On Thu, Jan 24, 2019 at 10:18 AM Ian Jackson < ijack...@chiark.greenend.org.uk> wrote:
> To the Debian Perl maintainers: if I make a patch to make > -p -n <> > use the 3-argument form of open (or equivalent), will you apply it ? > > To the Debian security team: would you ship it in a security update ? > Wouldn't a less drastic approach be to change the vulnerable scripts to use <<>> instead of <>? Mark.
