From secunia security advisory at $URL:
The vulnerability is caused due to the "Digest->new()" function not properly sanitising input before using it in an "eval()" call, which can be exploited to inject and execute arbitrary Perl code.
The vulnerability is reported in versions prior to 1.17.
Update to version 1.17.
@perl, can we proceed with stabilization of perl-core/digest-base-1.170.0? Thanks.
Eval injection in the Digest module before 1.17 for Perl allows
context-dependent attackers to execute arbitrary commands via the new
It's already stabilized in bug 458122
New GLSA request filed
This issue was resolved and addressed in
GLSA 201401-33 at http://security.gentoo.org/glsa/glsa-201401-33.xml
by GLSA coordinator Mikle Kolyada (Zlogene).