CVE-2017-0374

Priority
Description
lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102
allows local users to gain privileges via a crafted model in the current
working directory, related to use of . with the INC array.
Notes
Package
Upstream:released (2.097-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.097-2)
Ubuntu 19.04 (Disco Dingo):not-affected (2.097-2)
Ubuntu 19.10 (Eoan):not-affected (2.097-2)
Patches:
Distro:https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573
More Information

Updated: 2019-10-09 06:28:04 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)