diff options
Diffstat (limited to 'upstream/debian-unstable/man1/perl5362delta.1')
| -rw-r--r-- | upstream/debian-unstable/man1/perl5362delta.1 | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/upstream/debian-unstable/man1/perl5362delta.1 b/upstream/debian-unstable/man1/perl5362delta.1 new file mode 100644 index 00000000..975695eb --- /dev/null +++ b/upstream/debian-unstable/man1/perl5362delta.1 @@ -0,0 +1,160 @@ +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. +.ie n \{\ +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" ======================================================================== +.\" +.IX Title "PERL5362DELTA 1" +.TH PERL5362DELTA 1 2024-01-12 "perl v5.38.2" "Perl Programmers Reference Guide" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH NAME +perl5362delta \- what is new for perl v5.36.2 +.SH DESCRIPTION +.IX Header "DESCRIPTION" +This document describes differences between the 5.36.1 release and the 5.36.2 +release. +.PP +If you are upgrading from an earlier release such as 5.36.0, first read +perl5361delta, which describes differences between 5.36.0 and 5.36.1. +.SH Security +.IX Header "Security" +This release fixes the following security issues. +.SS "CVE\-2023\-47038 \- Write past buffer end via illegal user-defined Unicode property" +.IX Subsection "CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property" +This vulnerability was reported directly to the Perl security team by +Nathan Mills \f(CW\*(C`the.true.nathan.mills@gmail.com\*(C'\fR. +.PP +A crafted regular expression when compiled by perl 5.30.0 through +5.38.0 can cause a one-byte attacker controlled buffer overflow in a +heap allocated buffer. +.SS "CVE\-2023\-47039 \- Perl for Windows binary hijacking vulnerability" +.IX Subsection "CVE-2023-47039 - Perl for Windows binary hijacking vulnerability" +This vulnerability was reported to the Intel Product Security Incident +Response Team (PSIRT) by GitHub user ycdxsb +<https://github.com/ycdxsb/WindowsPrivilegeEscalation>. PSIRT then +reported it to the Perl security team. +.PP +Perl for Windows relies on the system path environment variable to +find the shell (\f(CW\*(C`cmd.exe\*(C'\fR). When running an executable which uses +Windows Perl interpreter, Perl attempts to find and execute \f(CW\*(C`cmd.exe\*(C'\fR +within the operating system. However, due to path search order issues, +Perl initially looks for cmd.exe in the current working directory. +.PP +An attacker with limited privileges can exploit this behavior by +placing \f(CW\*(C`cmd.exe\*(C'\fR in locations with weak permissions, such as +\&\f(CW\*(C`C:\eProgramData\*(C'\fR. By doing so, when an administrator attempts to use +this executable from these compromised locations, arbitrary code can +be executed. +.SH Acknowledgements +.IX Header "Acknowledgements" +Perl 5.36.2 represents approximately 7 months of development since Perl +5.36.1 and contains approximately 2,300 lines of changes across 38 files +from 4 authors. +.PP +Excluding auto-generated files, documentation and release tools, there were +approximately 1,400 lines of changes to 8 .pm, .t, .c and .h files. +.PP +Perl continues to flourish into its fourth decade thanks to a vibrant +community of users and developers. The following people are known to have +contributed the improvements that became Perl 5.36.2: +.PP +Karl Williamson, Paul Evans, Steve Hay, Tony Cook. +.PP +The list above is almost certainly incomplete as it is automatically +generated from version control history. In particular, it does not include +the names of the (very much appreciated) contributors who reported issues to +the Perl bug tracker. +.PP +Many of the changes included in this version originated in the CPAN modules +included in Perl's core. We're grateful to the entire CPAN community for +helping Perl to flourish. +.PP +For a more complete list of all of Perl's historical contributors, please +see the \fIAUTHORS\fR file in the Perl source distribution. +.SH "Reporting Bugs" +.IX Header "Reporting Bugs" +If you find what you think is a bug, you might check the perl bug database +at <https://github.com/Perl/perl5/issues>. There may also be information at +<http://www.perl.org/>, the Perl Home Page. +.PP +If you believe you have an unreported bug, please open an issue at +<https://github.com/Perl/perl5/issues>. Be sure to trim your bug down to a +tiny but sufficient test case. +.PP +If the bug you are reporting has security implications which make it +inappropriate to send to a public issue tracker, then see +"SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec +for details of how to report the issue. +.SH "Give Thanks" +.IX Header "Give Thanks" +If you wish to thank the Perl 5 Porters for the work we had done in Perl 5, +you can do so by running the \f(CW\*(C`perlthanks\*(C'\fR program: +.PP +.Vb 1 +\& perlthanks +.Ve +.PP +This will send an email to the Perl 5 Porters list with your show of thanks. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +The \fIChanges\fR file for an explanation of how to view exhaustive details on +what changed. +.PP +The \fIINSTALL\fR file for how to build Perl. +.PP +The \fIREADME\fR file for general stuff. +.PP +The \fIArtistic\fR and \fICopying\fR files for copyright information. |