Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
Niko Tyni
ntyni at debian.org
Mon Dec 27 14:23:40 UTC 2010
On Mon, Dec 27, 2010 at 03:33:21PM +0200, Niko Tyni wrote:
> On Wed, Dec 08, 2010 at 08:53:28PM +0100, Moritz Muehlenhoff wrote:
> > On Wed, Dec 08, 2010 at 08:35:47PM +0100, Ansgar Burchardt wrote:
> > > Moritz Muehlenhoff <jmm at debian.org> writes:
> > > > Three security issues have been reported in libcgi-pm-perl:
> > > >
> > > > http://security-tracker.debian.org/tracker/CVE-2010-2761
> > > > http://security-tracker.debian.org/tracker/CVE-2010-4410
> > > > http://security-tracker.debian.org/tracker/CVE-2010-4411
>
> > > I'm not quite sure yet what CVE-2010-4411 refers to. It seems that the
> > > fix for CVE-2010-2761 was not complete, but it is not a different, new
> > > issue?
> https://github.com/markstos/CGI.pm/commit/77b3b2056c003edee034a2a890212edab800900d
>
> Mark, is this double newline injection fix the new patch referred above?
Assuming this is the case, I'm attaching preliminary patches for
3.29 (perl-modules / lenny)
3.38 (libcgi-pm-perl / lenny)
3.43 (perl-modules / squeeze + sid)
3.49 (libcgi-pm-perl / squeeze)
3.50 (libcgi-pm-perl / sid)
They include relevant test suite additions from the github repository
and a small test fix I sent to [rt.cpan.org #64261].
Eyeballs and testing would be welcome. In particular, I'm not entirely
sure about the //s modifier change in header() around CGI.pm:1500 in
the pre-3.49 patches. The change was introduced upstream with 3.49 along
with the header fixes but it's not covered by the test suite.
I haven't looked at libcgi-simple-perl at all.
--
Niko Tyni ntyni at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: perl-modules.lenny.patch
Type: text/x-diff
Size: 5453 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101227/35870226/attachment-0005.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libcgi-pm-perl-3.38.patch
Type: text/x-diff
Size: 5389 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101227/35870226/attachment-0006.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: perl-modules.squeeze.patch
Type: text/x-diff
Size: 5456 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101227/35870226/attachment-0007.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libcgi-pm-perl-3.49.patch
Type: text/x-diff
Size: 4556 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101227/35870226/attachment-0008.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libcgi-pm-perl-3.50.patch
Type: text/x-diff
Size: 3358 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101227/35870226/attachment-0009.patch>
More information about the pkg-perl-maintainers
mailing list