Hi Alejandro, I just stumbled upon this bug in UI::Dialog with improper escaping of shell metacharacters. I reported it upstream:
https://rt.cpan.org/Public/Bug/Display.html?id=107364review I was going to contact the Debian security team about this issue, when I noticed that this bug has been already reported back to Debian in 2008, but has not seen any activity or discussion since. Given that this is essentially a security issue, this surprises me. I wonder if this issue is actually severe enough to warrant a CVE and security update, so I want to contact the Debian security team. If you'd rather contact them yourself, let me know and I'll let you handle it instead. Note that in the upstream report linked above, an upstream developer has indicated he will try to work on a fix soon. Gr. Matthijs
signature.asc
Description: Digital signature
