Bug #100030 for Pithub: Uses File::Slurp, known to be buggy and vulnerable

RT for rt.cpan.org

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Pithub CPAN distribution.

Report information

The Basics

Id:	100030
Status:	resolved
Priority:	0/
Queue:	Pithub

People

Owner:	Nobody in particular
Requestors:	ether [...] cpan.org
Cc:
AdminCc:

Bug Information

Severity:	(no value)
Broken in:	(no value)
Fixed in:	(no value)

History Show all quoted text

Tue Nov 04 15:13:09 2014 ether [...] cpan.org - Ticket created

Subject:

Uses File::Slurp, known to be buggy and vulnerable

e.g. look at https://rt.cpan.org/Ticket/Display.html?id=83126 and be dismayed File::Slurper was written to be a drop-in replacement. Path::Tiny is also excellent

Tue Nov 04 17:09:38 2014 schwern [...] pobox.com - Correspondence added

Subject:	Re: [rt.cpan.org #100030] Uses File::Slurp, known to be buggy and vulnerable
Date:	Tue, 04 Nov 2014 14:09:27 -0800
To:	bug-Pithub [...] rt.cpan.org
From:	Michael G Schwern <schwern [...] pobox.com>

I never understood why that bug is as dire as everyone seems to say it is, but I do understand Unicode wizards are subtle and quick to anger. Fortunately File::Slurp is only used in tests and examples, so there's no real vulnerability. And I'll take any excuse to replace the multitude of File modules with Path::Tiny in any project. Thanks for the heads up, I'll fix it in a jiff.

Tue Nov 04 17:09:38 2014 The RT System itself - Status changed from 'new' to 'open'

Tue Nov 11 14:56:33 2014 mschwern [...] cpan.org - Correspondence added

See https://github.com/plu/Pithub/pull/177

Tue Nov 11 14:56:34 2014 mschwern [...] cpan.org - Status changed from 'open' to 'patched'

Wed Nov 19 19:51:52 2014 mschwern [...] cpan.org - Correspondence added

Released with 0.01028 just now.

Wed Nov 19 19:51:53 2014 mschwern [...] cpan.org - Status changed from 'patched' to 'resolved'