[Catalyst] [Fwd: [rt-users] Security vulnerability in RT 3.0
and up]
Dave Rolsky
autarch at urth.org
Tue Jun 24 09:17:15 BST 2008
On Mon, 23 Jun 2008, Lance A. Brown wrote:
> Hmmmm. Is this something Catalyst needs to worry about?
The case to tickle this particular bug is that you need to pass bad UTF8
to a sub that's in the call chain and then generate a Devel::StackTrace
object and then try to stringify that object.
Also, this only affects some versions of Perl.
So, the short answer is that this is unlikely to be a problem for most
applications out there. RT, amazingly, happened to do exactly the sequence
of things I described above.
It certainly will not hurt to upgrade your copy of Devel::StackTrace,
however.
-dave
/*==========================
VegGuide.Org
Your guide to all that's veg
==========================*/
More information about the Catalyst
mailing list