Document e57270be442bfaa9dc23eebd67485e5a806b44e3:

I wasn't sure where or how much of it to document, but it seems
like it's important, and this relating to permissions not being
removed, I consider it security-related. This is similiar to what
the original Debian ticket that relates to it mentioned.

I've cut Niko's text a bit shorter, taken from the commit message
itself.

(cherry picked from commit 07450df75585c03dda7c25f07a88139918aeb0ea)

1 files changed, 13 insertions, 0 deletions

diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index f3d55df368..12841aae82 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -39,6 +39,19 @@ L<[perl #126755]|https://rt.perl.org/Ticket/Display.html?id=126755>
 This is CVE-2015-8607.  For more information see
 L<[perl #126862]|https://rt.perl.org/Ticket/Display.html?id=126862>
 
+=head2 Set proper umask before calling C<mkstemp(3)>
+
+In 5.22 perl started setting umask to 0600 before calling C<mkstemp(3)>
+and restoring it afterwards. This wrongfully tells open(2) to strip
+the owner read and write bits from the given mode before applying it,
+rather than the intended negation of leaving only those bits in place.
+
+Systems that use mode 0666 in C<mkstemp(3)> (like old versions of
+glibc) createa a file with permissions 0066, leaving world read and
+write permissions regardless of current umask.
+
+This has been fixed by using umask 0177 instead. [perl #127322]
+
 =head1 Incompatible Changes
 
 XXX For a release on a stable branch, this section aspires to be: