[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc

* Adam D. Barratt:

> I do share Florian's concern about the potential breakage as a result of
> the change.  Do we have any idea how many packages in {old,}stable would
> be affected and to what degree?  Particularly in the case of oldstable,
> with its four month update cycle, fixing packages broken by the change
> could be somewhat painful.

Okay, then we should release a DSA for it, so that the breakage is
more easily blamed on this particular change, and that it's less
confusing if we have to issue follow-up DSAs.  Perhaps late May or
early June would be a convenient release date?

Reply to: