Package: libcache-apt-perl Version: 0.13.3 Severity: normal Hi,
apt-cross is failing for me, because of a parenthesis (in a comment) in my sources.list: Unmatched ( in regex; marked by <-- HERE in m/# Repository for the vuurmuur firewall frontend ( <-- HERE It's included in Debian/ at /usr/share/perl5/Cache/Apt/Config.pm line 273. The relevant snippet from sources.list is: # Repository for the vuurmuur firewall frontend (It's included in Debian # from squeeze). #deb ftp://ftp.vuurmuur.org/debian/ sid main When looking at the code, it seems that the line from sources.list is directly interpreted as a regex: $m{$max_pri_suite}++ if ($max_pri_suite =~ /$s/); $m{$codename}++ if ($codename =~ /$s/) ($s is the line from sources.list). I can't really understand what this code is trying to do, it looks to me as if the match should be the other way around (look for $codename in $s instead of looking for $s in $codename). But it really shouldn't be using arbitrary user input (e.g., sources.list) in a regex directly without escaping. It seems perl forbids using the eval construct in a regex by default, so this doesn't seem to be a security issue. Gr. Matthijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org