| Store | Cart

Re: security notice: Locale::Maketext: CVE?

From: Dominic Hargreaves <d...@earth.li>
Sun, 9 Dec 2012 00:12:14 +0000
On Wed, Dec 05, 2012 at 04:05:01PM -0500, Ricardo Signes wrote:
> * Dominic Hargreaves <d...@earth.li> [2012-12-05T13:51:19]> > I wondered (and the question has arised within the Debian project) whether> > anyone might be relying on the previous behaviour? Have you been able to do> > any assessment of this?> > It's difficult to say, unfortunately, because (I suppose) most projects that> would use Locale::Maketext would not be CPAN projects, and so finding them is> not trivial.> > I did do some grepping of the CPAN and found zero cases.> > It should be quite easy to add this behavior back as optional, if we find> we've broken anything.> > I'm sorry I can't be more concrete!

Thanks for this. Has a CVE been assigned to this vulnerability yet,
and if so, what's the best way to do so?


Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Recent Messages in this Thread
Ricardo Signes Dec 05, 2012 03:51 pm
Dominic Hargreaves Dec 05, 2012 06:51 pm
Ricardo Signes Dec 05, 2012 09:05 pm
Dominic Hargreaves Dec 09, 2012 12:12 am
Leon Timmermans Dec 09, 2012 12:43 am
brian m. carlson Dec 09, 2012 01:49 am
Thomas Sibley Dec 05, 2012 09:43 pm
Messages in this thread