The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://openwall.com/lists/oss-security/2011/04/01/3
http://openwall.com/lists/oss-security/2011/04/04/35
https://bugzilla.redhat.com/show_bug.cgi?id=692844
https://bugzilla.redhat.com/show_bug.cgi?id=692898
http://secunia.com/advisories/43921
http://secunia.com/advisories/44168
https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
http://www.debian.org/security/2011/dsa-2265
http://www.mandriva.com/security/advisories?name=MDVSA-2011:091