Summary: | dev-perl/Data-UUID: Symlink attacks (CVE-2013-4184) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | minor | CC: | perl |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/07/31/1 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-08-01 08:53:43 UTC
"Regarding affected distributions, note that Debian and Fedora do not ship Data::UUID from CPAN - they use OSSP's uuid. However, at least Arch and Gentoo seem to ship the CPAN version." I doubt that Data::UUID and ossp-uuid[perl] are interchangeable. Masking is also not an option yet since there is a chain of dependencies. No patch has materialized. No news from upstream. This is protected against by fs.protected_symlinks which is on by default in gentoo-sources that is security supported. |