perldelta entry for File:Glob / CVE-2011-2728 fix.

author: Craig A. Berry <craigberry@mac.com> 2011-09-04 15:49:06 -0500
committer: Craig A. Berry <craigberry@mac.com> 2011-09-04 15:49:06 -0500
commit: 27ccfd4fae9d5e2aa941173d7ca0eff458abc5ca (patch)
tree: 46ce5ccaa1dedc7553f8873d2df9862e0961e866
parent: 1af4051e077438976a4c12a0622feaf6715bec77 (diff)
download: perl-27ccfd4fae9d5e2aa941173d7ca0eff458abc5ca.tar.gz
1 files changed, 13 insertions, 2 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 70c33b0ed2..f03659e9f6 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -19,7 +19,14 @@ No changes since 5.14.0.
 
 =head1 Security
 
-No changes since 5.14.0.
+=head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728).
+
+Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would 
+cause an access violation / segfault.  A Perl program that accepts a flags value from
+an external source could expose itself to denial of service or arbitrary code
+execution attacks.  There are no known exploits in the wild.  The problem has been
+corrected by explicitly disabling all unsupported flags and setting unused function
+pointers to null.  Bug reported by Clément Lecigne.
 
 =head1 Incompatible Changes
 
@@ -38,7 +45,11 @@ None
 
 =head2 Updated Modules and Pragmata
 
-None
+ =item *
+ 
+L<File::Glob> has been upgraded from version 1.12 to version 1.13.
+
+See L</Security>.
 
 =head2 Removed Modules and Pragmata
author	Craig A. Berry <craigberry@mac.com>	2011-09-04 15:49:06 -0500
committer	Craig A. Berry <craigberry@mac.com>	2011-09-04 15:49:06 -0500
commit	27ccfd4fae9d5e2aa941173d7ca0eff458abc5ca (patch)
tree	46ce5ccaa1dedc7553f8873d2df9862e0961e866
parent	1af4051e077438976a4c12a0622feaf6715bec77 (diff)
download	perl-27ccfd4fae9d5e2aa941173d7ca0eff458abc5ca.tar.gz