Bug#695224: Locale::Maketext security fix: real world breakage?

[Dominic Hargreaves]

On Wed, Dec 05, 2012 at 04:05:01PM -0500, Ricardo Signes wrote:
> * Dominic Hargreaves <dom at earth.li> [2012-12-05T13:51:19]
> > I wondered (and the question has arised within the Debian project) whether
> > anyone might be relying on the previous behaviour? Have you been able to do
> > any assessment of this?
> 
> It's difficult to say, unfortunately, because (I suppose) most projects that
> would use Locale::Maketext would not be CPAN projects, and so finding them is
> not trivial.
> 
> I did do some grepping of the CPAN and found zero cases.
> 
> It should be quite easy to add this behavior back as optional, if we find
> we've broken anything.

Hi,

A fix for that has been in Debian unstable/testing for the past month
and we've had no reports of problems. That doesn't mean everything, of
course, but it is probably time to decide whether to push this out to
Debian stable. As such I'd be very interested in hearing from anyone
who has real world examples of this breaking things.

Cheers,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)