Guillem Jover wrote...
> TBH, I was not aware that anyone was running Dpkg modules in taint
> mode.
Well, I do as well, in some private code. I can and probably will change
that, though.
> If people are really running this code in taint mode, I'm willing to
> discuss which parts of the API
-=| Damyan Ivanov, 18.10.2017 20:20:16 + |=-
> During discussion, Matt S. Trout suggested on IRC that the check for
> a valid package name is better written as $input =~
> /\A([A-Za-z]\w*(?:::\w+)*)\Z/. If no hierarchy is possible, then
> /\A([A-Za-z]\w*/ would be enough.
I forgot an
-=| Guillem Jover, 17.10.2017 22:16:31 +0200 |=-
> On Tue, 2017-10-17 at 19:48:07 +0300, Niko Tyni wrote:
> > It looks like Dpkg::Vendor::get_vendor_info() contents have become
> > tainted, probably due to changes in Dpkg::Control::HashCore. It used to
> > dig the values out with regexp captures
Hi!
On Tue, 2017-10-17 at 19:48:07 +0300, Niko Tyni wrote:
> On Tue, Oct 17, 2017 at 05:44:26PM +0200, gregor herrmann wrote:
> > Package: dh-make-perl
> > Version: 0.95
> > Severity: serious
> > Tags: buster sid
> > Justification: fails to build from source
>
> > As first seen on ci.debian.net,
On Tue, Oct 17, 2017 at 05:44:26PM +0200, gregor herrmann wrote:
> Package: dh-make-perl
> Version: 0.95
> Severity: serious
> Tags: buster sid
> Justification: fails to build from source
> As first seen on ci.debian.net, dh-make-perl's test suite fails with
> libdpkg-perl 1.19.0 and 1.19.0.1:
>
Package: dh-make-perl
Version: 0.95
Severity: serious
Tags: buster sid
Justification: fails to build from source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
As first seen on ci.debian.net, dh-make-perl's test suite fails with
libdpkg-perl 1.19.0 and 1.19.0.1:
Insecure dependency in eval
6 matches
Mail list logo
