Bug#695224: perl-modules: Locale::Maketext code injection

2013-04-12 Thread Dominic Hargreaves
On Sat, Mar 30, 2013 at 10:49:04PM +1100, Paul Harvey wrote: > Thanks Dominic for your pragmatic feedback, > > On 30/03/13 01:23, Dominic Hargreaves wrote: > >On Mon, Mar 25, 2013 at 02:00:03PM +1100, Paul Harvey wrote: > >>consider carefully before use. If the caller can't trust the API > >>versi

Bug#695224: perl-modules: Locale::Maketext code injection

2013-03-30 Thread Paul Harvey
Thanks Dominic for your pragmatic feedback, On 30/03/13 01:23, Dominic Hargreaves wrote: On Mon, Mar 25, 2013 at 02:00:03PM +1100, Paul Harvey wrote: consider carefully before use. If the caller can't trust the API version being reported, what is the point of version numbers in the first place?

Bug#695224: perl-modules: Locale::Maketext code injection

2013-03-29 Thread Dominic Hargreaves
On Mon, Mar 25, 2013 at 02:00:03PM +1100, Paul Harvey wrote: > For the Foswiki project, we can deal with things as-is. > > But you have created a new bug, Locale::Maketext 1.23 is being > shipped as 1.19 and I still don't see how this can ever be a good > idea. These two versions have different ve

Bug#695224: perl-modules: Locale::Maketext code injection

2013-03-24 Thread Paul Harvey
For the Foswiki project, we can deal with things as-is. But you have created a new bug, Locale::Maketext 1.23 is being shipped as 1.19 and I still don't see how this can ever be a good idea. These two versions have different version numbers for a reason: there has been a deliberate change whic

Bug#695224: perl-modules: Locale::Maketext code injection

2013-03-24 Thread Dominic Hargreaves
Hi Paul, Sorry for the delay in responding to this... On Mon, Mar 11, 2013 at 02:37:31PM +1100, Paul Harvey wrote: > Hi there, > > On Fri, Jan 18, 2013 at 03:06:38PM +, Dominic Hargreaves wrote: > ... > > Debian stable. As such I'd be very interested in hearing from anyone > > who has real w

Bug#695224: perl-modules: Locale::Maketext code injection

2013-03-10 Thread Paul Harvey
Hi there, On Fri, Jan 18, 2013 at 03:06:38PM +, Dominic Hargreaves wrote: ... > Debian stable. As such I'd be very interested in hearing from anyone > who has real world examples of this breaking things. It's worth pointing out that you've now got Locale::Maketext 1.23, minus the doc change

Bug#695224: perl-modules: Locale::Maketext code injection

2012-12-05 Thread Dominic Hargreaves
Package: perl-modules Severity: important Version: 5.14.2-15 - Forwarded message from Ricardo Signes - Date: Wed, 5 Dec 2012 10:51:47 -0500 From: Ricardo Signes To: perl5-port...@perl.org Subject: security notice: Locale::Maketext X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_0