The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1487
Blocks: (none) => 908
CC: (none) => jquelin
fixed in svn, needs to be pushed.
Seems to have been pushed.
Status: NEW => RESOLVEDResolution: (none) => FIXED