packages

History

Jo-Philipp Wich f73e358558 perl: ensure File::Spec::canonpath() preserves taint [CVE-2015-8607] Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath() routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. This defect was found and reported by David Golden of MongoDB, and a patch was provided by Tony Cook. References: * https://rt.perl.org/Public/Bug/Display.html?id=126862 * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8607 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>		2016-01-14 12:17:56 +01:00
..
files	perl: Update to 5.22.1	2015-12-21 17:53:02 +01:00
patches	perl: ensure File::Spec::canonpath() preserves taint [CVE-2015-8607]	2016-01-14 12:17:56 +01:00
Config.in	perl: Enable threading support by default for all libc implementations	2015-06-18 23:58:45 +02:00
Makefile	perl: ensure File::Spec::canonpath() preserves taint [CVE-2015-8607]	2016-01-14 12:17:56 +01:00
perlbase.mk	perl: Invert perlbase-essential/perlbase-config circular dependency solution	2015-09-25 10:59:15 +02:00
perlmod.mk	perl: Properly override PERL_INC for subdirectory builds	2015-09-14 15:33:18 +02:00
README.patches	perl: Reorganize patches	2015-09-25 11:50:52 +02:00

README.patches

The patches in this package are loosely sorted into the following categories:

0xx - Bugfixes
1xx - Cross-compile fixes
3xx - Workarounds
7xx - Testsuite fixes

Feel free to add another one if your new patch doesn't seem to fit into an
existing category.