develooper Front page | perl.perl5.porters | Postings from August 2021

Re: CVE-2021-36770: Encode.pm loads code from outside expected @INC

Thread Previous | Thread Next
From:
Achim Gratz
Date:
August 14, 2021 17:26
Subject:
Re: CVE-2021-36770: Encode.pm loads code from outside expected @INC
Message ID:
87k0koj5xd.fsf@Rainer.invalid
Dan Book writes:
> A less fragile version of this would be:
>
> require File::Basename;
> local @INC = File::Basename::dirname($INC{'Encode.pm'});

Good idea, plus it would actually work, since this module is in the
perl_base package, so always available.  I'll do that in the next
release.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Wavetables for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About