Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI-Application-Server CPAN distribution.

Report information
The Basics
Id: 104176
Status: open
Priority: 0/
Queue: CGI-Application-Server
People
Owner: Nobody in particular
Requestors: gregoa [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
silence-test-warnings

History Show all quoted text
  Sat May 02 16:34:02 2015 gregoa [...] cpan.org - Ticket created
From: gregoa [...] cpan.org
Subject: libcgi-application-server-perl: needs changes for new CGI.pm
We have the following bug reported to the Debian package of CGI-Application-Server (https://bugs.debian.org/783405): It doesn't seem to be a bug in the packaging, so you may want to take a look. Thanks! ------8<-----------8<-----------8<-----------8<-----------8<----- Package: libcgi-application-server-perl Version: 0.063-1 This package doesn't currently have build or runtime dependencies on libcgi-pm-perl, as seen with the test suite warnings: t/000-report-versions-tiny.t ....... ok CGI will be removed from the Perl core distribution in the next major release. Please install the separate libcgi-pm-perl package. It is being used at /«PKGBUILDDIR»/blib/lib/CGI/Application/Server.pm, line 10. t/000_load.t ....................... ok However, when building with libcgi-pm-perl, we get new warnings: t/006_docroot_as_entry_point.t ..... ok CGI::param called in list context from package ReplaceQueryObject line 14, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436, <DATA> line 16. CGI::param called in list context from package ReplaceQueryObject line 14, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436, <DATA> line 16. CGI::param called in list context from package ReplaceQueryObject line 14, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436, <DATA> line 16. CGI::param called in list context from package ReplaceQueryObject line 14, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436, <DATA> line 16. t/006_replacequeryobject.t ......... ok so this needs code changes. Note that this package seems to be orphaned upstream, see https://github.com/rjbs/CGI-Application-Server/commit/e31e1327c77035fa50d68850db0c1aa4779508b6 -- Niko Tyni ntyni@debian.org ------8<-----------8<-----------8<-----------8<-----------8<----- Thanks for considering, gregor herrmann, Debian Perl Group
  Sun May 17 08:37:46 2015 ntyni [...] iki.fi - Correspondence added
From: ntyni [...] iki.fi
On Sat May 02 16:34:02 2015, GREGOA wrote: Show quoted text
> We have the following bug reported to the Debian package of > CGI-Application-Server (https://bugs.debian.org/783405):
Show quoted text
> t/006_docroot_as_entry_point.t ..... ok > CGI::param called in list context from package ReplaceQueryObject line > 14, this can lead to vulnerabilities. See the warning in "Fetching the > value or values of a single named parameter" at > /usr/share/perl5/CGI.pm line 436, <DATA> line 16.
The attached patch should be enough to fix it. I see no security potential with this, it's just the test suite. -- Niko Tyni ntyni@debian.org
Subject: silence-test-warnings
Download silence-test-warnings
application/octet-stream 770b

Message body not shown because it is not plain text.

  Sun May 17 08:37:46 2015 The RT System itself - Status changed from 'new' to 'open'