Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc
Florian Weimer
fw at deneb.enyo.de
Sat Apr 30 16:26:51 UTC 2011
* Adam D. Barratt:
> I do share Florian's concern about the potential breakage as a result of
> the change. Do we have any idea how many packages in {old,}stable would
> be affected and to what degree? Particularly in the case of oldstable,
> with its four month update cycle, fixing packages broken by the change
> could be somewhat painful.
Okay, then we should release a DSA for it, so that the breakage is
more easily blamed on this particular change, and that it's less
confusing if we have to issue follow-up DSAs. Perhaps late May or
early June would be a convenient release date?
More information about the Perl-maintainers
mailing list