Bug #44069 for Date-Manip: Date::Manip 5.48 is not taint safe

Thu Mar 12 11:39:43 2009 FHOXH [...] cpan.org - Ticket created

Subject:

Date::Manip 5.48 is not taint safe

Line 39 of 5.48's Manip.pm uses a mechanism that is no longer recommended for determining whether or not taint-mode is in effect. This issue results in Date::Manip not being taint-mode-safe. The below quoted excerpt is from Perl Training Australia Pty Ltd's "Perl Security (release 1.5)" PDF by Paul Fenwick and Jacinta Richardson. $ perl -t -MDate::Manip -e '' Insecure dependency in eval while running with -t switch at /usr/lib/perl5/site_perl/5.8.8/Date/Manip.pm line 39. $ "In Perl 5.8.x the special variable ${^TAINT} can be used to determine if perl is running in taint mode. In Perl 5.6.0 there is no easily reliable way to detect if the program is using taint mode without interacting with the operating system in some way. The common practice of examining $^X cannot be recommend as it is possible to replace $^X with untainted [sic] data."

Wed Sep 29 06:48:28 2010 SILASMONK [...] cpan.org - Correspondence added

We have a reported bug like this in the Debian system. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561970 However note that this is on an amd64 build. I cannot reproduce this on an i386 Debian.

Wed Sep 29 06:48:31 2010 The RT System itself - Status changed from 'new' to 'open'

Wed Apr 08 07:29:01 2015 sbeck [...] cpan.org - Correspondence added

No longer relevant.

Wed Apr 08 07:29:04 2015 sbeck [...] cpan.org - Status changed from 'open' to 'resolved'