Re: Accepted perl 5.8.4-8sarge4 (source sparc all)

To: Martin Zobel-Helas <zobel@ftbfs.de>
Cc: Brendan O'Dea <bod@debian.org>
Subject: Re: Accepted perl 5.8.4-8sarge4 (source sparc all)
From: "Steinar H. Gunderson" <sesse@debian.org>
Date: Fri, 24 Mar 2006 04:22:05 +0100
Message-id: <[🔎] 20060324032205.GA20688@uio.no>
In-reply-to: <[🔎] 20060324025820.GA9812@londo.c47.org>
References: <E1FMSGJ-0001EJ-Le@spohr.debian.org> <[🔎] 20060323202146.GW8535@frigg.ftbfs.de> <[🔎] 20060324025820.GA9812@londo.c47.org>

On Fri, Mar 24, 2006 at 01:58:20PM +1100, Brendan O'Dea wrote:
>> we noticed that you uploaded perl. Could you please give a more verbose
>> reasoning why this upload should go into the next stable point release.
>> Your changelog did not really point out which of the issues are release
>> critical.
> The primary fix is to allow utf8 to be used with taint.

To be slightly more verbose: If two scalars were to be concatenated, and they
had the right combination of taint and utf8 flags, the resulting scalar would
be converted to UTF-8 but without the utf8 flag set, causing ISO-8859-1 to be
converted to UTF-8 and then being interpreted to ISO-8859-1 again. (I have
real-world scripts where this happened no less than three times in succession;
when "æøå" in your database becomes "ÃÂÃÂ¦ÃÂÃÂ¸ÃÂÃÂ¥" on your web page, it is
what I'd call slightly suboptimal :-) )

/* Steinar */
-- 
Homepage: http://www.sesse.net/

Reply to:

References:
- Re: Accepted perl 5.8.4-8sarge4 (source sparc all)
  - From: Martin Zobel-Helas <zobel@ftbfs.de>
- Re: Accepted perl 5.8.4-8sarge4 (source sparc all)
  - From: Brendan O'Dea <bod@debian.org>

Prev by Date: Re: Accepted perl 5.8.4-8sarge4 (source sparc all)
Next by Date: Re: bug in tar 1.14-2.1
Previous by thread: Re: Accepted perl 5.8.4-8sarge4 (source sparc all)
Next by thread: Problem with latest security version of tar (1.14-2.1)
Index(es):
- Date
- Thread