Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Changes for next release

  • Loading branch information...
commit 51b005ecdbc859df3829c63f69f3ebfcd627abc2 1 parent df0ae14
Dave Rolsky authored

Showing 1 changed file with 13 additions and 0 deletions. Show diff stats Hide diff stats

  1. +13 0 Changes
13 Changes
... ... @@ -1,5 +1,18 @@
1 1 {{$NEXT}}
2 2
  3 +- The XS code had a code path where it could pass the contents of a Perl
  4 + variable as the first argument to the XS croak() subroutine. This subroutine
  5 + is like printf(), and should receive a format string as its first
  6 + argument. According to RT #74777, this can lead to segfaults on some systems.
  7 +
  8 + This could in theory be a security bug, but it's very unlikely that
  9 + untrusted user input could end up being passed to this croak(). It is called
  10 + when a spec specifies a "depend" value on another parameter. The value of
  11 + the "depend" parameter was passed in the first argument to croak().
  12 +
  13 + Reported by Andreas Voegele.
  14 +
  15 +
3 16 1.04 2012-02-08
4 17
5 18 - Use the latest Module::XSOrPP dzil plugin to generate a saner Build.PL. No

0 comments on commit 51b005e

Please sign in to comment.
Something went wrong with that request. Please try again.