It was reported that File::Spec::canonpath() routine returns untainted strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. This issue affects versions of PathTools from 3.47 onwards and/or perl 5.20.0.
Created attachment 1108268 [details] Patch
Created attachment 1108269 [details] Patch - version correction
Created perl-PathTools tracking bugs for this issue: Affects: fedora-all [bug 1297486]
Upstream bug: https://rt.perl.org/Public/Bug/Display.html?id=126862
perl-PathTools-3.60-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
perl-PathTools-3.47-312.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.