Some of you may have seen a recent security advisory regarding RT (http://lists.bestpractical.com/pipermail/rt-users/2008-June/052398.html)
This is actually a problem that is caused by Mason (sort of). Basically, what happens is that Mason catches an exception, and in the process of doing something with it, throws another exception, which it catches, etc. Triggering this bug is not that easy, fortunately. RT did it by letting bad UTF8 be passed to a function, and then later in the call chain, throwing an exception. When Mason tried to stringify the exception, Devel::StackTrace blew up, Mason caught the exception, and went into a loop of catching and blowing up. The simple fix is to upgrade Devel::StackTrace to 1.19+, which does a better job of not blowing up. We also plan to release a version of Mason in the near future that is a bit more careful in its exception handling to not go into this sort of loop. In practice, it's unlikely that your app is affected, but upgrading to D::ST 1.19+ should be pretty safe, so it's not a bad idea to do it. -dave /*========================== VegGuide.Org Your guide to all that's veg ==========================*/ ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users
