https://bugzilla.redhat.com/show_bug.cgi?id=1297455 Bug ID: 1297455 Summary: CVE-2015-8607: File::Spec::canonpath() loses taint Product: Fedora Version: 22 Component: perl-PathTools Assignee: jplesnik@xxxxxxxxxx Reporter: ppisar@xxxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: jplesnik@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx File::Spec->canonpath does not preserve tainted flag. This is regression since PathTools-3.40: $ perl -T -MFile::Spec -MScalar::Util -e 'print Scalar::Util::tainted(File::Spec->canonpath(Cwd::getcwd)), qq{\n}' 0 While expected behavior is: $ ./perl -T -Ilib -MFile::Spec -MScalar::Util -e 'print Scalar::Util::tainted(File::Spec->canonpath(Cwd::getcwd)), qq{\n}' 1 This bug affects all Fedoras and is know as CVE-2015-8607. Perl upstream fixed it with commit: commit 0b6f93036de171c12ba95d415e264d9cf7f4e1fd Author: Tony Cook <tony@xxxxxxxxxxxxxxxx> Date: Tue Dec 15 10:56:54 2015 +1100 ensure File::Spec::canonpath() preserves taint Previously the unix specific XS implementation of canonpath() would return an untainted path when supplied a tainted path. For the empty string case, newSVpvs() already sets taint as needed on its result. This issue was assigned CVE-2015-8607. [perl #126862] -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
