diff options
author | Craig A. Berry <craigberry@mac.com> | 2011-09-04 15:49:06 -0500 |
---|---|---|
committer | Craig A. Berry <craigberry@mac.com> | 2011-09-04 15:49:06 -0500 |
commit | 27ccfd4fae9d5e2aa941173d7ca0eff458abc5ca (patch) | |
tree | 46ce5ccaa1dedc7553f8873d2df9862e0961e866 | |
parent | 1af4051e077438976a4c12a0622feaf6715bec77 (diff) | |
download | perl-27ccfd4fae9d5e2aa941173d7ca0eff458abc5ca.tar.gz |
perldelta entry for File:Glob / CVE-2011-2728 fix.
-rw-r--r-- | pod/perldelta.pod | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 70c33b0ed2..f03659e9f6 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -19,7 +19,14 @@ No changes since 5.14.0. =head1 Security -No changes since 5.14.0. +=head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728). + +Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would +cause an access violation / segfault. A Perl program that accepts a flags value from +an external source could expose itself to denial of service or arbitrary code +execution attacks. There are no known exploits in the wild. The problem has been +corrected by explicitly disabling all unsupported flags and setting unused function +pointers to null. Bug reported by Clément Lecigne. =head1 Incompatible Changes @@ -38,7 +45,11 @@ None =head2 Updated Modules and Pragmata -None + =item * + +L<File::Glob> has been upgraded from version 1.12 to version 1.13. + +See L</Security>. =head2 Removed Modules and Pragmata |