r74478 - in /branches/squeeze/libmojolicious-perl/debian: changelog patches/fix-CVE-2010-4802.patch patches/series
carnil at users.alioth.debian.org
carnil at users.alioth.debian.org
Sun May 15 21:11:03 UTC 2011
Author: carnil
Date: Sun May 15 21:10:12 2011
New Revision: 74478
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=74478
Log:
[SECURITY] Add fix-CVE-2010-4802.patch. Fix broken CGI environment
detection. Fixes CVE-2010-4802.
Added:
branches/squeeze/libmojolicious-perl/debian/patches/fix-CVE-2010-4802.patch
Modified:
branches/squeeze/libmojolicious-perl/debian/changelog
branches/squeeze/libmojolicious-perl/debian/patches/series
Modified: branches/squeeze/libmojolicious-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/branches/squeeze/libmojolicious-perl/debian/changelog?rev=74478&op=diff
==============================================================================
--- branches/squeeze/libmojolicious-perl/debian/changelog (original)
+++ branches/squeeze/libmojolicious-perl/debian/changelog Sun May 15 21:10:12 2011
@@ -4,8 +4,10 @@
CVE-2011-1841 (Closes: #626135).
* [SECURITY] Add fix-CVE-2010-4803.patch. Fix not properly implemented
HMAC-MD5 checksums. Fixes CVE-2010-4803.
+ * [SECURITY] Add fix-CVE-2010-4802.patch. Fix broken CGI environment
+ detection. Fixes CVE-2010-4802.
- -- Salvatore Bonaccorso <carnil at debian.org> Fri, 13 May 2011 19:50:52 +0200
+ -- Salvatore Bonaccorso <carnil at debian.org> Sun, 15 May 2011 23:08:39 +0200
libmojolicious-perl (0.999926-1+squeeze1) stable-security; urgency=high
Added: branches/squeeze/libmojolicious-perl/debian/patches/fix-CVE-2010-4802.patch
URL: http://svn.debian.org/wsvn/pkg-perl/branches/squeeze/libmojolicious-perl/debian/patches/fix-CVE-2010-4802.patch?rev=74478&op=file
==============================================================================
--- branches/squeeze/libmojolicious-perl/debian/patches/fix-CVE-2010-4802.patch (added)
+++ branches/squeeze/libmojolicious-perl/debian/patches/fix-CVE-2010-4802.patch Sun May 15 21:10:12 2011
@@ -1,0 +1,27 @@
+Description: Try to fix broken CGI environment detection.
+ CVE-CVE-2010-4802
+Origin: vendor
+Author: Salvatore Bonaccorso <carnil at debian.org>
+Last-Update: 2011-05-15
+
+--- a/lib/Mojo/Commands.pm
++++ b/lib/Mojo/Commands.pm
+@@ -143,7 +143,7 @@
+ }
+
+ sub _detect {
+- my $self = shift;
++ my ($self, $name) = @_;
+
+ # PSGI (Plack only for now)
+ return 'psgi' if defined $ENV{PLACK_ENV};
+@@ -151,6 +151,9 @@
+ # CGI
+ return 'cgi' if defined $ENV{PATH_INFO};
+
++ # No further detection if we have a name
++ return $name if $name;
++
+ # FastCGI
+ return 'fastcgi' unless defined $ENV{PATH};
+
Modified: branches/squeeze/libmojolicious-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/branches/squeeze/libmojolicious-perl/debian/patches/series?rev=74478&op=diff
==============================================================================
--- branches/squeeze/libmojolicious-perl/debian/patches/series (original)
+++ branches/squeeze/libmojolicious-perl/debian/patches/series Sun May 15 21:10:12 2011
@@ -2,3 +2,4 @@
improve-RFC3986-compliance-of-Mojo-Path.patch
626135-fix-xss-issue-in-link_to-helper.patch
fix-CVE-2010-4803.patch
+fix-CVE-2010-4802.patch
More information about the Pkg-perl-cvs-commits
mailing list