https://bugzilla.redhat.com/show_bug.cgi?id=1456770 Bug ID: 1456770 Summary: CVE-2017-0373 perl-Config-Model: gen_class_pod implementation has dangerous "use lib" line Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: amaris@xxxxxxxxxx CC: david.hannequin@xxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. Debian patch: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773 -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
