Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass
Dominic Hargreaves
dom at earth.li
Wed Oct 5 18:14:33 UTC 2011
On Sat, Oct 01, 2011 at 12:44:33PM +0200, Moritz Mühlenhoff wrote:
> On Sat, Oct 01, 2011 at 08:12:18AM +0300, Damyan Ivanov wrote:
> > Porting the patch (for some reason it doesn't apply cleanly) is
> > trivial. Attached is a patch that does exactly that (to be git
> > apply'ed to the debian/0.71-1 tag, which is the squeeze version).
>
> Did update this receive testing?
I've just tested RT 3.8 + squeeze + mod_fcgid, and I can't spot any
breakage.
> distribution needs to point to stable-security, not unstable. And
> while you're at it, please modify 0.71-1+squeeze.1 to 0.71-1+squeeze1
> for consistency.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the pkg-perl-maintainers
mailing list