#5735 closed enhancement (fixed)
perl CVE-2025-40909
Reported by: | Joe Locash | Owned by: | lfs-book |
---|---|---|---|
Priority: | high | Milestone: | 12.4 |
Component: | Book | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
Upstream ticket: https://github.com/Perl/perl5/issues/23010
It's fixed in 5.41.14.
Commit that fixes it in 5.40.2: https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9
See also: https://www.nntp.perl.org/group/perl.perl5.changes/2025/05/msg64501.html
Built with the commit applied and all tests pass.
Change History (5)
comment:1 by , 3 months ago
follow-up: 3 comment:2 by , 3 months ago
We can chown u+w the patched file(s) to avoid issues when people build this in a completed system as normal user anyway.
comment:3 by , 3 months ago
Replying to Xi Ruoyao:
We can chown u+w the patched file(s) to avoid issues when people build this in a completed system as normal user anyway.
Not necessary. The patch still applies though patch throws some warnings regarding this issue.
comment:4 by , 3 months ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed in trunk from the gcc15 branch.
Note that the patch referenced here shows problems when applied as a regular user. This is because the source files have permissions -r--r--r--. This is not a problem in LFS Chapter 8 since we apply the patch as the root user.