oss-sec mailing list archives
CVE request: perl-modules
From: Jamie Strandboge <jamie () canonical com>
Date: Tue, 11 Dec 2012 10:56:44 -0600
Debian recently fixed the following security bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224 "Locale::Maketext is a core l10n library that expands templates found in strings. Two problems were found, reported, and patched-for by Brian Carlson of cPanel, and these fixes are now in blead and on the CPAN. The commit in question is http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 The flaws are: * in a [method,x,y,z] template, the method could be a fully-qualified name * template expansion did not properly quote metacharacters, allowing code injection through a malicious template Please upgrade your Locale::Maketext, especially if you allow user-provided templates." -- Jamie Strandboge http://www.ubuntu.com/
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: perl-modules Jamie Strandboge (Dec 11)
- Re: CVE request: perl-modules Kurt Seifried (Dec 11)
- <Possible follow-ups>
- Re: CVE request: perl-modules cve-assign (Dec 12)