r75230 - in /trunk/libdata-formvalidator-perl/debian: changelog patches/ patches/fix-re-when-untainting.patch patches/series
dmn at users.alioth.debian.org
dmn at users.alioth.debian.org
Tue Jun 7 10:11:19 UTC 2011
Author: dmn
Date: Tue Jun 7 10:11:11 2011
New Revision: 75230
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=75230
Log:
add a patch fixing a possible passing of invalid data in untaint mode
Closes: #629511
Added:
trunk/libdata-formvalidator-perl/debian/patches/
trunk/libdata-formvalidator-perl/debian/patches/fix-re-when-untainting.patch
trunk/libdata-formvalidator-perl/debian/patches/series
Modified:
trunk/libdata-formvalidator-perl/debian/changelog
Modified: trunk/libdata-formvalidator-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libdata-formvalidator-perl/debian/changelog?rev=75230&op=diff
==============================================================================
--- trunk/libdata-formvalidator-perl/debian/changelog (original)
+++ trunk/libdata-formvalidator-perl/debian/changelog Tue Jun 7 10:11:11 2011
@@ -1,3 +1,10 @@
+libdata-formvalidator-perl (4.66-3) UNRELEASED; urgency=low
+
+ * add a patch fixing a possible passing of invalid data in untaint mode
+ Closes: #629511
+
+ -- Damyan Ivanov <dmn at debian.org> Tue, 07 Jun 2011 13:10:12 +0300
+
libdata-formvalidator-perl (4.66-2) unstable; urgency=low
[ Russ Allbery ]
Added: trunk/libdata-formvalidator-perl/debian/patches/fix-re-when-untainting.patch
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libdata-formvalidator-perl/debian/patches/fix-re-when-untainting.patch?rev=75230&op=file
==============================================================================
--- trunk/libdata-formvalidator-perl/debian/patches/fix-re-when-untainting.patch (added)
+++ trunk/libdata-formvalidator-perl/debian/patches/fix-re-when-untainting.patch Tue Jun 7 10:11:11 2011
@@ -1,0 +1,20 @@
+Description: Fix a matching check leading to passing (and mangling) invalid data
+ $match would be '' when $val doesn't match $re and '' is still defined...
+Origin: vendor
+Bug: https://rt.cpan.org/Ticket/Display.html?id=61792
+Bug-Debian: http://bugs.debian.org/629511
+Forwarded: yes
+Author: Damyan Ivanov <dmn at debian.org>
+Last-Update: 2011-06-07
+
+--- a/lib/Data/FormValidator/Results.pm
++++ b/lib/Data/FormValidator/Results.pm
+@@ -807,7 +807,7 @@ sub _create_sub_from_RE {
+ # With methods, the value is the second argument
+ my $val = $force_method_p ? $_[1] : $_[0];
+ my ($match) = scalar ($val =~ $re);
+- if ($untaint_this && defined $match) {
++ if ($untaint_this && $match) {
+ # pass the value through a RE that matches anything to untaint it.
+ my ($untainted) = ($& =~ m/(.*)/s);
+ return $untainted;
Added: trunk/libdata-formvalidator-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libdata-formvalidator-perl/debian/patches/series?rev=75230&op=file
==============================================================================
--- trunk/libdata-formvalidator-perl/debian/patches/series (added)
+++ trunk/libdata-formvalidator-perl/debian/patches/series Tue Jun 7 10:11:11 2011
@@ -1,0 +1,1 @@
+fix-re-when-untainting.patch
More information about the Pkg-perl-cvs-commits
mailing list