Package: perl Version: 5.10.1-19 Severity: grave Tags: security Justification: user security hole
CVE description: The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. Upstream report: <http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336> Redhat bug: <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1487> Fix from bleadperl: <http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99> Fedora fix in 5.12: <https://bugzilla.redhat.com/show_bug.cgi?id=692900> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
