Bug#600063: libclass-accessor-grouped-perl: Module susceptible to drastic change of semantics in presence of libclass-xsaccessor-perl

Peter Rabbitson rabbit+bugs at rabbit.us
Wed Oct 13 10:35:30 UTC 2010 

Package: libclass-accessor-grouped-perl
Version: 0.09003-1
Severity: important
Tags: patch


A bit over a year ago optional support for Class::XSAccessor was introduced
to generate lightning-fast 'simple'-group accessors. However it recently a
number of oversights became apparent, all of which were fixed in the latest
version on CPAN 0.09008. The identified and fixed problems are:

* Any accessors of type 'simple' (arguably the most used ones) that are
declared as read-only or write-only, will silently turn into read-writer ones
when Class::XSAccessor is present in @INC

* If Class::XSAccessor is present in @INC set_simple/get_simple methods will
no longer be invoked, even if the underlying program defines custom versions
of these methods

Note that it doesn't matter wether Class::XSAccessor was installed via dpkg
or if it has been locally cpan'ed - all it takes is for the perl interpreter
to find it somehow.

Please consider upgrading the squeeze version, as the current one (0.09003-1)
is too vulnerable to spooky action at a distance.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.35-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libclass-accessor-grouped-perl depends on:
pn  libclass-inspector-perl       <none>     (no description available)
pn  libmro-compat-perl            <none>     (no description available)
pn  libsub-identify-perl          <none>     (no description available)
ii  libsub-name-perl              0.04-1     Assigns a new name to referenced s
ii  perl                          5.10.1-14  Larry Wall's Practical Extraction 

Versions of packages libclass-accessor-grouped-perl recommends:
pn  libclass-xsaccessor-perl      <none>     (no description available)

libclass-accessor-grouped-perl suggests no packages.

More information about the pkg-perl-maintainers mailing list