Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
ntyni at debian.org
Fri Jan 7 12:48:28 UTC 2011
On Thu, Jan 06, 2011 at 10:37:11PM +0200, Niko Tyni wrote:
> On Mon, Dec 27, 2010 at 04:23:40PM +0200, Niko Tyni wrote:
> > Assuming this is the case, I'm attaching preliminary patches for
> > 3.29 (perl-modules / lenny)
> > 3.38 (libcgi-pm-perl / lenny)
> > 3.43 (perl-modules / squeeze + sid)
> > 3.49 (libcgi-pm-perl / squeeze)
> > 3.50 (libcgi-pm-perl / sid)
> All this means I need another test session when I'm feeling less tired,
> so no perl upload tonight.
Done, just uploaded perl/5.10.1-17 with the attached patch.
perl (5.10.1-17) unstable; urgency=medium
* [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411:
fix CGI.pm MIME boundary and multiline header vulnerabilities.
Release team: please consider
The patch applies to lenny (5.10.0-19lenny2) as well with some fuzz after
Moritz: shall I upload a fixed lenny package to stable-security?
FWIW, I'd prefer to wait the five days for squeeze migration before a
DSA in case we get any regression reports.
Niko Tyni ntyni at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5846 bytes
Desc: not available
More information about the pkg-perl-maintainers