[Catalyst] [Fwd: [rt-users] Security vulnerability in RT 3.0 and up]

Dave Rolsky autarch at urth.org
Tue Jun 24 09:17:15 BST 2008

On Mon, 23 Jun 2008, Lance A. Brown wrote:

> Hmmmm.   Is this something Catalyst needs to worry about?

The case to tickle this particular bug is that you need to pass bad UTF8 
to a sub that's in the call chain and then generate a Devel::StackTrace 
object and then try to stringify that object.

Also, this only affects some versions of Perl.

So, the short answer is that this is unlikely to be a problem for most 
applications out there. RT, amazingly, happened to do exactly the sequence 
of things I described above.

It certainly will not hurt to upgrade your copy of Devel::StackTrace, 


Your guide to all that's veg

More information about the Catalyst mailing list