Locale::Maketext is a core l10n library that expands templates found in
strings.
Two problems were found, reported, and patched-for by Brian Carlson of cPanel,
and these fixes are now in blead and on the CPAN.
The commit in question is
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8
The flaws are:
* in a [method,x,y,z] template, the method could be a fully-qualified name
* template expansion did not properly quote metacharacters, allowing
code injection through a malicious template
Please upgrade your Locale::Maketext, especially if you allow user-provided
templates.
--
rjbs