Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI-Application-Server CPAN distribution.

Report information
The Basics
Id: 104176
Status: open
Priority: 0/
Queue: CGI-Application-Server

People
Owner: Nobody in particular
Requestors: gregoa [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



From: gregoa [...] cpan.org
Subject: libcgi-application-server-perl: needs changes for new CGI.pm
Download (untitled) / with headers
text/plain 2.1k
We have the following bug reported to the Debian package of CGI-Application-Server (https://bugs.debian.org/783405): It doesn't seem to be a bug in the packaging, so you may want to take a look. Thanks! ------8<-----------8<-----------8<-----------8<-----------8<----- Package: libcgi-application-server-perl Version: 0.063-1 This package doesn't currently have build or runtime dependencies on libcgi-pm-perl, as seen with the test suite warnings: t/000-report-versions-tiny.t ....... ok CGI will be removed from the Perl core distribution in the next major release. Please install the separate libcgi-pm-perl package. It is being used at /«PKGBUILDDIR»/blib/lib/CGI/Application/Server.pm, line 10. t/000_load.t ....................... ok However, when building with libcgi-pm-perl, we get new warnings: t/006_docroot_as_entry_point.t ..... ok CGI::param called in list context from package ReplaceQueryObject line 14, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436, <DATA> line 16. CGI::param called in list context from package ReplaceQueryObject line 14, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436, <DATA> line 16. CGI::param called in list context from package ReplaceQueryObject line 14, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436, <DATA> line 16. CGI::param called in list context from package ReplaceQueryObject line 14, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436, <DATA> line 16. t/006_replacequeryobject.t ......... ok so this needs code changes. Note that this package seems to be orphaned upstream, see https://github.com/rjbs/CGI-Application-Server/commit/e31e1327c77035fa50d68850db0c1aa4779508b6 -- Niko Tyni ntyni@debian.org ------8<-----------8<-----------8<-----------8<-----------8<----- Thanks for considering, gregor herrmann, Debian Perl Group
From: ntyni [...] iki.fi
Download (untitled) / with headers
text/plain 599b
On Sat May 02 16:34:02 2015, GREGOA wrote: Show quoted text
> We have the following bug reported to the Debian package of > CGI-Application-Server (https://bugs.debian.org/783405):
Show quoted text
> t/006_docroot_as_entry_point.t ..... ok > CGI::param called in list context from package ReplaceQueryObject line > 14, this can lead to vulnerabilities. See the warning in "Fetching the > value or values of a single named parameter" at > /usr/share/perl5/CGI.pm line 436, <DATA> line 16.
The attached patch should be enough to fix it. I see no security potential with this, it's just the test suite. -- Niko Tyni ntyni@debian.org
Subject: silence-test-warnings
Download silence-test-warnings
application/octet-stream 770b

Message body not shown because it is not plain text.



This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.