Re: Potentially insecure Perl scripts
- Date: Thu, 24 Jan 2019 14:49:29 -0500
- From: Mark Fowler <mark@xxxxxxxxxxxxxxxxxx>
- Subject: Re: Potentially insecure Perl scripts
On Thu, Jan 24, 2019 at 10:18 AM Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx> wrote:
To the Debian Perl maintainers: if I make a patch to make
-p -n <>
use the 3-argument form of open (or equivalent), will you apply it ?
To the Debian security team: would you ship it in a security update ?
Wouldn't a less drastic approach be to change the vulnerable scripts to use <<>> instead of <>?