Skip to content

Commit e99a91c

Browse files
thibaultduponchelleLeontbook
committed
Add delta related to CVE-2025-40909
Co-authored-by: Leon Timmermans <[email protected]> Co-authored-by: Philippe Bruhat (BooK) <[email protected]>
1 parent 4bc6a9c commit e99a91c

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

pod/perldelta.pod

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1093,6 +1093,16 @@ C<PERL_MAGIC_regex_global> magic type.
10931093

10941094
=item *
10951095

1096+
[CVE-2025-40909] Perl threads have a working directory race condition where file operations may target unintended paths
1097+
1098+
Perl thread cloning had a working directory race condition where file operations may target unintended paths. Perl 5.42 will no longer chdir to each handle.
1099+
1100+
This problem was reported by Vincent Lefèvre via [L<GH #23010|https://github.com/Perl/perl5/issues/23010>] and assigned [L<CVE-2025-40909: Perl threads have a working directory race condition where file operations may target unintended paths|https://lists.security.metacpan.org/cve-announce/msg/30017499/>].
1101+
1102+
Fixes were provided via [L<GH #23019|https://github.com/Perl/perl5/pull/23019>] and [L<GH #23361|https://github.com/Perl/perl5/pull/23361>].
1103+
1104+
=item *
1105+
10961106
Fix null pointer dereference in S_SvREFCNT_dec [L<GH #16627|https://github.com/Perl/perl5/issues/16627>].
10971107

10981108
=item *

0 commit comments

Comments
 (0)