Re: Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc
On Wed, Apr 20, 2011 at 08:52:31AM +0300, Niko Tyni wrote:
> severity 622817 important
> On Tue, Apr 19, 2011 at 04:18:36PM +0200, Florian Weimer wrote:
> > * Niko Tyni:
> > > Security team, I assume this is going to be fixed through a DSA?
> > I don't think this is a security bug on its own.
> Yes, turns out upstream thinks similarly.
> I'm therefore downgrading the severity.
> > If this bug fixes any actual vulnerabilities, such a backport will
> > break applications, hard. Therefore, I would prefer to let it soak in
> > unstable/testing for some time, to see what happens.
> OK, let's do that. Thanks and sorry for rushing things a bit.
Perhaps it would make sense to upload this fix to s-p-u and o-p-u
instead (after a suitable soak period). Release team, any thoughts?
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)