Bug#696374: libcrypt-cbc-perl: unusable with taint mode; please upgrade to 2.32
Corey Hickey
bugfood-c at fatooh.org
Thu Dec 20 05:41:51 UTC 2012
Package: libcrypt-cbc-perl
Version: 2.31-1
Severity: important
Tags: upstream
Dear Maintainer,
2.31 seems to have introduced a bug that makes data always appear
tainted:
$ /tmp/t.pl
Taint checks are turned on and your key is tainted. Please untaint the
key and try again at /tmp/t.pl line 11
--------------------------------
#!/usr/bin/perl -T
use strict;
use warnings FATAL => 'all';
use Crypt::CBC;
my $cipher = Crypt::CBC->new(
-key => "asdf",
-cipher => "Rijndael",
);
print $cipher->encrypt("asdf");
--------------------------------
This appears to have been fixed upstream in 2.32.
http://cpansearch.perl.org/src/LDS/Crypt-CBC-2.32/Changes
Thanks,
Corey
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libcrypt-cbc-perl depends on:
ii libcrypt-blowfish-perl 2.12-1+b2
ii libcrypt-rijndael-perl 1.11-1
ii perl 5.14.2-15
libcrypt-cbc-perl recommends no packages.
libcrypt-cbc-perl suggests no packages.
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: t.pl
Type: text/x-perl
Size: 190 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20121219/890208ca/attachment.pl>
More information about the pkg-perl-maintainers
mailing list