perldelta entry for File:Glob / CVE-2011-2728 fix.

1 files changed, 15 insertions, 0 deletions

diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 3cdf0d7946..41c5d57ce2 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -49,6 +49,15 @@ L</Selected Bug Fixes> section.
 
 [ List each security issue as a =head2 entry ]
 
+=head2 C<File::Glob::bsd_glob()> memory error with GLOB_ALTDIRFUNC (CVE-2011-2728).
+
+Calling C<File::Glob::bsd_glob> with the unsupported flag GLOB_ALTDIRFUNC would 
+cause an access violation / segfault.  A Perl program that accepts a flags value from
+an external source could expose itself to denial of service or arbitrary code
+execution attacks.  There are no known exploits in the wild.  The problem has been
+corrected by explicitly disabling all unsupported flags and setting unused function
+pointers to null.  Bug reported by Clément Lecigne.
+
 =head1 Incompatible Changes
 
 =head2 User-defined case changing operations.
@@ -149,6 +158,12 @@ of data.
 
 =item *
 
+L<File::Glob> has been upgraded from version 1.12 to version 1.13.
+
+See L</Security>.
+
+=item *
+
 L<Math::BigRat> has been upgraded from version 0.2602 to version 0.2603.
 
 C<int()> on a Math::BigRat object containing -1/2 now creates a