packages

4711 commits 8 branches 0 tags 65 MiB

Author	SHA1	Message	Date
Jo-Philipp Wich	f73e358558	perl: ensure File::Spec::canonpath() preserves taint [CVE-2015-8607] Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath() routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. This defect was found and reported by David Golden of MongoDB, and a patch was provided by Tony Cook. References: * https://rt.perl.org/Public/Bug/Display.html?id=126862 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8607 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>	2016-01-14 12:17:56 +01:00
Marcel Denia	3aaaede7b2	perl: Reorganize patches The old scheme didn't make any sense...not that there was a scheme really. Signed-off-by: Marcel Denia <naoir@gmx.net>	2015-09-25 11:50:52 +02:00

Author

SHA1

Message

Date

Jo-Philipp Wich

f73e358558

perl: ensure File::Spec::canonpath() preserves taint [CVE-2015-8607]

Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath()
routine returned untained strings even if passed tainted input. This defect
undermines the guarantee of taint propagation, which is sometimes used to
ensure that unvalidated user input does not reach sensitive code.

This defect was found and reported by David Golden of MongoDB, and a patch
was provided by Tony Cook.

References:

 * https://rt.perl.org/Public/Bug/Display.html?id=126862
 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8607

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

2016-01-14 12:17:56 +01:00

Marcel Denia

3aaaede7b2

perl: Reorganize patches

The old scheme didn't make any sense...not that there was a scheme really.

Signed-off-by: Marcel Denia <naoir@gmx.net>

2015-09-25 11:50:52 +02:00

Renamed from lang/perl/patches/700-threads_join-skip_ps_on_busybox.patch (Browse further)

2 commits