Package: wnpp
Severity: wishlist
Owner: Daniel Swarbrick
* Package name: prometheus-squid-exporter
Version : 1.4
Upstream Author : Mohamad Arab
* URL : https://github.com/boynux/squid-exporter
* License : MIT
Programming Lang: Go
Description : Promethe
Package: wnpp
Severity: wishlist
Owner: Daniel Swarbrick
* Package name: prometheus-postfix-exporter
Version : 0.1.2
Upstream Author : Bart Vercoulen , Ed Schouten
* URL : https://github.com/kumina/postfix_exporter
* License : Apache-2.0
Programming Lang:
Hi,
I've just reported
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920269
against gropdf (also reported upstream to bug-groff), about the use of
the insecure null filehandle "<>" in Perl, which can lead to arbitrary
command execution, e.g. when using wildcards.
I've noticed that some ot
Vincent Lefevre writes ("Potentially insecure Perl scripts"):
> I've just reported
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920269
> against gropdf (also reported upstream to bug-groff), about the use of
> the insecure null filehandle "<>" in Perl, which can lead to arbitrary
> command
Ian Jackson writes ("Re: Potentially insecure Perl scripts"):
> Vincent Lefevre writes ("Potentially insecure Perl scripts"):
> > I've just reported
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920269
> > against gropdf (also reported upstream to bug-groff), about the use of
> > the inse
On 2019-01-23 15:32:00 +, Ian Jackson wrote:
> This is completely mad and IMO the bug is in perl, not in all of the
> millions of perl scripts that used <> thinking it was a sensible thing
> to write.
I agree that it would be better to drop this "feature" of Perl.
It is probably never used, an
On 1/23/19 2:05 PM, Vincent Lefevre wrote:
> Hi,
>
> I've just reported
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920269
>
> against gropdf (also reported upstream to bug-groff), about the use of
> the insecure null filehandle "<>" in Perl, which can lead to arbitrary
> command exe
On Wed, Jan 23, 2019 at 04:44:07PM +0100, Vincent Lefevre wrote:
> On 2019-01-23 15:32:00 +, Ian Jackson wrote:
> > This is completely mad and IMO the bug is in perl, not in all of the
> > millions of perl scripts that used <> thinking it was a sensible thing
> > to write.
>
> I agree that it
On 1/23/19 4:44 PM, Vincent Lefevre wrote:
> On 2019-01-23 15:32:00 +, Ian Jackson wrote:
>> This is completely mad and IMO the bug is in perl, not in all of the
>> millions of perl scripts that used <> thinking it was a sensible thing
>> to write.
>
> I agree that it would be better to drop t
On Wed, Jan 23, 2019 at 05:23:10PM +0100, Alex Mestiashvili wrote:
> On 1/23/19 4:44 PM, Vincent Lefevre wrote:
> > I agree that it would be better to drop this "feature" of Perl.
> > It is probably never used, and probably useless (I would rather
> > use the features from the shell if I need a pip
Ian Jackson writes:
> Apparently this has been klnown about for EIGHTEEN YEARS
> https://rt.perl.org/Public/Bug/Display.html?id=2783
> and no-one has fixed it or even documented it.
It's been documented for pretty close to eighteen years too. See
perlop(1):
The null filehandle "<>" is
On 1/23/19 5:31 PM, Colin Watson wrote:
> On Wed, Jan 23, 2019 at 05:23:10PM +0100, Alex Mestiashvili wrote:
>> On 1/23/19 4:44 PM, Vincent Lefevre wrote:
>>> I agree that it would be better to drop this "feature" of Perl.
>>> It is probably never used, and probably useless (I would rather
>>> use
On Wed, Jan 23, 2019 at 06:09:39PM +0100, Alex Mestiashvili wrote:
> On 1/23/19 5:31 PM, Colin Watson wrote:
> > On Wed, Jan 23, 2019 at 05:23:10PM +0100, Alex Mestiashvili wrote:
> >> On 1/23/19 4:44 PM, Vincent Lefevre wrote:
> >>> I agree that it would be better to drop this "feature" of Perl.
>
Colin Watson writes:
> Ah, I see. I think it would have been clearer what you meant with a bit
> more context, so here it is for others:
>If one can be sure that a particular program is a Perl script
>expecting filenames in @ARGV, the clever programmer can write
>somethi
On 1/23/19 6:23 PM, Colin Watson wrote:
> On Wed, Jan 23, 2019 at 06:09:39PM +0100, Alex Mestiashvili wrote:
>> On 1/23/19 5:31 PM, Colin Watson wrote:
>>> On Wed, Jan 23, 2019 at 05:23:10PM +0100, Alex Mestiashvili wrote:
On 1/23/19 4:44 PM, Vincent Lefevre wrote:
> I agree that it would
Package: wnpp
Severity: wishlist
Owner: Xavier Guimard
* Package name: popper.js
Version : 1.14.6
Upstream Author : Federico Zivolo
* URL : https://popper.js.org/
* License : Expat
Programming Lang: Javascript
Description : Javascript library to positi
Package: wnpp
Owner: Nick Morrott
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org
* Package name: connman-gtk
Version : 1.1.1+git20180626.b72c6ab
Upstream Author : Jaakko Hannikainen
* URL : https://github.com/jgke/connman-gtk
* License : GPL-2.
On 2019-01-23 17:23:10 +0100, Alex Mestiashvili wrote:
> On 1/23/19 4:44 PM, Vincent Lefevre wrote:
> > On 2019-01-23 15:32:00 +, Ian Jackson wrote:
> >> This is completely mad and IMO the bug is in perl, not in all of the
> >> millions of perl scripts that used <> thinking it was a sensible th
On Wed, 2019-01-23 at 09:07 -0800, Russ Allbery wrote:
> Ian Jackson writes:
>
> > Apparently this has been klnown about for EIGHTEEN YEARS
> > https://rt.perl.org/Public/Bug/Display.html?id=2783
> > and no-one has fixed it or even documented it.
>
> It's been documented for pretty close to ei
Ben Hutchings writes:
> People have said this about ASLR, protected symlinks, and many other
> kinds of security hardening changes. We made them anyway and took the
> temporary pain for a long-term security gain.
Well, Perl has a deprecation mechanism with warnings and so forth,
although I don'
20 matches
Mail list logo
