Web lists-archives.com

Potentially insecure Perl scripts




Hi,

I've just reported

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920269

against gropdf (also reported upstream to bug-groff), about the use of
the insecure null filehandle "<>" in Perl, which can lead to arbitrary
command execution, e.g. when using wildcards.

I've noticed that some other Perl scripts also use this filehandle and
might be affected by the same issue.

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)