[3.2] perl-PathTools: Taint propagation flaw in canonpath() (CVE-2015-8607)
It was reported that File::Spec::canonpath() routine returns untainted
strings even if passed tainted input.
This defect undermines the guarantee of taint propagation, which is
sometimes used to ensure that unvalidated
user input does not reach sensitive code. This issue affects versions of
PathTools from 3.47 onwards and/or perl 5.20.0.
References:
https://rt.perl.org/Public/Bug/Display.html?id=126862
http://cpansearch.perl.org/src/RJBS/PathTools-3.62/Changes
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8607
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8607
(from redmine: issue id 5330, created on 2016-03-25, closed on 2016-04-12)
- Relations:
- parent #5327 (closed)
- Changesets:
- Revision 492e7238 on 2016-04-11T09:12:40Z:
main/perl-pathtools: security upgrade to 3.62 (CVE-2015-8607). Fixes #5330