Bug#629511: can report invalid data as valid in untaint mode

2011-12-20 Thread Adam D. Barratt
On Sun, 2011-12-18 at 15:39 +0100, gregor herrmann wrote: On Sun, 18 Dec 2011 14:26:41 +, Adam D. Barratt wrote: Here's an updated debdiff that patches the file directly. Please go ahead; thanks. Thanks; uploaded. I appear to have forgotten to follow-up before, but this was

Bug#629511: can report invalid data as valid in untaint mode

2011-12-18 Thread Adam D. Barratt
On Fri, 2011-12-16 at 20:46 +0100, gregor herrmann wrote: On Fri, 16 Dec 2011 19:42:29 +0100, Julien Cristau wrote: (I hope switching to source format 3.0 is ok; it seems less invasive than adding quilt stuff manually and less ugly than directly patching the source.) No it's not.

Bug#629511: can report invalid data as valid in untaint mode

2011-12-18 Thread gregor herrmann
On Sun, 18 Dec 2011 14:26:41 +, Adam D. Barratt wrote: Here's an updated debdiff that patches the file directly. Please go ahead; thanks. Thanks; uploaded. Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key ID: 0x8649AA06 : :' : Debian GNU/Linux user,

Bug#629511: can report invalid data as valid in untaint mode

2011-12-16 Thread Julien Cristau
On Thu, Dec 15, 2011 at 21:16:03 +0100, gregor herrmann wrote: (I hope switching to source format 3.0 is ok; it seems less invasive than adding quilt stuff manually and less ugly than directly patching the source.) No it's not. The way to go is to just fix the bug, not introduce random

Bug#629511: can report invalid data as valid in untaint mode

2011-12-16 Thread gregor herrmann
On Fri, 16 Dec 2011 19:42:29 +0100, Julien Cristau wrote: (I hope switching to source format 3.0 is ok; it seems less invasive than adding quilt stuff manually and less ugly than directly patching the source.) No it's not. The way to go is to just fix the bug, not introduce random

Bug#629511: can report invalid data as valid in untaint mode

2011-12-15 Thread gregor herrmann
On Wed, 14 Dec 2011 22:46:27 +, Jonathan Wiltshire wrote: Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites through

Bug#629511: can report invalid data as valid in untaint mode

2011-12-14 Thread Jonathan Wiltshire
Dear maintainer, Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites through point releases: squeeze (6.0.4) - use

Bug#629511: can report invalid data as valid in untaint mode

2011-06-07 Thread Damyan Ivanov
Package: libdata-formvalidator-perl Version: 4.66-2 Severity: important Tags: security squeeze sid wheezy upstream Forwarded: https://rt.cpan.org/Ticket/Display.html?id=61792 If there is a previous match in $, the validation routine erroneously returns success: $ perl 'EOF' use