Summary: | <dev-lang/perl-5.22.2: ambiguous environment variables handling | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | kentnl, perl |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
![]() $ git tag --contains ae37b791a73a9e78dedb89fb2429d2628cf58076 | sort -u v5.23.9 v5.24.0 [...] @ Maintainer(s): Can we backport the fix or stabilize 5.24.0 already (yes, I know that we finished stabilization of perl-5.22.3 a few hours ago but I have to ask this)? Looks like this was fixed in 5.22.2, but with a different commit-id https://perl5.git.perl.org/perl.git/commitdiff/58eaa1131a38c16ee4a66d0bc36288cfde1a39bf git tag --contains 58eaa1131a38c16ee4a66d0bc36288cfde1a39bf v5.22.2 v5.22.2-RC1 v5.22.3 v5.22.3-RC1 v5.22.3-RC2 v5.22.3-RC3 v5.22.3-RC4 v5.22.3-RC5 (In reply to Thomas Deutschmann from comment #0) > Upstream bug: > > foo ? (In reply to Agostino Sarubbo from comment #3) > (In reply to Thomas Deutschmann from comment #0) > > Upstream bug: > > > > foo https://rt.perl.org/Public/Bug/Display.html?id=127158 Added to existing GLSA. This issue was resolved and addressed in GLSA 201701-75 at https://security.gentoo.org/glsa/201701-75 by GLSA coordinator Thomas Deutschmann (whissi). |