Vulnerabilities > CVE-2012-2451 - Unspecified vulnerability in Shlomi Fish Config-Inifiles
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN shlomi-fish
nessus
Summary
The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-7802.NASL description Update to 2.72, fixes CVE-2012-2451. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-05-22 plugin id 59219 published 2012-05-22 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59219 title Fedora 15 : perl-Config-IniFiles-2.72-1.fc15 (2012-7802) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-7802. # include("compat.inc"); if (description) { script_id(59219); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-2451"); script_bugtraq_id(53361); script_xref(name:"FEDORA", value:"2012-7802"); script_name(english:"Fedora 15 : perl-Config-IniFiles-2.72-1.fc15 (2012-7802)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 2.72, fixes CVE-2012-2451. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=818430" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=818431" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ab143743" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-Config-IniFiles package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Config-IniFiles"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC15", reference:"perl-Config-IniFiles-2.72-1.fc15")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-Config-IniFiles"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201208-05.NASL description The remote host is affected by the vulnerability described in GLSA-201208-05 (Perl Config-IniFiles Module: Insecure temporary file usage) The Perl Config-IniFiles module uses predicatable temporary file names. Impact : A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 61544 published 2012-08-15 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61544 title GLSA-201208-05 : Perl Config-IniFiles Module: Insecure temporary file usage code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201208-05. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(61544); script_version("1.7"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2012-2451"); script_bugtraq_id(53361); script_xref(name:"GLSA", value:"201208-05"); script_name(english:"GLSA-201208-05 : Perl Config-IniFiles Module: Insecure temporary file usage"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201208-05 (Perl Config-IniFiles Module: Insecure temporary file usage) The Perl Config-IniFiles module uses predicatable temporary file names. Impact : A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201208-05" ); script_set_attribute( attribute:"solution", value: "All users of the Perl Config-IniFiles module should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-perl/Config-IniFiles-2.710.0'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:Config-IniFiles"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-perl/Config-IniFiles", unaffected:make_list("ge 2.710.0"), vulnerable:make_list("lt 2.710.0"))) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get()); else security_note(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl Config-IniFiles Module"); }NASL family Fedora Local Security Checks NASL id FEDORA_2012-7777.NASL description Update to 2.72, fixes CVE-2012-2451. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-05-22 plugin id 59218 published 2012-05-22 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59218 title Fedora 16 : perl-Config-IniFiles-2.72-1.fc16 (2012-7777) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-7777. # include("compat.inc"); if (description) { script_id(59218); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-2451"); script_bugtraq_id(53361); script_xref(name:"FEDORA", value:"2012-7777"); script_name(english:"Fedora 16 : perl-Config-IniFiles-2.72-1.fc16 (2012-7777)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 2.72, fixes CVE-2012-2451. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=818430" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=818431" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?287c453f" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-Config-IniFiles package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-Config-IniFiles"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"perl-Config-IniFiles-2.72-1.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-Config-IniFiles"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1543-1.NASL description It was discovered that the perl Config::IniFiles module created temporary files in an unsafe manner. A local user with write access to the directory containing a configuration file that Config-IniFiles manipulates could exploit this to overwrite arbitrary files. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 61608 published 2012-08-21 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61608 title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libconfig-inifiles-perl vulnerability (USN-1543-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1543-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(61608); script_version("1.8"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-2451"); script_bugtraq_id(53361); script_xref(name:"USN", value:"1543-1"); script_name(english:"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libconfig-inifiles-perl vulnerability (USN-1543-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that the perl Config::IniFiles module created temporary files in an unsafe manner. A local user with write access to the directory containing a configuration file that Config-IniFiles manipulates could exploit this to overwrite arbitrary files. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1543-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libconfig-inifiles-perl package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libconfig-inifiles-perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/27"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"libconfig-inifiles-perl", pkgver:"2.52-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"libconfig-inifiles-perl", pkgver:"2.58-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libconfig-inifiles-perl", pkgver:"2.68-1ubuntu0.11.10.1")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libconfig-inifiles-perl", pkgver:"2.68-1ubuntu0.12.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libconfig-inifiles-perl"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_725AB25A987B11E1A2EF001FD0AF1A4C.NASL description Unsafe Temporary file creation Config::IniFiles used a predictable name for its temporary file without opening it correctly. last seen 2020-06-01 modified 2020-06-02 plugin id 59026 published 2012-05-08 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59026 title FreeBSD : p5-Config-IniFiles -- unsafe temporary file creation (725ab25a-987b-11e1-a2ef-001fd0af1a4c) NASL family Fedora Local Security Checks NASL id FEDORA_2012-7763.NASL description Update to 2.72, fixes CVE-2012-2451. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-05-29 plugin id 59271 published 2012-05-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59271 title Fedora 17 : perl-Config-IniFiles-2.72-1.fc17 (2012-7763)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 53361 CVE ID: CVE-2012-2451 Perl是一种高级、通用、直译式、动态的程序语言。 Perl的Config::IniFiles模块中存在安全漏洞,应用使用临时文件的方式不安全,可被恶意本地用户利用通过符号链接攻击以提升的权限执行某些操作,例如覆盖任意文件。 0 Perl Config::IniFiles 2.7 厂商补丁: Perl ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.perl.com |
| id | SSV:60094 |
| last seen | 2017-11-19 |
| modified | 2012-05-04 |
| published | 2012-05-04 |
| reporter | Root |
| title | Perl Config::IniFiles Module不安全临时文件创建漏洞 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html
- http://secunia.com/advisories/48990
- http://secunia.com/advisories/48990
- http://www.openwall.com/lists/oss-security/2012/05/02/6
- http://www.openwall.com/lists/oss-security/2012/05/02/6
- http://www.osvdb.org/81671
- http://www.osvdb.org/81671
- http://www.securityfocus.com/bid/53361
- http://www.securityfocus.com/bid/53361
- http://www.ubuntu.com/usn/USN-1543-1
- http://www.ubuntu.com/usn/USN-1543-1
- https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
- https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
- https://bugzilla.redhat.com/show_bug.cgi?id=818386
- https://bugzilla.redhat.com/show_bug.cgi?id=818386
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75328
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75328