Bug#622817: [dom at earth.li: Re: [perl #87336] Function lc() is laundering tainted data in newer perls, contrary to docs]
Dominic Hargreaves
dom at earth.li
Fri Apr 15 18:25:01 UTC 2011
----- Forwarded message from Dominic Hargreaves <dom at earth.li> -----
Date: Fri, 15 Apr 2011 19:12:24 +0100
From: Dominic Hargreaves <dom at earth.li>
To: Father Chrysostomos via RT <perlbug-comment at perl.org>
Cc: perl5-porters at perl.org
Subject: Re: [perl #87336] Function lc() is laundering tainted data in
newer perls, contrary to docs
User-Agent: Mutt/1.5.20 (2009-06-14)
On Thu, Mar 31, 2011 at 06:29:59AM -0700, Father Chrysostomos via RT wrote:
> On Thu Mar 31 05:54:26 2011, jesse wrote:
> > At least for now, I've made it a 5.14 blocker, so a fix for it is 100%
> > ok. :)
> >
>
> I’ve just fixed it with commit 539689e74a.
Are there any plans to push this update to maint-5.12 or maint-5.10
(although the latter is probably dead already in practice)?
It looks like it would be worth applying.
For context, I'm looking at fixing this in the Debian perl packages:
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622817>. It looks
like Redhat have already pushed out an update for 5.12 in Fedora 14.
I've attached the patch extracted from
<http://mirror.ox.ac.uk/sites/download.fedora.redhat.com/pub/fedora/linux/updates/14/SRPMS/perl-5.12.3-143.fc14.src.rpm>
(thanks Marcela!) and would appreciate any comments. That file applies
cleanly to our perl 5.10 tree, although I haven't tested it yet.
Thanks,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
----- End forwarded message -----
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the Perl-maintainers
mailing list