Advisories ยป MGAA-2020-0157

Updated perl-Template-Toolkit packages fix log messages

Publication date: 31 Jul 2020
Modification date: 31 Jul 2020
Type: bugfix
Affected Mageia releases : 7

Description

Fix taint issue in Template/Provider.pm

As reported upstream [1] (and first discovered by the GCC team [2]),
Bugzilla doesn't work correctly when used with the 2.x version of
Template-Toolkit on newer versions of perl (2.26 and newer). Upgrading to
version 3.000 or higher fixes the problem. As reported on github [3], TT
3 has a taint issue, and so a trivial fix is needed to stop filling the
web server log. I attached a patch which fixes the problem.
                

References

SRPMS

7/core