Bug#335937: libmime-lite-perl: send_by_sendmail() fails in taint
check mode
Srdjan
srdjan at catalyst.net.nz
Wed Oct 26 21:05:37 UTC 2005
Package: libmime-lite-perl
Version: 3.01-5
Severity: normal
sendmail command and params are not constructed in a taint-safe fashion.
Arguments to send_by_sendmail() are used/filled in rather than having
separate vars set to defaults or untainted args.
$ENV{PATH} is not untainted either, but that can be argued to be the
caller's responsibility
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (101, 'unstable'), (99, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13-1-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages libmime-lite-perl depends on:
ii perl 5.8.7-7 Larry Wall's Practical Extraction
libmime-lite-perl recommends no packages.
-- no debconf information
More information about the pkg-perl-maintainers
mailing list