https://bugzilla.redhat.com/show_bug.cgi?id=1209918
Bug ID: 1209918 Summary: perl-Module-Signature: arbitrary modules loading in some circumstances Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: vkaig...@redhat.com CC: p...@city-fan.org, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, pertu...@free.fr Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious module so that they would load from the '.' path in @INC. Upstream fix: https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef CVE request: http://seclists.org/oss-sec/2015/q2/59 -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel