rpms / rh-perl524-perl-Test-Harness

Clone
Source Code
GIT

Blame SOURCES/Test-Harness-3.36-CVE-2016-1238-avoid-loading-optional-modules-from.patch

c7
  1.   60fa2a377010c68dadcc701bb3338f58e16f35b1
  2.   SOURCES
  3.   Test-Harness-3.36-CVE-2016-1238-avoid-loading-optional-modules-from.patch
Blob History Raw
60fa2a 
From 59697efbfe58a2a9c2cc2aba11eca2acb64b27a8 Mon Sep 17 00:00:00 2001
60fa2a 
From: Tony Cook <tony@develop-help.com>
60fa2a 
Date: Thu, 28 Jul 2016 14:18:12 +1000
60fa2a 
Subject: [PATCH] CVE-2016-1238: avoid loading optional modules from default .
60fa2a
60fa2a 
App::Prove (and hence prove) attempts to load plugins under both
60fa2a 
the App::Prove::Plugin namespace and under the base namespace.
60fa2a
60fa2a 
If a plugin is only available under the base namespace, and a user runs
60fa2a 
prove from a world-writable directory such as /tmp, an attacker can
60fa2a 
App/Prove/Plugin/PluginName.pm to run code as the user running prove.
60fa2a 
---
60fa2a 
 bin/prove | 1 +
60fa2a 
 1 file changed, 1 insertion(+)
60fa2a
60fa2a 
diff --git a/bin/prove b/bin/prove
60fa2a 
index 6637cc4..d71b238 100755
60fa2a 
--- a/bin/prove
60fa2a 
+++ b/bin/prove
60fa2a 
@@ -1,5 +1,6 @@
60fa2a 
 #!/usr/bin/perl -w
60fa2a
60fa2a 
+BEGIN { pop @INC if $INC[-1] eq '.' }
60fa2a 
 use strict;
60fa2a 
 use warnings;
60fa2a 
 use App::Prove;
60fa2a 
--
60fa2a 
2.1.4
60fa2a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation