develooper Front page | perl.perl5.porters | Postings from September 2012

Security Issues in perl-5.16.x

Thread Next
Shlomi Fish
September 29, 2012 00:26
Security Issues in perl-5.16.x
Message ID:
Hi Reini,

On Fri, 28 Sep 2012 15:17:54 +0000 wrote:

> Updates:
> 	Status: WontFix
> Comment #1 on issue 107 by reini.urban: Build fails with
> perl-5.16.1-7.mga3
> If you see the Changelog and the STATUS file, you'll see that 5.16
> and 5.17 is not yet supported with v1.42.
> Use latest git please.

Well, that's not a good solution for downstream packagers, and beside
that, the CPAN release should also work, because that's where people
look in general. See:


But that's not why I contacted you about. See below.

> I would also strongy recommend not to use 5.16 at all, as it still
> has security issues with "binary safe" names being passed to e.g.
> require and stored now in names, which allow a lot of new security
> attack vectors. And 5.16.0 has a lot of known security holes.

I've read about something like that in Perl Weekly as well, but can you be
more specific about the issues with perl-5.16.x? Also, I'm not using
perl-5.16.0 but rather perl-5.16.1.


	Shlomi Fish

Shlomi Fish
What Makes Software Apps High Quality -

Dax: yep, space. Nothing but nothing all around.
    — Star Trek, “We, the Living Dead” by Shlomi Fish

Please reply to list if it's a mailing list post - .

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About