Package: libmailtools-perl Version: 1.62-1 Severity: normal Tags: upstream Hi,
I have already reported this upstream as CPAN bug #16917, <http://rt.cpan.org/NoAuth/Bug.html?id=16917>, but am sending it here as well. Mail::Address taints its data. Consider: #!/usr/bin/perl -wT use strict; use Scalar::Util qw(tainted); use Mail::Address; my @a = map { $_->address } Mail::Address->parse('[EMAIL PROTECTED]'); warn("tainted: $a[0]") if tainted($a[0]); This outputs tainted: [EMAIL PROTECTED] at ./a.pl line 8. for me on both sarge and sid. Clearly the input data was not tainted here, but the output is. This happens because Mail::Address has 'use locale' in effect, and the regexps at the end of _tokenise(), lines 116-119, match for whitespace (\s). This taints the data as documented in the perllocale document. I don't have a good patch, but this is unexpected behaviour and I think it should be at least documented. I found it while investigating #335937. Cheers, -- Niko Tyni [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
