Dan Kogai
2021-08-09 14:35:49 UTC
Porters,
Encode 3.12 is released to address the issue below which is a SECURITY FIX. UPDATE NOW.
* git clone git://github.com/dankogai/p5-encode.git
* https://www.dan.co.jp/~dankogai/cpan/Encode-3.12.tar.gz
* CPAN near you.
Travis is all green.
* https://travis-ci.org/dankogai/p5-encode
=head1 CPAN index
User: DANKOGAI ()
Distribution file: Encode-3.12.tar.gz
Number of files: 225
*.pm files: 26
README: Encode-3.12/README
META-File: Encode-3.12/META.json
META-Parser: Parse::CPAN::Meta 1.4414
META-driven index: no
Timestamp of file: Mon Aug 9 14:30:33 2021 UTC
Time of this run: Mon Aug 9 14:33:28 2021 UTC
=head1 Changes
$Revision: 3.12 $ $Date: 2021/08/09 14:17:04 $
! Encode.pm
Address CVE-2021-36770
<9639159a-d070-4762-9cbd-***@beta.fastmail.com>
=head1 AUTHOR
Dan the Encode Maintainer
Encode 3.12 is released to address the issue below which is a SECURITY FIX. UPDATE NOW.
Porters,
dinah:~/tmp$ perl -MEncode -e0
4
dinah:~/tmp$ mkdir -p 4/Encode
dinah:~/tmp$ echo 'print "Something evil here!!\n"' > 4/Encode/ConfigLocal.pm
dinah:~/tmp$ perl -MEncode -e0
Something evil here!!
A new release of Encode should be available from the CPAN today, and will be swiftly integrated into perl5.git. I expect this fix will shortly be available from major distributors of perl. In the meantime, I have applied a patch to the repository.
This bug was reported to perlsec on June 26 by Dom Hargreaves on behalf of Debian, passing on a report from Paul Wise.
--
rjbs
<0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch>
head1 Availabilitydinah:~/tmp$ perl -MEncode -e0
4
dinah:~/tmp$ mkdir -p 4/Encode
dinah:~/tmp$ echo 'print "Something evil here!!\n"' > 4/Encode/ConfigLocal.pm
dinah:~/tmp$ perl -MEncode -e0
Something evil here!!
A new release of Encode should be available from the CPAN today, and will be swiftly integrated into perl5.git. I expect this fix will shortly be available from major distributors of perl. In the meantime, I have applied a patch to the repository.
This bug was reported to perlsec on June 26 by Dom Hargreaves on behalf of Debian, passing on a report from Paul Wise.
--
rjbs
<0001-mitigate-INC-pollution-when-loading-ConfigLocal.patch>
* git clone git://github.com/dankogai/p5-encode.git
* https://www.dan.co.jp/~dankogai/cpan/Encode-3.12.tar.gz
* CPAN near you.
Travis is all green.
* https://travis-ci.org/dankogai/p5-encode
=head1 CPAN index
User: DANKOGAI ()
Distribution file: Encode-3.12.tar.gz
Number of files: 225
*.pm files: 26
README: Encode-3.12/README
META-File: Encode-3.12/META.json
META-Parser: Parse::CPAN::Meta 1.4414
META-driven index: no
Timestamp of file: Mon Aug 9 14:30:33 2021 UTC
Time of this run: Mon Aug 9 14:33:28 2021 UTC
=head1 Changes
$Revision: 3.12 $ $Date: 2021/08/09 14:17:04 $
! Encode.pm
Address CVE-2021-36770
<9639159a-d070-4762-9cbd-***@beta.fastmail.com>
=head1 AUTHOR
Dan the Encode Maintainer