perlsecpolicy.pod - OpenGrok cross reference for /openbsd-src/gnu/usr.bin/perl/pod/perlsecpolicy.pod

Lines Matching full:are
43 team handles. General guidelines about how this is determined are
44 detailed in the L</WHAT ARE SECURITY ISSUES> section.
54 go through are explained in the L</HOW WE DEAL WITH SECURITY ISSUES>
57 =head1 WHAT ARE SECURITY ISSUES
83 The Perl modules shipped with the interpreter that are developed in the core
88 The command line tools shipped with the interpreter that are developed in the
93 Files under the F<cpan/> directory in Perl's repository and release tarballs are
138 There are certain categories of bugs that are frequently reported to
141 The following is a list of commonly reported bugs that are not
166 L<Opcode> restrictions and L<Safe> compartments are not supported as
172 These templates are unsafe by design.
199 read badly encoded data, or other mechanisms are used to directly
208 support. Security defects that are present only in pre-release
209 versions of Perl are handled through the normal bug reporting and
223 quirks that are extensively documented in Perl's public issue tracker.
229 Some bugs in the Perl interpreter occur in areas of the codebase that are
234 Untrusted regular expressions are generally safe to compile and match against
236 engine are the developer's responsibility to constrain.
241 Regular expressions are not guaranteed to compile or evaluate in any specific
244 Regular expressions may consume all available system memory when they are
257 Bugs caused by reading and writing these file formats are generally caused
258 by the underlying library implementation and are not security issues in
270 extremely large amounts of attacker supplied data are not generally handled
278 are kept secret until a fix is readily available for most users. This minimizes
287 of the report. If you are unable or unwilling to keep the issue secret until
322 Security reports that pass initial triage analysis are turned into issues
331 Issues in the security team's private tracker are used to collect details
333 other details are not made public when the issue is resolved. Keeping the
375 are affected by the flaw, an analysis of the risks to users, patches
384 period the vulnerability details and fixes are embargoed and should not
386 problems are discovered during testing.
388 You will be sent the portions of pre-release announcements that are
403 New official releases of Perl are generally produced and tested
414 If official Perl releases are ready, they will be published at this time
427 are reported privately and kept secret until they are resolved. This isn't
443 information, fixes, and CVE IDs are visible to affected users as rapidly as
467 When security issues are fixed we will attempt to credit the specific
470 Credits are announced using the researcher's preferred full name.
476 Perl's announcements are written in the English language using the 7bit