It is suspected that this package is vulnerable to a security vulnerability due to expanding of malicious entities via dev-perl/XML-Twig. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. Please see the information contained in the tracker bug 600818. # grep -Fr 'Twig->new' /var/tmp/portage/dev-perl/Net-DBus-1.1.0/work/Net-DBus-1.1.0 /var/tmp/portage/dev-perl/Net-DBus-1.1.0/work/Net-DBus-1.1.0/lib/Net/DBus/Binding/Introspector.pm: my $twig = XML::Twig->new();
Tested on 9/9/2017 --- developer / # grep -Fr 'use XML' Net-DBus-1.1.0 Net-DBus-1.1.0/lib/Net/DBus/Binding/Introspector.pm:use XML::Twig; Net-DBus-1.1.0/lib/Net/DBus/Binding/Introspector.pm: my $twig = XML::Twig->new(); Net-DBus-1.1.0/MYMETA.json: "XML::Twig" : "0" Net-DBus-1.1.0/Changes: - Replace use of XML::Grove with XML::Twig when parsing the Net-DBus-1.1.0/Makefile.PL: 'XML::Twig' => 0, Daj Uan (jmbailey) Gentoo Security Padawan