Re: Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc
* Dominic Hargreaves:
>> > Okay, then we should release a DSA for it, so that the breakage is
>> > more easily blamed on this particular change, and that it's less
>> > confusing if we have to issue follow-up DSAs. Perhaps late May or
>> > early June would be a convenient release date?
>> Wasn't the earlier consensus that this only affects Perl scripts, which
>> are already insecure?
> I don't think we've seen any discussion of this; could you elaborate?
There was some discussion prior to filing the bug report, sorry.
Anyway, we should probably push the fix to lenny and squeeze at this
point. (See above for part of my rationale for that.)
I can grab
apply it to squeeze & lenny if you want me to. Are there any other
pending changes I should pick up?