Bug#607479: /CVE-2011-2766 authentication bypass
Dominic Hargreaves
dom at earth.li
Fri Sep 30 17:26:41 UTC 2011
reopen 607479
thanks
On Sat, Sep 17, 2011 at 07:01:23PM +0000, pkg-perl-maintainers at lists.alioth.debian.org wrote:
> Some bugs in the libfcgi-perl package are closed in revision
> 491e5d141a11c750d1213a947a8c2ecf424145ee in branch 'master' by Damyan
> Ivanov
>
> The full diff can be seen at
> http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libfcgi-perl.git;a=commitdiff;h=491e5d1
>
> Commit message:
>
> Add patch from upstream bug tracker fixing CVE-2011-2766
>
> Closes: #607479
> Thaks to Ferdinand for reporting, Russ Allbery for the analysis and chansen for
> the patch.
Damyan, thanks for fixing this in unstable. I'm reopening the bug,
because I believe this fix applies to squeeze, and should be fixed there.
Has anyone yet contacted the security team about this/is anyone working
on packages for squeeze?
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the pkg-perl-maintainers
mailing list