Advisories » MGAA-2020-0157

Updated perl-Template-Toolkit packages fix log messages

Publication date: 31 Jul 2020
Modification date: 31 Jul 2020
Type: bugfix
Affected Mageia releases : 7

Description

Fix taint issue in Template/Provider.pm

As reported upstream [1] (and first discovered by the GCC team [2]),
Bugzilla doesn't work correctly when used with the 2.x version of
Template-Toolkit on newer versions of perl (2.26 and newer). Upgrading to
version 3.000 or higher fixes the problem. As reported on github [3], TT
3 has a taint issue, and so a trivial fix is needed to stop filling the
web server log. I attached a patch which fixes the problem.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26386
• https://bugzilla.mozilla.org/show_bug.cgi?id=1625554
• https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94349
• https://github.com/abw/Template2/issues/258

SRPMS

7/core

• perl-Template-Toolkit-3.8.0-1.mga7