You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/07/07 15:01:33 UTC
[Bug 6148] sa-update fails: Insecure dependency in mkdir
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6148
--- Comment #1 from Mark Martinec <Ma...@ijs.si> 2009-07-07 06:01:30 PST ---
(my yesterdays posting, just for documentation):
I've seen it last week, looks like an old Perl bug of a tainted $1
is rearing its head again. The following patch to File/Basename.pm
avoids the trouble:
--- Basename.pm~ 2009-06-09 16:31:34.000000000 +0200
+++ Basename.pm 2009-06-27 15:49:49.000000000 +0200
@@ -332,4 +332,5 @@
my $type = $Fileparse_fstype;
+ local $1;
if ($type eq 'MacOS') {
$_[0] =~ s/([^:]):\z/$1/s;
Here the $_[0] is NOT tainted, but $1 is, so the $_[0] gets tainted,
which leads to a failure in mkdir further on.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.