gh-mirrors/openwrt-packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-01-10 11:44:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

perl: ensure File::Spec::canonpath() preserves taint [CVE-2015-8607]

Browse Source 
Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath()
routine returned untained strings even if passed tainted input. This defect
undermines the guarantee of taint propagation, which is sometimes used to
ensure that unvalidated user input does not reach sensitive code.

This defect was found and reported by David Golden of MongoDB, and a patch
was provided by Tony Cook.

References:

 * https://rt.perl.org/Public/Bug/Display.html?id=126862
 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8607

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
This commit is contained in:
Jo-Philipp Wich
2016-01-14 12:17:56 +01:00
parent 6e9cf99476
commit f73e358558
6 changed files with 64 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lang/perl/patches/110-always_use_miniperl.patch
View File

@@ -1,6 +1,6 @@
--- a/Makefile.SH
+++ b/Makefile.SH
@@ -315,22 +315,11 @@ MINIPERL = \$(LDLIBPTH) ./miniperl\$(EXE
@@ -316,22 +316,11 @@ MANIFEST_SRT = MANIFEST.srt
!GROK!THIS!