Processing control commands:
> severity -1 important
Bug #833030 [perl] perl: use base badly/mistakenly broken by CVE-2016-1238 fix
Severity set to 'important' from 'grave'
--
833030: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833030
Debian Bug Tra
Control: severity -1 important
On Mon, Aug 01, 2016 at 01:53:05PM +0300, Niko Tyni wrote:
> Thanks for the report. I'm sorry to hear that this caused problems for you.
>
> The base.pm change was not accidental. It was discussed when these
> patches were prepared. The discussion is unfortunately n
Processing commands for cont...@bugs.debian.org:
> forwarded 833030 https://rt.perl.org/Ticket/Display.html?id=128800
Bug #833030 [perl] perl: use base badly/mistakenly broken by CVE-2016-1238 fix
Set Bug forwarded-to-address to
'https://rt.perl.org/Ticket/Display.html?id=128800&#x
As a side note, I have started discussing this security problem, exploits,
and security measures on my blog. Please note that none of the module
changes prevent the most trivial exploits against, for example, prove and
you can't fix this in prove without breaking its basic guarantee. Simply
put,
If the change was not accidental then it was *very poorly* understood.
Removing . from @inc entirely would be less painful than expecting
developers to figure out this problem in the absence even of rudimentary
documentation of the change of behavior.
Documentation is authoritative. The module ha
On Sun, Jul 31, 2016 at 05:09:43AM +, Chris Travers wrote:
> Package: perl
> Version: 5.14.2-21+deb7u4
> Severity: grave
> Justification: renders package unusable
> use base died complaining that base package was empty
> The problem was introduced by the fix noted in the title. The problem i
Package: perl
Version: 5.14.2-21+deb7u4
Severity: grave
Justification: renders package unusable
Dear Maintainer,
*** Please consider answering these questions, where appropriate ***
* What led up to the situation?
We updated our systems with the latest security patches (and then spent a day
7 matches
Mail list logo
