Term-ReadLine-Gnu 1.23
Security Advisories
CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
- https://bugzilla.redhat.com/show_bug.cgi?id=1077023
- http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html
- http://seclists.org/oss-sec/2014/q1/579
- http://seclists.org/oss-sec/2014/q1/587
- https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:154
- http://advisories.mageia.org/MGASA-2014-0319.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:132
Fixed version: >=1.27
Reported: 2014-08-20
Kwalitee Issues
This is not the latest release. The following issues may have already been fixed in the newer releases.
No Core Issues.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.