perlsec manual states: > Laundering data using regular expression is the _only_ mechanism for > untainting dirty data, [...] However perl-5.12.3-142.fc14.x86_64 clears tainted flag even after lc() and uc() perl functions: $ perl -Te 'use Scalar::Util qw(tainted); printf("%d %d %d\n", tainted($0), tainted(lc($0)), tainted(uc($0)));' 1 0 0 This has been recognized by upstream as a security regression and fixed in forthcoming perl-5.14 (RT #87336).
*** This bug has been marked as a duplicate of bug 692898 ***