Opened 3 months ago

Closed 3 months ago

Last modified 3 months ago

#5735 closed enhancement (fixed)

perl CVE-2025-40909

Reported by: Joe Locash Owned by: lfs-book
Priority: high Milestone: 12.4
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

Upstream ticket: https://github.com/Perl/perl5/issues/23010

It's fixed in 5.41.14.

Commit that fixes it in 5.40.2: https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9

See also: https://www.nntp.perl.org/group/perl.perl5.changes/2025/05/msg64501.html

Built with the commit applied and all tests pass.

Change History (5)

comment:1 by Bruce Dubbs, 3 months ago

Note that the patch referenced here shows problems when applied as a regular user. This is because the source files have permissions -r--r--r--. This is not a problem in LFS Chapter 8 since we apply the patch as the root user.

comment:2 by Xi Ruoyao, 3 months ago

We can chown u+w the patched file(s) to avoid issues when people build this in a completed system as normal user anyway.

in reply to:  2 comment:3 by Xi Ruoyao, 3 months ago

Replying to Xi Ruoyao:

We can chown u+w the patched file(s) to avoid issues when people build this in a completed system as normal user anyway.

Not necessary. The patch still applies though patch throws some warnings regarding this issue.

comment:4 by Bruce Dubbs, 3 months ago

Resolution: fixed
Status: newclosed

Fixed in trunk from the gcc15 branch.

comment:5 by Douglas R. Reno, 3 months ago

SA-12.3-042 issued

Note: See TracTickets for help on using tickets.