develooper Front page | perl.perl5.porters | Postings from July 2016

Re: CVE-2016-1238: Important unsafe module load path flaw

Thread Previous | Thread Next
Craig A. Berry
July 25, 2016 20:57
Re: CVE-2016-1238: Important unsafe module load path flaw
Message ID:
On Mon, Jul 25, 2016 at 8:17 AM, Sawyer X <> wrote:
> Steve Hay just pushed fixes for CVE-2016-1238 to maint-5.22 and
> maint-5.24 for:
> Steve has also just released RCs for 5.22.3 and 5.24.1 carrying these fixes:

The Debian advisory is here for anyone interested:


I stumbled on the following message from someone struggling to adapt
the 5.22.x changes to what appears to be an older perl:


If anyone has pointers to a patch or patches that work with 5.20.x or
earlier, it might be nice to share them even though we no longer
officially support those versions.  Debian appears to have patched
their 5.20.x release but I don't know where that source code lives.

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About