[libconfig-model-perl] 01/04: add patch to remove 'use lib' (CVE-2017-0373)
dod at debian.org
dod at debian.org
Sun May 14 17:20:36 UTC 2017
This is an automated email from the git hooks/post-receive script.
dod pushed a commit to branch stretch
in repository libconfig-model-perl.
commit e7e5dd1a650939a0e021d1d5b311dbb3c4884773
Author: Dominique Dumont <dod at debian.org>
Date: Wed May 10 11:54:12 2017 +0200
add patch to remove 'use lib' (CVE-2017-0373)
---
debian/patches/remove-use-lib | 16 ++++++++++++++++
debian/patches/series | 1 +
2 files changed, 17 insertions(+)
diff --git a/debian/patches/remove-use-lib b/debian/patches/remove-use-lib
new file mode 100644
index 0000000..143a4e9
--- /dev/null
+++ b/debian/patches/remove-use-lib
@@ -0,0 +1,16 @@
+Description: Remove use lib from GenClassPod.pm
+ genclasspod: remove use lib, not needed and causes a security hole when using cme on untrusted Debian package files
+Bug: https://security-tracker.debian.org/tracker/CVE-2017-0373
+Author: Dominique Dumont <dod at debian.org>
+Origin: upstream
+Applied-Upstream: v 2.102
+--- a/lib/Config/Model/Utils/GenClassPod.pm
++++ b/lib/Config/Model/Utils/GenClassPod.pm
+@@ -17,7 +17,6 @@
+ use parent qw(Exporter);
+ our @EXPORT = qw(gen_class_pod);
+
+-use lib qw/lib/;
+ use Path::Tiny ;
+ use Config::Model ; # to generate doc
+
diff --git a/debian/patches/series b/debian/patches/series
index e45baf8..bbfef60 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
#fix-cryptic-message
fix-debci
+remove-use-lib
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libconfig-model-perl.git
More information about the Pkg-perl-cvs-commits
mailing list