Bug#718949: #718949 -- libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability
Damyan Ivanov
dmn at debian.org
Fri Nov 3 13:32:01 UTC 2017
Control: tag -1 patch
I have a (rather crude) patch that removes save/retrieval of
state/node info to files. The test suite seems to pass.
Not sure whether we shall seek to remove libdata-uuid-perl instead.
There are libuuid-perl and libossp-uuid-perl which seem like suitable
replacement.
DAK check shows three affected packages:
# Broken Depends:
libcatmandu-perl: libcatmandu-perl
libkiokudb-perl: libkiokudb-perl
zoneminder: zoneminder [amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x]
# Broken Build-Depends:
libcatmandu-perl: libdata-uuid-perl
libkiokudb-perl: libdata-uuid-perl
Cheers,
dam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cve-2013-4184.patch
Type: text/x-diff
Size: 1880 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20171103/eb9d4f43/attachment.patch>
More information about the pkg-perl-maintainers
mailing list