Bug#794963: libnet-xmpp-perl: "Insecure dependency in eval (...) at /usr/share/perl5/Net/XMPP/Protocol.pm line 1007."
Christoph Biedl
debian.axhn at manchmal.in-ulm.de
Sat Aug 8 18:49:35 UTC 2015
Package: libnet-xmpp-perl
Version: 1.02-4
Severity: normal
Tags: patch
Dear Maintainer,
after upgrading to jessie, an XMPP client application written in Perl
failed to start with
| Insecure dependency in eval while running setuid at /usr/share/perl5/Net/XMPP/Protocol.pm line 1007.
The offending line
| eval "\$obj = new $NEWOBJECT{$tag}(\$tree);";
isn't something I'd call good Perl style. Replacing it with
| eval { $obj = new {$NEWOBJECT{$tag}}($tree); };
made the woes go away. This code still exists in stretch.
Christoph
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14.48 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20150808/76d4c252/attachment.sig>
More information about the pkg-perl-maintainers
mailing list