Bug#718949: #718949 -- libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability
Florian Schlichting
fsfs at debian.org
Fri Mar 27 19:01:00 GMT 2020
While packaging a new upstream version, I was inclined to raise the
severity of this bug to RC to start the removal of libdata-uuid-perl.
However, it is still a reverse dependency of many dists on cpan, and the
suggested replacements have a different API. So I didn't.
I didn't forward the patch either: looking at the NOTE paragraph in
README, not writing state information to files "will maximize the
chances of generating duplicate UUIDs".
Umpf.
More information about the pkg-perl-maintainers
mailing list