CVE-2012-6329

Name	CVE-2012-6329
Description	The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	509864, 695224

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
perl (PTS)	jessie, jessie (lts)	5.20.2-3+deb8u14	fixed
	stretch (security)	5.24.1-3+deb9u5	fixed
	stretch (lts), stretch	5.24.1-3+deb9u8	fixed
	buster, buster (lts)	5.28.1-6+deb10u2	fixed
	bullseye	5.32.1-4+deb11u3	fixed
	bullseye (security)	5.32.1-4+deb11u4	fixed
	bookworm	5.36.0-7+deb12u1	fixed
	sid, trixie	5.40.0-7	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
foswiki	ITP					509864
perl	source	squeeze	5.10.1-17squeeze5
perl	source	(unstable)	5.14.2-16			695224