bugzilla-daemon at bugzilla
Jul 7, 2009, 6:01 AM
Post #1 of 5
(451 views)
Permalink
|
|
[Bug 6148] sa-update fails: Insecure dependency in mkdir
|
|
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6148
--- Comment #1 from Mark Martinec <Mark.Martinec [at] ijs> 2009-07-07 06:01:30 PST ---
(my yesterdays posting, just for documentation):
I've seen it last week, looks like an old Perl bug of a tainted $1
is rearing its head again. The following patch to File/Basename.pm
avoids the trouble:
--- Basename.pm~ 2009-06-09 16:31:34.000000000 +0200
+++ Basename.pm 2009-06-27 15:49:49.000000000 +0200
@@ -332,4 +332,5 @@
my $type = $Fileparse_fstype;
+ local $1;
if ($type eq 'MacOS') {
$_[0] =~ s/([^:]):\z/$1/s;
Here the $_[0] is NOT tainted, but $1 is, so the $_[0] gets tainted,
which leads to a failure in mkdir further on.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
|
