Bug#631529: Missing fix for CVE-2010-1447
Niko Tyni
ntyni at debian.org
Sun Jun 26 05:49:12 UTC 2011
On Sat, Jun 25, 2011 at 12:09:03PM +0100, Dominic Hargreaves wrote:
> On Fri, Jun 24, 2011 at 06:56:40PM +0200, Moritz Muehlenhoff wrote:
> > Package: perl
> > Severity: grave
> > Tags: security
> >
> > Hi Perl maintainers,
> > it turns out that CVE-2010-1447 is still missing in Lenny and
> > Squeeze. It was originally attributed to Postgres, but it
> > was later found out that Perl is affected as well.
> >
> > The attached patch is still needed in both Lenny and Squeeze.
>
> Thanks for pointing this out. I'll verify the patch and prepare packages;
> do you want them uploaded to security-master ASAP?
Please note that this is probably going to break libpetal-perl and no
fix is available. See #582805.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list