl.org/Public/Bug/Display.html?id=127810
On Mon, Mar 12, 2012 at 09:49:59PM +0200, Niko Tyni wrote:
> Just a note that this topic has resurfaced upstream; the thread starts at
> http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2012-03/msg00265.html
And ag
Just a note that this topic has resurfaced upstream; the thread starts at
http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2012-03/msg00265.html
--
Niko Tyni nt...@debian.org
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Troubl
severity 588017 important
thanks
On Sun, Aug 15, 2010 at 09:01:18PM +0100, Adam D. Barratt wrote:
> tag 588017 + squeeze-ignore
> thanks
>
> On Sun, 2010-08-15 at 16:24 +0100, Dominic Hargreaves wrote:
> > On Thu, Aug 05, 2010 at 07:58:34AM +0900, Ansgar Burchardt wrote:
> >
> > > Niko Tyni wri
tag 588017 + squeeze-ignore
thanks
On Sun, 2010-08-15 at 16:24 +0100, Dominic Hargreaves wrote:
> On Thu, Aug 05, 2010 at 07:58:34AM +0900, Ansgar Burchardt wrote:
>
> > Niko Tyni writes:
> > I agree. This is very likely to break things.
> >
> > > Ansgar, could you please discuss this upstream
On Thu, Aug 05, 2010 at 07:58:34AM +0900, Ansgar Burchardt wrote:
> Niko Tyni writes:
>
> > While I agree it's potentially harmful, I think fixing it has a very
> > high risk of breaking user scripts. It's definitely not something to do
> > in a stable security update, and I'm not enthusiastic a
package perl
forwarded 588017
http://www.nntp.perl.org/group/perl.perl5.porters/2010/08/msg162729.html
thanks
Hi,
Niko Tyni writes:
> While I agree it's potentially harmful, I think fixing it has a very
> high risk of breaking user scripts. It's definitely not something to do
> in a stable s
On Mon, Jul 12, 2010 at 07:47:34PM +0100, Chris Butler wrote:
> It looks like this is a concious decision by upstream, it's even documented
> in perlvar(1):
>
> The array @INC contains the list of places that the "do EXPR",
> "require", or "use" constructs look for their library files. I
tag 588017 +upstream
thanks
On Sun, Jul 04, 2010 at 06:47:32PM +0100, Dominic Hargreaves wrote:
> I'm not going to start play severity games, but thie looks very much
> like a security bug to me.
It looks like this is a concious decision by upstream, it's even documented
in perlvar(1):
The a
On Sun, Jul 04, 2010 at 08:34:35PM +0300, Eugene V. Lyubimkin wrote:
> Ansgar Burchardt wrote:
> > perl includes the current directory as the last element in @INC when not
> > running in taint mode (-T). As many modules try to load other modules
> > that may or may not be installed, this can resul
package perl
severity 588017 grave
thanks
Dominic Hargreaves wrote:
> Whoa, this is quite hasty.
Maybe.
> The reason that this is a security bug is
> because the current directory should not be trusted, because it might
> be writable by a *different* non-root user who might wish to trick you
> in
package perl
severity 588017 normal
thanks
Hi Ansgar,
Ansgar Burchardt wrote:
> perl includes the current directory as the last element in @INC when not
> running in taint mode (-T). As many modules try to load other modules
> that may or may not be installed, this can result in code execution.
Package: perl
Version: 5.10.1-13
Severity: grave
Tags: security
Hi,
perl includes the current directory as the last element in @INC when not
running in taint mode (-T). As many modules try to load other modules
that may or may not be installed, this can result in code execution.
Example:
libte
13 matches
Mail list logo
