Bug#561970: libdate-manip-perl: cannot be used in taint (-T) mode
gregor herrmann
gregoa at debian.org
Thu Sep 20 14:49:00 UTC 2012
On Thu, 20 Sep 2012 12:40:47 +0200, Helmut Grohne wrote:
> Thanks for pinging me on this issue.
No problem, and thanks for your quick reply!
> > Works for me (with 6.32-1):
> >
> > % perl -T -e 'use Date::Manip; print Date::Manip::ParseDateString("10:20");'
> > 2012091910:20:00
> > % perl -e 'use Date::Manip; print Date::Manip::ParseDateString("10:20");'
> > 2012091910:20:00
> Interesting. For me 6.32-1 is still broken. However I cannot reproduce
> it with 6.34-1. I really have no clue what could make up the difference
> between our 6.32 versions.
Hm, me neither.
But good to know that it works with 6.34.
Which was my hope after reading lib/Date/Manip/Changes6.pod:
| Added a secure PATH to TZ.pm for taint reasons. In response to RT 78566
which leads to http://rt.cpan.org/Public/Bug/Display.html?id=78566
(and is similar to https://rt.cpan.org/Public/Bug/Display.html?id=44069 ).
[munin-cgi...]
> > Can somebody reproduce the bug?
> Probably not. Or at least anyone who can, can reproduce the oneliner as
> well.
Right.
I'm inclined to close this bug with 6.34-1; OTOH we might as well
leave it open until someone comes along the next time and close it
unless there's a new sign of problems.
Cheers,
gregor
--
.''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
: :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
`- NP: Leonard Cohen: Alexandra Leaving
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20120920/edf83197/attachment.pgp>
More information about the pkg-perl-maintainers
mailing list