Commit 10ed0afe authored by Dominic Hargreaves's avatar Dominic Hargreaves

Clarify that CVE-2016-1238 is made more severe by implicit chdir

parent fa2104ad
......@@ -3,7 +3,8 @@ perl (5.20.2-3+deb8u6test4) UNRELEASED; urgency=medium
[ Niko Tyni ]
* [SECURITY] CVE-2016-1238: opportunistic loading of optional
modules can make many programs unintentionally load code
from the current working directory.
from the current working directory (which might be changed to
another directory without the user realising).
+ allow user configurable removal of "." from @INC in
/etc/perl/ for a transitional period. (See: #588017)
+ backport patches from [perl #127834] to fix known vulnerabilities
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment