Package: perl-modules Severity: important Version: 5.14.2-15 ----- Forwarded message from Ricardo Signes <[email protected]> -----
Date: Wed, 5 Dec 2012 10:51:47 -0500 From: Ricardo Signes <[email protected]> To: [email protected] Subject: security notice: Locale::Maketext X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,SPF_PASS,T_DKIM_INVALID autolearn=ham version=3.3.1 User-Agent: Mutt/1.5.21 (2010-09-15) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.2 Locale::Maketext is a core l10n library that expands templates found in strings. Two problems were found, reported, and patched-for by Brian Carlson of cPanel, and these fixes are now in blead and on the CPAN. The commit in question is http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 The flaws are: * in a [method,x,y,z] template, the method could be a fully-qualified name * template expansion did not properly quote metacharacters, allowing code injection through a malicious template Please upgrade your Locale::Maketext, especially if you allow user-provided templates. -- rjbs ----- End forwarded message ----- -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

