Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass
Moritz Mühlenhoff
jmm at inutil.org
Sat Oct 1 10:44:33 UTC 2011
On Sat, Oct 01, 2011 at 08:12:18AM +0300, Damyan Ivanov wrote:
> -=| Dominic Hargreaves, 30.09.2011 18:26:41 +0100 |=-
> > I'm reopening the bug, because I believe this fix applies to
> > squeeze, and should be fixed there.
>
> Agreed.
>
> > Has anyone yet contacted the security team about this/is anyone
> > working on packages for squeeze?
>
> I don't think so.
>
> Porting the patch (for some reason it doesn't apply cleanly) is
> trivial. Attached is a patch that does exactly that (to be git
> apply'ed to the debian/0.71-1 tag, which is the squeeze version).
Did update this receive testing?
distribution needs to point to stable-security, not unstable. And
while you're at it, please modify 0.71-1+squeeze.1 to 0.71-1+squeeze1
for consistency.
Cheers,
Moritz
More information about the pkg-perl-maintainers
mailing list