Package: perl Version: 5.10.1-12 Severity: important Tags: security X-Debbugs-Cc: [email protected]
Quoting http://security-tracker.debian.org/tracker/CVE-2010-1974 : Multiple unspecified vulnerabilities in the Safe (aka Safe.pm) module before 2.25 for Perl allow context-dependent attackers to inject and execute arbitrary code via vectors related to "automagic methods." NOTE: this might overlap CVE-2010-1169 or CVE-2010-1447. The best description I'm aware of is at http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html I expect lenny is affected just as much as sid/squeeze. Not sure if we need a DSA. Setting the severity to 'important' for now. Please note that there's potential for regression: Safe-2.27 breaks at least libpetal-perl, see #582805. Security team, I'd love some help with this. -- Niko Tyni [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
