+ * SECURITY [CAN-2004-0452]: use less permissive chmods in rmtree.
+ * SECURITY [CAN-2004-0976]: patches from Trustix for insecure temp
+ file usage (thanks to Joey Hess for analysis).
+ - Some unsafe examples in the DB_File POD
+ - Use of hard coded temp file name in ext/IO/t/io_unix.t
+ - Hardcoded tmp file in ext/ODBM_File/ODBM_File.xs
+ - Some potentially unsafe examples in POSIX pod
+ - Hardcoded tmp file path in example of Socket.pm
+ - Example in Cookie.pm that uses /usr/tmp
+ - An example in MakeMaker.pm that suggets setting PREFIX=/tmp/myperl5
+ - Insecure use of /tmp file in ExtUtils/inst
+ - Insecure use of /tmp file in docs of Shell.pm
+ - Insecure use of /tmp file in docs of dotsh.pl
+ - Insecure use of /tmp file in setterm() function of lib/perl5db.pl
+ - Insecure use of /tmp file in mpeix/nm
+ - Insecure use of /tmp file in perly.fixer
+ - Insecure use of /tmp file in perldbmfilter.pod, perldebug.pod
+ - Various fixes in the FAQ
+ - perlfunc.pod, ditto
+ - perlipc.pod, ditto
+ - perllexwarn.pod, ditto
+ - perlobj.pod, ditto
+ - perlop.pod, ditto
+ - perlopentut.pod, ditto
+ - Insecure use of /tmp in utils/c2ph.PL, utils/perlbug.PL
####
+ * SECURITY UPDATE: fix information/file leakage in File::Path::rmtree()
+ * lib/File/Path.pm, rmtree(): use chmod 700/600 instead of 777/666 before
+ removing files/directories; this will not leave world-readable/writeable
+ directories and files behind if rmdir/unlink fails somehow and avoid race
+ conditions
+ * References:
+ CAN-2004-0452
####
+ * SECURITY UPDATE: multiple insecure temporary file usages
+ (Warty bug #2771)
+ * added patch 03_safe_tmpfiles.patch:
+ - ext/Devel/PPPort/PPPort.pm: use safe method of create temporary file
+ - lib/ExtUtils/instmodsh: use File::Temp to create temporary file safely
+ - lib/Memoize/t/{tie.t,tie_gdbm.t,tie_ndbm.t,tie_sdbm.t,tie_storable.t},
+ ext/DB_File/t/db-recno.t: create temporary files in current directory, not
+ /tmp; these test scripts are only used during package build, so this
+ should be safe
+ * References:
+ CAN-2004-0976