Debian alert DLA-4209-1 (libfile-find-rule-perl)

From:
             
 
Salvatore Bonaccorso <carnil@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 4209-1] libfile-find-rule-perl security update
Date:
             
 
Thu, 05 Jun 2025 15:25:32 +0000
Message-ID:
             
 
<E1uNCTE-00FF4s-HX@seger.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4209-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                 Salvatore Bonaccorso
June 05, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libfile-find-rule-perl
Version        : 0.34-1+deb11u1
CVE ID         : CVE-2011-10007
Debian Bug     : 1107311

It was discovered that libfile-find-rule-perl, a module to search for
files based on rules, is vulnerable to arbitrary code execution when
grep() encounters a crafted file name.

For Debian 11 bullseye, this problem has been fixed in version
0.34-1+deb11u1.

We recommend that you upgrade your libfile-find-rule-perl packages.

For the detailed security status of libfile-find-rule-perl please refer
to its security tracker page at:
https://security-tracker.debian.org/tracker/libfile-find-rule-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmhBs5pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QesA//V7Oj3H0sOEParCM4gjimHE2HVvQoaWRtGxG36sRwSh8caLG/MFdyKOrO
/aKLtcPJo5gTNSKv+64hCgsKbnXPItDLE1ZcHScPyOTIpSk5dm2tU2PexZKoY58G
Phxfpj3DeiCt7/UXxddgLeFDSS24AuSZb/73ruBuU1x1EgGE55hV2QIN/dTzkWMK
ocHnn2PgMlH7IoeuACc8uGqXdOheNaWnH3HthMOUvm7ZJP8iqDwqRI+nGiZl1a54
3ihkARGEFLEJRDlanSU5oS8JY1UbMG8vUM6NWCF1fk48kjBHUkIEoZBX0SPe5krv
/ZD+glNCPTDTt6TyVyRTNdkkozl5d8ibjCLdnEM0GpcXzi//4slXhl45kNGPlBrj
6NvT9+tdkqRbqYNkoOcEsBChsas0AW7bOab+v0kZof7BRHk6ye0lyIp4WbduP7op
i+Zh/7RUJ8DauYwn0yh9x59Rt/wMIse6hDv6dYHRW6wKH2lIETBV939HcgM9EYvW
V+M2WIYmIC2TpuoAy2nFjGuP3s4hkEPSKXP16iiX64XGO7mfe8WrzSr1amSNXnPx
pdJShdFYtZ8+77ppQXuDsSm1ZjDbYe7e6cSwHtNvFUq2+VI89NTisADjM7I/zpha
d5EfioNXiZGoxaah4Mesz7PfE3e5uurR53C+4r1oUlFZL8qPBr8=
=Ij7Q
-----END PGP SIGNATURE-----