© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I reviewed libmldbm-perl 2.05-3 as checked into kinetic. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
> MLDBM store multi-level Perl hash structure in single level tied hash
- CVE History:
- ancient leak circa 1999
- https:/
- Build-Depends?
- Data::Dumper perl module 2.08
- 2.08 is a very old version
- some Data:Dumper updates are security related
- https:/
- nb: package also provides MLDBM::
- pre/post inst/rm scripts?
- none
- init scripts?
- none
- systemd units?
- none
- dbus services?
- none
- setuid binaries?
- none
- binaries in PATH?
- sudo fragments?
- none
- polkit files?
- none
- udev rules?
- none
- unit tests / autopkgtests?
- has build tests and autopkgtests
- cron jobs?
- none
- Build logs:
- looks clean
- Processes spawned?
- concerning eval in ./lib/MLDBM/
- values missing a magic key string are returned before eval +1
- Memory management?
- none
- File IO?
- none, besides build
- Logging?
- yes, via carp
- Environment variable usage?
- none
- Use of privileged functions?
- none
- Use of cryptography / random number sources etc?
- none
- Use of temp files?
- none
- Use of networking?
- none
- Use of WebKit?
- none
- Use of PolicyKit?
- none
- Any significant cppcheck results?
- none / not applicable
- Any significant Coverity results?
- none / not applicable
- Any significant shellcheck results?
- none / not applicable
- Any significant bandit results?
- none / not applicable
- Any significant perlcritic?
- none
Code is possibly unmaintained. Code was written 10 years ago. A travis file was
added 8 years ago. There has never been an issue or pull request on GitHub.
https:/
See Warnings section of mldbm(3)
https:/
Security team ACK for promoting libmldbm-perl to main.