From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 0/1] Perl: Fix CVE-2016-2381 Date: Wed, 2 Mar 2016 14:48:06 -0500 Message-ID: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49509) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1abCkl-0006Lf-Dc for guix-devel@gnu.org; Wed, 02 Mar 2016 14:48:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1abCki-0005SC-3k for guix-devel@gnu.org; Wed, 02 Mar 2016 14:48:11 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:39116) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1abCkh-0005S5-U9 for guix-devel@gnu.org; Wed, 02 Mar 2016 14:48:08 -0500 Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231]) by mail.messagingengine.com (Postfix) with ESMTPA id E9C436801D1 for ; Wed, 2 Mar 2016 14:48:06 -0500 (EST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org This grafts perl to fix CVE-2016-2381 [0], in which environment variables declared more than once are handled ambiguously. [0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2381 http://www.nntp.perl.org/group/perl.perl5.porters/2016/03/msg234747.html https://security-tracker.debian.org/tracker/CVE-2016-2381 Leo Famulari (1): gnu: perl: Replace with patched version [fixes CVE-2016-2381]. gnu-system.am | 1 + gnu/packages/commencement.scm | 1 + gnu/packages/patches/perl-CVE-2016-2381.patch | 116 ++++++++++++++++++++++++++ gnu/packages/perl.scm | 23 +++++ 4 files changed, 141 insertions(+) create mode 100644 gnu/packages/patches/perl-CVE-2016-2381.patch -- 2.7.1