develooper Front page | perl.perl5.porters | Postings from December 2012

security notice: Locale::Maketext

Thread Next
Ricardo Signes
December 5, 2012 15:52
security notice: Locale::Maketext
Message ID:

Locale::Maketext is a core l10n library that expands templates found in

Two problems were found, reported, and patched-for by Brian Carlson of cPanel,
and these fixes are now in blead and on the CPAN.

The commit in question is

The flaws are:

* in a [method,x,y,z] template, the method could be a fully-qualified name
* template expansion did not properly quote metacharacters, allowing
  code injection through a malicious template

Please upgrade your Locale::Maketext, especially if you allow user-provided

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About