Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass

Moritz Mühlenhoff jmm at inutil.org
Thu Oct 20 20:22:41 UTC 2011


On Fri, Oct 14, 2011 at 05:54:44PM +0200, Moritz Muehlenhoff wrote:
> On Wed, Oct 12, 2011 at 12:03:50PM +0300, Damyan Ivanov wrote:
> 
> > > Hello Damyan, are you planning to do this or do you need someone 
> > > else to take over? IMO this one warrants a DSA.
> > 
> > Thanks for the nudge. I have pushed the squeeze branch of 
> > http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libfcgi-perl.git;a=summary
> > with the changes so others can take over for the actual uploading if I am away.
> > 
> > The squeeze version still has Vcs-Svn in its control file. Would it be 
> > acceptable to change that too?
> 
> Yes. Please upload to security-master. Note that it needs to be build
> with "-sa", since libfcgi-perl is new in stable-security.

*ping*

Cheers,
        Moritz
 





More information about the pkg-perl-maintainers mailing list