Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass
Dominic Hargreaves
dom at earth.li
Wed Oct 5 18:02:47 UTC 2011
On Sat, Oct 01, 2011 at 08:12:18AM +0300, Damyan Ivanov wrote:
> -=| Dominic Hargreaves, 30.09.2011 18:26:41 +0100 |=-
> > I'm reopening the bug, because I believe this fix applies to
> > squeeze, and should be fixed there.
>
> Agreed.
>
> > Has anyone yet contacted the security team about this/is anyone
> > working on packages for squeeze?
>
> I don't think so.
>
> Porting the patch (for some reason it doesn't apply cleanly) is
> trivial. Attached is a patch that does exactly that (to be git
> apply'ed to the debian/0.71-1 tag, which is the squeeze version).
As now publicly announced, this affects Request Tracker on squeeze:
<http://lists.bestpractical.com/pipermail/rt-announce/2011-October/000196.html>.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the pkg-perl-maintainers
mailing list