Commit Graph

5 Commits

Author SHA1 Message Date
Jitka Plesníková
3316443012 Add gating configuration 2026-06-17 14:31:40 +02:00
RHEL Packaging Agent
33172531b3 Fix CVE-2026-8450: send_file() RCE via 2-arg open() shell-magic
Backport upstream fix (commit 945d3514) for CVE-2026-8450 to
perl-HTTP-Daemon 6.01. The send_file() method in
HTTP::Daemon::ClientConn used the insecure 2-argument form of
open(), which allowed shell-magic interpretation of filenames
(pipe commands, redirections, etc.). The fix switches to
3-argument open() with an explicit '<' mode, replacing the
typeglob with a lexical filehandle. Additional hardening
includes proper binmode() failure handling and a '0E0'
true-zero return for empty successful transfers.

CVE: CVE-2026-8450
Upstream patches:
 - 945d35141d.patch
Resolves: RHEL-184825

This commit was backported by Ymir, a Red Hat Enterprise Linux software maintenance AI agent.

Assisted-by: Ymir
2026-06-17 09:02:09 +00:00
James Antill
0be0887420 Import rpm: c8s 2023-02-27 14:49:59 -05:00
James Antill
3e33d0fc1f Auto sync2gitlab import of perl-HTTP-Daemon-6.01-23.el8.src.rpm 2022-05-26 12:59:49 -04:00
James Antill
df91679758 Initial c8s branch. 2022-05-26 12:59:46 -04:00