forwarded 616288 http://rt.perl.org/rt3/Public/Bug/Display.html?id=72062 tag 616288 patch fixed-upstream thanks
On Thu, Mar 03, 2011 at 10:58:37AM +0200, Niko Tyni wrote: > On Thu, Mar 03, 2011 at 12:06:56AM -0800, Devin Carraway wrote: > > Package: perl-modules > > Version: 5.10.0-19lenny3 > > Severity: normal > > > Packages using SelfLoader (older ones, generally) seem to have broken > > recently > > when taint checking is enabled. I haven't narrowed down exactly where this > > was introduced, but I don't believe I saw it prior to the 5.0.8 point > > release > > of Lenny, which included perl security fixes. > > I can reproduce this with 5.10.0-19lenny2 but not 5.8.8-7etch6. > I suspect it broke between Etch and Lenny rather than a point update. This is [perl #72062], fixed in SelfLoader-1.18 / Perl 5.13.7 with http://perl5.git.perl.org/perl.git/commit/a3a44df66ac2cb0beb603b3dd9697fd81cfcfb30 The problem was introduced in Perl 5.10.0 with http://perl5.git.perl.org/perl.git/commit/add1a1a3c3dc28dd49272f4754cfc04acae28e3b Note that the upstream ticket has a longish discussion on whether silently importing IO::Handle in such a low level module has bad side effects. The patch has so far not made it into the 5.12 series, so we should probably wait for 5.14 as well instead of backporting the patch. -- Niko Tyni [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
