Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc
Florian Weimer
fw at deneb.enyo.de
Tue Apr 19 14:18:36 UTC 2011
* Niko Tyni:
> Security team, I assume this is going to be fixed through a DSA?
I don't think this is a security bug on its own.
> It should be trivial to port this to squeeze and lenny. I'll try to
> prepare the debdiffs on Sunday, but if somebody else wants to do that,
> feel free.
If this bug fixes any actual vulnerabilities, such a backport will
break applications, hard. Therefore, I would prefer to let it soak in
unstable/testing for some time, to see what happens.
More information about the Perl-maintainers
mailing list