CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2016/03/03 09:15:17
Modified files:
gnu/usr.bin/perl: Tag: OPENBSD_5_8 perl.c
gnu/usr.bin/perl/vms: Tag: OPENBSD_5_8 vms.c
Log message:
Fix for perl CVE-2016-2381
Prior to this patch, when an environment variable "X" appears multiple times in
envp, perl could return different values for $ENV{"X"} than that provided by
getenv("X"). Further, subprocessses could inherit surprising environment
variables because of this.
from Ricardo Signes <rjbs cpan.org>
This problem was originally reported by Stephane Chazelas.
http://perl5.git.perl.org/perl.git/commit/7098efff946437a2db6013d12c4fc3193fc328ce
http://perl5.git.perl.org/perl.git/commit/2c2d7ae2ec598bff43f056060e4a83656066a4c4
