use re 'eval' error

Tomas Doran bobtfish at
Thu Oct 23 16:04:42 EDT 2008

On 23 Oct 2008, at 19:55, Louis-David Mitterrand wrote:

> On Thu, Oct 23, 2008 at 05:11:27PM +0200, Aristotle Pagaltzis wrote:

>> * Louis-David Mitterrand <vindex+lists-markdown-

>> discuss at> [2008-10-23 13:55]:

>>> What is the fix?


>> You have to patch Text::Markdown to add that line to the block

>> the regex is in. I see you have already filed a bug against

>> Text::Markdown, excellent.


> Wouldn't a better fix be to remove the vulnerability from the regex?


> In other words isn't "use re 'eval';" weakening the module's security?

In this case, no, it isn't - as the string being interpolated into
the regex is another (static) chunk of pre-compiled regex.

I've released Text::Markdown 1.0.22 this evening, which corrects
this, and another bug.


More information about the Markdown-Discuss mailing list