Bug #20342 for YAML: Test::YAML question/security concern

RT for rt.cpan.org

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the YAML CPAN distribution.

Report information

The Basics

Id:	20342
Status:	resolved
Priority:	0/
Queue:	YAML

People

Owner:	Nobody in particular
Requestors:	steve [...] silug.org
Cc:
AdminCc:

Bug Information

Severity:	Important
Broken in:	0.62
Fixed in:	(no value)

History Show all quoted text

Fri Jul 07 10:03:27 2006 steve [...] silug.org - Ticket created

Subject:

Test::YAML question/security concern

During a normal "make install", Test::YAML is installed on the system. Test::YAML includes this line: use lib 'lib'; It seems like that would be a security issue. Is Test::YAML intended to be a general-purpose tool for YAML hackers, or is it really just for testing YAML.pm? This was brought up regarding the Fedora Extras YAML package (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197539). For now I've just removed Test::YAML from the package, but if it is likely to be useful to others, I'll add it back in later.

Thu Aug 14 02:43:22 2014 ingy [...] cpan.org - Correspondence added

This issue has been copied to: https://github.com/ingydotnet/yaml-pm/issues/63 please take all future correspondence there. This ticket will remain open but please do not reply here. This ticket will be closed when the github issue is dealt with.

Thu Aug 14 02:43:22 2014 The RT System itself - Status changed from 'new' to 'open'

Sun Dec 04 08:43:06 2016 TINITA [...] cpan.org - Correspondence added

fixed in Test::YAML 1.01

Sun Dec 04 08:43:11 2016 TINITA [...] cpan.org - Status changed from 'open' to 'resolved'