Skip Menu |

This queue is for tickets about the Crypt-OpenPGP CPAN distribution.

Report information
The Basics
Id: 14616
Status: resolved
Priority: 0/
Queue: Crypt-OpenPGP
People
Owner: Nobody in particular
Requestors: chris.hampson [...] arm.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Fri Sep 16 10:47:46 2005 Guest - Ticket created
Subject: Using keygen in taint
In Crypt-OpenPGP-1.03 When running in a taint environment there was a problem calling Crypt/DSA/KeyChain.pm:36 Error: Insecure dependency in `` while running with -T switch at /usr/local/share/perl/5.8.4/Crypt/DSA/KeyChain.pm line 36. This was due to the OpenSSL variable being used to call the program, which the taint envirnment would not allow. The only way I could find round it was by editing line 31 of the above file from: my $openssl = `which openssl`; to: my $openssl = $param{OpenSSL} || `which openssl`; then adding an argument to the keygen function. "OpenSSL" Cheers Chris
  Fri Dec 11 00:44:12 2009 cpan [...] stupidfool.org - Correspondence added
This was an issue in Crypt::DSA; it's resolved in the newest Crypt::DSA (1.16), which uses File::Which instead.
  Fri Dec 11 00:44:13 2009 The RT System itself - Status changed from 'new' to 'open'
  Fri Dec 11 00:44:13 2009 cpan [...] stupidfool.org - Status changed from 'open' to 'resolved'