381 2003-11-18 07:51:44 +0000 Check doesn't seem to work with Perl 5.8.1/5.8.2 with the -T option 2003-11-22 13:01:57 +0000 1 1 1 Unclassified Validator check 0.6.1 PC Linux RESOLVED FIXED http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217353 P2 major --- 1 schutz link oldest_to_newest 854 0 schutz 2003-11-18 07:51:44 +0000 [this is a follow-up to Debian bug #217353] It looks like starting with version 5.8.1, Perl is fussier about the tainted mode and the exec command: use of tainted data in command "exec LIST" seems to cause an error. check calls the commands open3("<&SPIN", ">&SPOUT", ">&SPERR", @cmd); and open3 itself calls "exec @cmd" -- since @cmd contains at least the name of the SGML Parser (read from the config file), it will always be tainted. In such a case, the validator prints only "This page is not valid" and no error or explanation. This makes the validator completely unusable, hence the severity "major". Can we consider that what is in the config file can be trusted and untaint all parameters blindly ? Frédéric 894 1 schutz 2003-11-22 08:01:57 +0000 Hum... it looks like I got lost in the different branches of the CVS: the fix seems to be there already. Closing this bug, sorry for the noise.