Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: perl-modules
From: Jamie Strandboge <jamie () canonical com>
Date: Tue, 11 Dec 2012 10:56:44 -0600

Debian recently fixed the following security bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224

"Locale::Maketext is a core l10n library that expands templates found in
strings.

Two problems were found, reported, and patched-for by Brian Carlson of
cPanel, and these fixes are now in blead and on the CPAN.

The commit in question is
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8

The flaws are:

* in a [method,x,y,z] template, the method could be a fully-qualified name
* template expansion did not properly quote metacharacters, allowing
  code injection through a malicious template

Please upgrade your Locale::Maketext, especially if you allow user-provided
templates."

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault