Bug#718949: #718949 -- libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability
Jonas Smedegaard
jonas at jones.dk
Fri Mar 27 19:19:34 GMT 2020
Quoting Damyan Ivanov (2017-11-03 14:32:01)
> Control: tag -1 patch
>
> I have a (rather crude) patch that removes save/retrieval of
> state/node info to files. The test suite seems to pass.
>
> Not sure whether we shall seek to remove libdata-uuid-perl instead.
> There are libuuid-perl and libossp-uuid-perl which seem like suitable
> replacement.
>
> DAK check shows three affected packages:
>
> # Broken Depends:
> libcatmandu-perl: libcatmandu-perl
Unversioned, so satisfied by libossp-uuid-perl
> libkiokudb-perl: libkiokudb-perl
> zoneminder: zoneminder [amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386 mips mips64el mipsel powerpc ppc64el s390x]
Unversioned, so satisfied by libossp-uuid-perl
So it seems to me it is only really libkiokudb-perl we need to worry
about.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20200327/ad6e7a64/attachment.sig>
More information about the pkg-perl-maintainers
mailing list