This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: [ANNOUNCEMENT] Updated: perl-5.22.1-2
- From: Tony Cook <tony at develop-help dot com>
- To: cygwin at cygwin dot com
- Date: Thu, 10 Mar 2016 10:43:25 +1100
- Subject: Re: [ANNOUNCEMENT] Updated: perl-5.22.1-2
- Authentication-results: sourceware.org; auth=none
- References: <announce dot 8760wve0c0 dot fsf at Rainer dot invalid>
On Wed, Mar 09, 2016 at 11:46:39PM +0100, Achim Gratz wrote:
>
> A new release of Perl version 5.22.1 is available, which fixes two cases
> of losing taint. Immediate update is recommended if either the
> environment or the input to any Perl program can be controlled by an
> untrusted party.
Does this refer to the CVE-2015-8607 and CVE-2016-2381 fixes?
The second is a bit more complex than losing taint.
Tony
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple