Package: libcrypt-cbc-perl
Version: 2.31-1
Severity: important
Tags: upstream
Dear Maintainer,
2.31 seems to have introduced a bug that makes data always appear
tainted:
$ /tmp/t.pl
Taint checks are turned on and your key is tainted. Please untaint the
key and try again at /tmp/t.pl line 11
--------------------------------
#!/usr/bin/perl -T
use strict;
use warnings FATAL => 'all';
use Crypt::CBC;
my $cipher = Crypt::CBC->new(
-key => "asdf",
-cipher => "Rijndael",
);
print $cipher->encrypt("asdf");
--------------------------------
This appears to have been fixed upstream in 2.32.
http://cpansearch.perl.org/src/LDS/Crypt-CBC-2.32/Changes
Thanks,
Corey
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libcrypt-cbc-perl depends on:
ii libcrypt-blowfish-perl 2.12-1+b2
ii libcrypt-rijndael-perl 1.11-1
ii perl 5.14.2-15
libcrypt-cbc-perl recommends no packages.
libcrypt-cbc-perl suggests no packages.
-- no debconf information
#!/usr/bin/perl -T
use strict;
use warnings FATAL => 'all';
use Crypt::CBC;
my $cipher = Crypt::CBC->new(
-key => "asdf",
-cipher => "Rijndael",
);
print $cipher->encrypt("asdf");
