security notice: Storable

From: Ricardo Signes <perl...@rjbs.manxome.org>

Wed, 5 Dec 2012 10:48:11 -0500

A number of times over the years, there's been discussion about Storable as a
vector for attack.  If a user can feed you Storable data that you didn't
expect, he has a good chance of doing nasty things to your program.  This has
been discussed on p5p and at YAPCs, but sadly never made it into the
documentation.

This has been fixed with
http://perl5.git.perl.org/perl.git/commit/664f237a84176c09b20b62dbfe64dd736a7ce05e

A release to CPAN containing this warning will also be made soon.

Thanks to Brian Carlson of cPanel who brought this to our attention.

-- 
rjbs

Recent Messages in this Thread
security notice: Storable	Ricardo Signes	Dec 05, 2012 03:48 pm

Previous post: Re: g++, Configure and Fedora 17

Next post: security notice: Locale::Maketext

Subscribe to the perl5-porters RSS feed

Accounts

List Archives

Feedback & Information

ActiveState

© 2019 ActiveState Software Inc. All rights reserved. ActiveState®, Komodo®, ActiveState Perl Dev Kit®, ActiveState Tcl Dev Kit®, ActivePerl®, ActivePython®, and ActiveTcl® are registered trademarks of ActiveState. All other marks are property of their respective owners.