Lmao, just send an email with "unsubscribe" in it to debian-security@lists.debian.org On Mar 1, 2016 1:03 PM, "James Barrett" <xuc...@gmail.com> wrote:
> Unsubscribe me or I will spam your list > On Mar 1, 2016 10:28 AM, "Salvatore Bonaccorso" <car...@debian.org> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> - >> ------------------------------------------------------------------------- >> Debian Security Advisory DSA-3501-1 secur...@debian.org >> https://www.debian.org/security/ Salvatore Bonaccorso >> March 01, 2016 https://www.debian.org/security/faq >> - >> ------------------------------------------------------------------------- >> >> Package : perl >> CVE ID : CVE-2016-2381 >> >> Stephane Chazelas discovered a bug in the environment handling in Perl. >> Perl provides a Perl-space hash variable, %ENV, in which environment >> variables can be looked up. If a variable appears twice in envp, only >> the last value would appear in %ENV, but getenv would return the first. >> Perl's taint security mechanism would be applied to the value in %ENV, >> but not to the other rest of the environment. This could result in an >> ambiguous environment causing environment variables to be propagated to >> subprocesses, despite the protections supposedly offered by taint >> checking. >> >> With this update Perl changes the behavior to match the following: >> >> a) %ENV is populated with the first environment variable, as getenv >> would return. >> b) Duplicate environment entries are removed. >> >> For the oldstable distribution (wheezy), this problem has been fixed >> in version 5.14.2-21+deb7u3. >> >> For the stable distribution (jessie), this problem has been fixed in >> version 5.20.2-3+deb8u4. >> >> For the unstable distribution (sid), this problem will be fixed in >> version 5.22.1-8. >> >> We recommend that you upgrade your perl packages. >> >> Further information about Debian Security Advisories, how to apply >> these updates to your system and frequently asked questions can be >> found at: https://www.debian.org/security/ >> >> Mailing list: debian-security-annou...@lists.debian.org >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQIcBAEBCgAGBQJW1bTDAAoJEAVMuPMTQ89En28P/3uLGpzAppXhj4Hik/2lG/Tl >> +UspDr3Dyl2CSeKmLK/iPexhp66R2fTu3FX0QWvNznYlVe9goQpWAK1fMpFitagO >> LL3dJgal0dy+pHLmUkqIr1IllEdMoW69Wk0/a6n8Ko0upG7Bjb5BthRtC6EfLdW6 >> xYND4pzAPENxBmWsgMv1E2gP2FZesPZAmnNM7DjKmOe7uSF5gw3hplZ2Mufkj4oI >> HIzG248UyhNkCOkYw2uzI8vpeEktzsAnkNgQQzfBtI9aW+4uL8c9JYHztkYUuzWP >> wqZygN4aIvS8IzlDqQ40jQSqqHM97StAfTJ7vIP6bK8uMTD9tccYCEN0j1OCiTHS >> e5h3ZbYhdTgWGHDfwZHkmQcfkhAOXjkNu8gxvf4XrXaSXInJwXCtOC9V3It/PrAs >> gpKug9vC2qhTgNIOqX2JqayoVIH2rtPTfsoYDnl7GKyFs0GsWhrr6h1DR+xTxA8x >> INrL7MbgF2ydqNnqmp7YAdJAc8c3H8YrW/ERiuW4r/YvD/pUwqbJaF6NFUIqB3v0 >> o+24ymPgqGQrK08oopNwkgByQs5JvkcOLZKUpos0puwJTZ4f492WFgwFQQOo+V3j >> pFqcNE9d4LswV+Dymbi8//hpkiT+qL6+N4uTULx5pCUO0KzQD4L2+9Fg4ReO//NI >> BhdHUyds14H7iDdAZvC5 >> =WDZ9 >> -----END PGP SIGNATURE----- >> >>
