Processing commands for cont...@bugs.debian.org:
> severity 588017 important
Bug #588017 [perl] perl: current directory in @INC potentially harmful
Severity set to 'important' from 'grave'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
588017: http://bugs.debian
severity 588017 important
thanks
On Sun, Aug 15, 2010 at 09:01:18PM +0100, Adam D. Barratt wrote:
> tag 588017 + squeeze-ignore
> thanks
>
> On Sun, 2010-08-15 at 16:24 +0100, Dominic Hargreaves wrote:
> > On Thu, Aug 05, 2010 at 07:58:34AM +0900, Ansgar Burchardt wrote:
> >
> > > Niko Tyni wri
Processing commands for cont...@bugs.debian.org:
> tag 588017 + squeeze-ignore
Bug #588017 [perl] perl: current directory in @INC potentially harmful
Added tag(s) squeeze-ignore.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
588017: http://bugs.debian.org/cgi-bi
tag 588017 + squeeze-ignore
thanks
On Sun, 2010-08-15 at 16:24 +0100, Dominic Hargreaves wrote:
> On Thu, Aug 05, 2010 at 07:58:34AM +0900, Ansgar Burchardt wrote:
>
> > Niko Tyni writes:
> > I agree. This is very likely to break things.
> >
> > > Ansgar, could you please discuss this upstream
On Thu, Aug 05, 2010 at 07:58:34AM +0900, Ansgar Burchardt wrote:
> Niko Tyni writes:
>
> > While I agree it's potentially harmful, I think fixing it has a very
> > high risk of breaking user scripts. It's definitely not something to do
> > in a stable security update, and I'm not enthusiastic a
Processing commands for cont...@bugs.debian.org:
> package perl
Limiting to bugs with field 'package' containing at least one of 'perl'
Limit currently set to 'package':'perl'
> forwarded 588017
> http://www.nntp.perl.org/group/perl.perl5.porters/2010/08/msg162729.html
Bug #588017 [perl] perl:
package perl
forwarded 588017
http://www.nntp.perl.org/group/perl.perl5.porters/2010/08/msg162729.html
thanks
Hi,
Niko Tyni writes:
> While I agree it's potentially harmful, I think fixing it has a very
> high risk of breaking user scripts. It's definitely not something to do
> in a stable s
On Mon, Jul 12, 2010 at 07:47:34PM +0100, Chris Butler wrote:
> It looks like this is a concious decision by upstream, it's even documented
> in perlvar(1):
>
> The array @INC contains the list of places that the "do EXPR",
> "require", or "use" constructs look for their library files. I
tag 588017 +upstream
thanks
On Sun, Jul 04, 2010 at 06:47:32PM +0100, Dominic Hargreaves wrote:
> I'm not going to start play severity games, but thie looks very much
> like a security bug to me.
It looks like this is a concious decision by upstream, it's even documented
in perlvar(1):
The a
Processing commands for cont...@bugs.debian.org:
> tag 588017 +upstream
Bug #588017 [perl] perl: current directory in @INC potentially harmful
Added tag(s) upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
588017: http://bugs.debian.org/cgi-bin/bugreport.c
On Sun, Jul 04, 2010 at 08:34:35PM +0300, Eugene V. Lyubimkin wrote:
> Ansgar Burchardt wrote:
> > perl includes the current directory as the last element in @INC when not
> > running in taint mode (-T). As many modules try to load other modules
> > that may or may not be installed, this can resul
Processing commands for cont...@bugs.debian.org:
> package perl
Limiting to bugs with field 'package' containing at least one of 'perl'
Limit currently set to 'package':'perl'
> severity 588017 grave
Bug #588017 [perl] perl: current directory in @INC potentially harmful
Severity set to 'grave' fr
Processing commands for cont...@bugs.debian.org:
> package perl
Limiting to bugs with field 'package' containing at least one of 'perl'
Limit currently set to 'package':'perl'
> severity 588017 normal
Bug #588017 [perl] perl: current directory in @INC potentially harmful
Severity set to 'normal'
package perl
severity 588017 normal
thanks
Hi Ansgar,
Ansgar Burchardt wrote:
> perl includes the current directory as the last element in @INC when not
> running in taint mode (-T). As many modules try to load other modules
> that may or may not be installed, this can result in code execution.
Package: perl
Version: 5.10.1-13
Severity: grave
Tags: security
Hi,
perl includes the current directory as the last element in @INC when not
running in taint mode (-T). As many modules try to load other modules
that may or may not be installed, this can result in code execution.
Example:
libte
15 matches
Mail list logo
