Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc
Niko Tyni
ntyni at debian.org
Wed Apr 20 05:52:31 UTC 2011
severity 622817 important
thanks
On Tue, Apr 19, 2011 at 04:18:36PM +0200, Florian Weimer wrote:
> * Niko Tyni:
>
> > Security team, I assume this is going to be fixed through a DSA?
>
> I don't think this is a security bug on its own.
Yes, turns out upstream thinks similarly.
http://nntp.perl.org/group/perl.perl5.porters/171010
I'm therefore downgrading the severity.
> If this bug fixes any actual vulnerabilities, such a backport will
> break applications, hard. Therefore, I would prefer to let it soak in
> unstable/testing for some time, to see what happens.
OK, let's do that. Thanks and sorry for rushing things a bit.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list