| Summary: | lc launders tainted flag | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Petr Pisar <ppisar> | |
| Component: | perl | Assignee: | Marcela Mašláňová <mmaslano> | |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 14 | CC: | cweyl, iarnell, jlieskov, kasal, lkundrak, mmaslano, ppisar, psabata, rc040203, tcallawa | |
| Target Milestone: | --- | Keywords: | Regression, Security | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| URL: | http://rt.perl.org/rt3//Public/Bug/Display.html?id=87336 | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 692862 (view as bug list) | Environment: | ||
| Last Closed: | 2011-04-01 14:42:06 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
*** This bug has been marked as a duplicate of bug 692898 *** |
perlsec manual states: > Laundering data using regular expression is the _only_ mechanism for > untainting dirty data, [...] However perl-5.12.3-142.fc14.x86_64 clears tainted flag even after lc() and uc() perl functions: $ perl -Te 'use Scalar::Util qw(tainted); printf("%d %d %d\n", tainted($0), tainted(lc($0)), tainted(uc($0)));' 1 0 0 This has been recognized by upstream as a security regression and fixed in forthcoming perl-5.14 (RT #87336).