develooper Front page | perl.perl5.porters | Postings from January 2013

Locale::Maketext security fix: real world breakage?

Thread Previous | Thread Next
From:
Dominic Hargreaves
Date:
January 18, 2013 15:06
Subject:
Locale::Maketext security fix: real world breakage?
Message ID:
20130118150638.GF5458@urchin.earth.li
On Wed, Dec 05, 2012 at 04:05:01PM -0500, Ricardo Signes wrote:
> * Dominic Hargreaves <dom@earth.li> [2012-12-05T13:51:19]
> > I wondered (and the question has arised within the Debian project) whether
> > anyone might be relying on the previous behaviour? Have you been able to do
> > any assessment of this?
> 
> It's difficult to say, unfortunately, because (I suppose) most projects that
> would use Locale::Maketext would not be CPAN projects, and so finding them is
> not trivial.
> 
> I did do some grepping of the CPAN and found zero cases.
> 
> It should be quite easy to add this behavior back as optional, if we find
> we've broken anything.

Hi,

A fix for that has been in Debian unstable/testing for the past month
and we've had no reports of problems. That doesn't mean everything, of
course, but it is probably time to decide whether to push this out to
Debian stable. As such I'd be very interested in hearing from anyone
who has real world examples of this breaking things.

Cheers,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About