Overview

File _patchinfo of Package patchinfo.2712

<patchinfo incident="2712">
  <issue id="932894" tracker="bnc">Request for perl updates</issue>
  <issue id="928292" tracker="bnc">Perl has an UTF-8 related memory leak causing massive trouble for long-running tasks</issue>
  <issue id="988311" tracker="bnc">VUL-0: perl: CVE-2016-6185 perl: XSLoader loads relative paths not included in @INC</issue>
  <issue id="987887" tracker="bnc">VUL-0: CVE-2016-1238: perl: loading modules from current directory</issue>
  <issue id="967082" tracker="bnc">VUL-0: CVE-2016-2381: perl: environment handling bug</issue>
  <issue id="984906" tracker="bnc">perl: taint-mode error: "Insecure dependency in require"</issue>
  <issue id="2015-8853" tracker="cve" />
  <issue id="2016-1238" tracker="cve" />
  <issue id="2016-2381" tracker="cve" />
  <issue id="2016-6185" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>mlschroe</packager>
  <description>
This update for Perl fixes the following issues:

- CVE-2016-6185: Xsloader looking at a "(eval)" directory. (bsc#988311)
- CVE-2016-1238: Searching current directory for optional modules. (bsc#987887)
- CVE-2015-8853: Regular expression engine hanging on bad utf8. (bsc)
- CVE-2016-2381: Environment dup handling bug. (bsc#967082)
- "Insecure dependency in require" error in taint mode. (bsc#984906)
- Memory leak in 'use utf8' handling. (bsc#928292)
- Missing lock prototype to the debugger. (bsc#932894)
</description>
  <summary>Security update for perl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places