Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Dec 2012 10:56:44 -0600
From: Jamie Strandboge <>
CC:, security <>
Subject: CVE request: perl-modules

Debian recently fixed the following security bug:

"Locale::Maketext is a core l10n library that expands templates found in

Two problems were found, reported, and patched-for by Brian Carlson of
cPanel, and these fixes are now in blead and on the CPAN.

The commit in question is

The flaws are:

* in a [method,x,y,z] template, the method could be a fully-qualified name
* template expansion did not properly quote metacharacters, allowing
  code injection through a malicious template

Please upgrade your Locale::Maketext, especially if you allow user-provided

Jamie Strandboge       

Download attachment "signature.asc" of type "application/pgp-signature" (900 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.