On Tue, Mar 06, 2012 at 10:46:01AM -0500, Ricardo Signes wrote:
> So: if you (whether you are a committer or not!) know of some> significant bug that exists in a maintenance branch, and that could be> fixed by the application of fixes from a later branch, I implore you to> make noise.
Digest-1.16 in 5.14.2 and 5.12.4 has an exploitable eval in its new() method,
labelled as CVE-2011-3597, fixed in Digest by
https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
and in blead by commit a2fa999d41c94d622051667d897fedca90be1828 .
See https://rt.cpan.org/Public/Bug/Display.html?id=71390
use Digest; my $input = q{MD;5;print qq[I own you\n]}; Digest->new($input);
--
Niko Tyni nty...@debian.org