CVE-2012-6329

NameCVE-2012-6329
DescriptionThe _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh
Debian Bugs509864, 695224

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
perl (PTS)stretch5.24.1-3+deb9u7fixed
stretch (security)5.24.1-3+deb9u5fixed
buster5.28.1-6+deb10u1fixed
bullseye5.32.1-4fixed
bullseye (security)5.32.1-4+deb11u1fixed
bookworm5.32.1-5fixed
sid5.32.1-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
foswikiITP509864
perlsourcesqueeze5.10.1-17squeeze5
perlsource(unstable)5.14.2-16695224

Search for package or bug name: Reporting problems