Bug#606379: Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
gregor herrmann
gregoa at debian.org
Mon Dec 27 15:12:16 UTC 2010
tag 606370 + patch
tag 606995 + patch
thanks
On Mon, 27 Dec 2010 16:23:40 +0200, Niko Tyni wrote:
> > > > > http://security-tracker.debian.org/tracker/CVE-2010-2761
> > > > > http://security-tracker.debian.org/tracker/CVE-2010-4410
> > > > > http://security-tracker.debian.org/tracker/CVE-2010-4411
> > > > I'm not quite sure yet what CVE-2010-4411 refers to. It seems that the
> > > > fix for CVE-2010-2761 was not complete, but it is not a different, new
> > > > issue?
> > https://github.com/markstos/CGI.pm/commit/77b3b2056c003edee034a2a890212edab800900d
Thanks for digging this out; I was looking a few times and never
understood CVE-2010-4411 ...
> Assuming this is the case, I'm attaching preliminary patches for
Thanks!
> I haven't looked at libcgi-simple-perl at all.
I think Damyan has started to look at it.
Cheers,
gregor
--
.''`. http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4
: :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
`- NP: Beatles
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101227/5a784cc6/attachment-0001.pgp>
More information about the pkg-perl-maintainers
mailing list