develooper Front page | perl.perl5.porters | Postings from December 2012

Re: security notice: Locale::Maketext: CVE?

Thread Previous | Thread Next
Dominic Hargreaves
December 9, 2012 00:12
Re: security notice: Locale::Maketext: CVE?
Message ID:
On Wed, Dec 05, 2012 at 04:05:01PM -0500, Ricardo Signes wrote:
> * Dominic Hargreaves <> [2012-12-05T13:51:19]
> > I wondered (and the question has arised within the Debian project) whether
> > anyone might be relying on the previous behaviour? Have you been able to do
> > any assessment of this?
> It's difficult to say, unfortunately, because (I suppose) most projects that
> would use Locale::Maketext would not be CPAN projects, and so finding them is
> not trivial.
> I did do some grepping of the CPAN and found zero cases.
> It should be quite easy to add this behavior back as optional, if we find
> we've broken anything.
> I'm sorry I can't be more concrete!

Thanks for this. Has a CVE been assigned to this vulnerability yet,
and if so, what's the best way to do so?


Dominic Hargreaves |
PGP key 5178E2A5 from (keyserver,web,email)

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About