As reported by tinderbox: Insecure dependency in require while running with -T switch at /home/ianh/ tinderbox/mozilla/webtools/bugzilla/importxml.pl line 59. This is only killing the Perl 5.00503 tinderbox. All the 5.6 tinderboxen are passing it. This is a 2.14 release blocker. Resolution of this bug will require either making Perl 5.00503 happy or deciding to require a newer version of Perl.
Target Milestone: --- → Bugzilla 2.14
Yipie, I found a machine with perl 5.00503 installed on it :) It seems that running a variable through an s///; expression doesn't untaint it (I don't know if that's only perl 5.005 or all versions). However, running it through m/()/; and setting it to $1 does.
Keywords: patch, review
That's just 5.005. 5.6 lets you untaint with an s///. This'll still work though. r= justdave checked in.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
Version: Bugzilla 2.13 → unspecified
Component: Bugzilla-General → Bug Import/Export & Moving
You need to log in before you can comment on or make changes to this bug.