it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 3441-1] perl security update
- Date: Mon, 11 Jan 2016 15:47:33 +0000
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-return-path: <carnil AT master.debian.org>
- Priority: urgent
- Resent-date: Mon, 11 Jan 2016 15:47:53 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <Fqu1iFMbZTM.A.bXE.o68kWB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3441-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 11, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : perl
CVE ID : CVE-2015-8607
Debian Bug : 810719
David Golden of MongoDB discovered that File::Spec::canonpath() in Perl
returned untainted strings even if passed tainted input. This defect
undermines taint propagation, which is sometimes used to ensure that
unvalidated user input does not reach sensitive code.
The oldstable distribution (wheezy) is not affected by this problem.
For the stable distribution (jessie), this problem has been fixed in
version 5.20.2-3+deb8u2.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your perl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWk8zeAAoJEAVMuPMTQ89Ebo0P/Ak7kASx5X+T9MUYsRFFLiRO
lrQb26F5kfIRB/Uqy/LJDphCvNIo+IzBiEshZXXMCAphFc8xOKetrzWqVDXyvY4L
IE2Q9Lna/u4s88MmnZsG6WoS/MnMAL9bJNASLGrTNJRz+/ROXSx9/GkCMQaj3LHU
6tjiMi5xDIFVwqvRRnvXVs+xDzw556QpakMixAuX18eADbTMFOeq1uybArN1iaoW
CU+b28vT6vqYYJnfWENAKPFK7eEBB5dWskSSdcQXQvFmN9LKSSQ+THTvnga/JERs
vUKkO+C6GnbPy0M/XD6pH4mppClcIeIpXdfHZq+ecvZCS1SGeX+qZ9FATn1rYwFI
qZMCs0EYW72VUmSDyqQTI2DDZMZbI8TnQDcImcjjCwv/KURdQzPydPgG6MHZXt5o
dJw6M/X2kwfWkWN0bzrH0jLfjqKG4fd5Bjq6pHPjL64QVsEyuimZRZrntS72hq45
yroSke0zPExEprZoVDH6BXgftB2W9ucf4B/6UoMzl9dAODF/ZZiK2BCxv+IZPK3C
/i9pSiBQVAVJZlKyCDdr0A85P1uNY2skSNDJYFoZ5Ny/I6QiOMulmo+nk3kcNXzi
kihiB2647SwTJTYfpuGpjiapqWhXxUu2bXvVOHcEoyVt9qiQmgIg6v1KiBcwzk+9
r8T3o1hI97FrZvrHOjlH
=XctV
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 3441-1] perl security update, Salvatore Bonaccorso, 11.01.2016
Archiv bereitgestellt durch MHonArc 2.6.19.