perlsec manual states:
> Laundering data using regular expression is the _only_ mechanism for
> untainting dirty data, [...]
However perl-5.12.3-142.fc14.x86_64 clears tainted flag even after lc() and uc() perl functions:
$ perl -Te 'use Scalar::Util qw(tainted); printf("%d %d %d\n", tainted($0), tainted(lc($0)), tainted(uc($0)));'
1 0 0
This has been recognized by upstream as a security regression and fixed in forthcoming perl-5.14 (RT #87336).
perlsec manual states: > Laundering data using regular expression is the _only_ mechanism for > untainting dirty data, [...] However perl-5.12.3-142.fc14.x86_64 clears tainted flag even after lc() and uc() perl functions: $ perl -Te 'use Scalar::Util qw(tainted); printf("%d %d %d\n", tainted($0), tainted(lc($0)), tainted(uc($0)));' 1 0 0 This has been recognized by upstream as a security regression and fixed in forthcoming perl-5.14 (RT #87336).