CVE-2015-8607

Priority
Description
The canonpath function in the File::Spec module in PathTools before 3.62,
as used in Perl, does not properly preserve the taint attribute of data,
which might allow context-dependent attackers to bypass the taint
protection mechanism via a crafted string.
Assigned-to
mdeslaur
Notes
mdeslaurintroduced in perl 5.20.0
introduced in libfile-spec-perl 3.47
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [3.4000-1ubuntu2])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: perl (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (5.18.2-2ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (5.22.1-4)
Patches:
Upstream:http://perl5.git.perl.org/perl.git/commit/0b6f93036de171c12ba95d415e264d9cf7f4e1fd
More Information

Updated: 2019-12-05 18:43:21 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)