[lfs-patches] r2336 - trunk/perl

matthew at linuxfromscratch.org matthew at linuxfromscratch.org
Fri Nov 25 12:48:31 PST 2011


Author: matthew
Date: 2011-11-25 13:48:30 -0700 (Fri, 25 Nov 2011)
New Revision: 2336

Added:
   trunk/perl/perl-5.14.2-security_fix-1.patch
Log:
Add security patch for Perl-5.14.2.

Added: trunk/perl/perl-5.14.2-security_fix-1.patch
===================================================================
--- trunk/perl/perl-5.14.2-security_fix-1.patch	                        (rev 0)
+++ trunk/perl/perl-5.14.2-security_fix-1.patch	2011-11-25 20:48:30 UTC (rev 2336)
@@ -0,0 +1,22 @@
+Submitted by: Matt Burgess <matthew at linuxfromscratch dot org>
+Date: 2011-11-25
+Inital Package Version: 5.14.2
+Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3597
+Upstream Status: From Upstream
+Description: Fixed an arbitrary code execution vulnerability in Perl's Digest
+             module
+
+diff -Naur perl-5.14.2.orig/cpan/Digest/Digest.pm perl-5.14.2/cpan/Digest/Digest.pm
+--- perl-5.14.2.orig/cpan/Digest/Digest.pm	2010-12-30 02:07:15.000000000 +0000
++++ perl-5.14.2/cpan/Digest/Digest.pm	2011-11-20 20:22:27.306414256 +0000
+@@ -35,7 +35,9 @@
+ 	($class, @args) = @$class if ref($class);
+ 	no strict 'refs';
+ 	unless (exists ${"$class\::"}{"VERSION"}) {
+-	    eval "require $class";
++	    my $pm_file = $class . ".pm";
++	    $pm_file =~ s{::}{/}g;
++	    eval { require $pm_file };
+ 	    if ($@) {
+ 		$err ||= $@;
+ 		next;




More information about the patches mailing list