Bug 1300

Summary: lc, uc and others functions allow to bypass the taint system
Product: Mageia Reporter: Michael Scherer <misc>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: jquelin
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1487
Whiteboard:
Source RPM: perl CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 908    

Description Michael Scherer 2011-05-16 09:50:35 CEST 
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1487
Michael Scherer 2011-05-16 09:50:45 CEST

Blocks: (none) => 908

Jerome Quelin 2011-05-16 12:46:21 CEST

CC: (none) => jquelin

Comment 1 Jerome Quelin 2011-05-16 14:02:37 CEST 
fixed in svn, needs to be pushed.
Comment 2 Michael Scherer 2011-05-16 17:22:43 CEST 
Seems to have been pushed.

Status: NEW => RESOLVED
Resolution: (none) => FIXED