Package: libcache-apt-perl
Version: 0.13.3
Severity: normal
Hi,
apt-cross is failing for me, because of a parenthesis (in a comment) in
my sources.list:
Unmatched ( in regex; marked by <-- HERE in m/# Repository for the
vuurmuur firewall frontend ( <-- HERE It's included in Debian/ at
/usr/share/perl5/Cache/Apt/Config.pm line 273.
The relevant snippet from sources.list is:
# Repository for the vuurmuur firewall frontend (It's included in Debian
# from squeeze).
#deb ftp://ftp.vuurmuur.org/debian/ sid main
When looking at the code, it seems that the line from sources.list is
directly interpreted as a regex:
$m{$max_pri_suite}++ if ($max_pri_suite =~ /$s/);
$m{$codename}++ if ($codename =~ /$s/)
($s is the line from sources.list). I can't really understand what this
code is trying to do, it looks to me as if the match should be the other
way around (look for $codename in $s instead of looking for $s in
$codename). But it really shouldn't be using arbitrary user input (e.g.,
sources.list) in a regex directly without escaping.
It seems perl forbids using the eval construct in a regex by default, so
this doesn't seem to be a security issue.
Gr.
Matthijs
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
