[3.1] perl-PathTools: Taint propagation flaw in canonpath() (CVE-2015-8607)
It was reported that File::Spec::canonpath() routine returns untainted
strings even if passed tainted input.
This defect undermines the guarantee of taint propagation, which is
sometimes used to ensure that unvalidated
user input does not reach sensitive code. This issue affects versions of
PathTools from 3.47 onwards and/or perl 5.20.0.
References:
https://rt.perl.org/Public/Bug/Display.html?id=126862
http://cpansearch.perl.org/src/RJBS/PathTools-3.62/Changes
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8607
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8607
(from redmine: issue id 5331, created on 2016-03-25, closed on 2016-04-12)
- Relations:
- parent #5327 (closed)
- Changesets:
- Revision a5ff3026 on 2016-04-11T09:17:16Z:
main/perl-pathtools: security upgrade to 3.62 (CVE-2015-8607). Fixes #5331