<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    Hello,<br>

    <br>

    I've just installed libcgi-session-perl 4.48-3, but still my twiki

    spew the following error:<br>

    <p><i> Insecure dependency in sysopen while running with -T switch

        at /usr/share/perl5/CGI/Session/Driver/file.pm line 107. </i></p>

    I had to apply the following patch to mute it:<br>

    <br>

    <tt>--- tmp/file.pm 2016-01-19 11:17:45.000000000 +0200</tt><tt><br>

    </tt><tt>+++ /usr/share/perl5/CGI/Session/Driver/file.pm 2016-01-19

      11:11:46.000000000 +0200</tt><tt><br>

    </tt><tt>@@ -52,6 +52,8 @@</tt><tt><br>

    </tt><tt>         return $self->set_error( "_file(): Session ids

      cannot contain \\ or / chars: $sid" );</tt><tt><br>

    </tt><tt>     }</tt><tt><br>

    </tt><tt><br>

    </tt><tt>+    ($sid) = $sid =~ /(.*)/;</tt><tt><br>

    </tt><tt>+</tt><tt><br>

    </tt><tt>     return File::Spec->catfile($self->{Directory},

      sprintf( $FileName, $sid ));</tt><tt><br>

    </tt><tt> }</tt><tt><br>

    </tt><tt><br>

      <br>

    </tt>Best regards,<br>

    Teodor<br>

    <br>

    <div class="moz-cite-prefix">On 15.01.2016 23:47, Niko Tyni wrote:<br>

    </div>

    <blockquote cite="mid:%3CE1aKCD5-0005yc-Pz@franck.debian.org%3E"

      type="cite">

      <pre wrap="">Source: libcgi-session-perl

Source-Version: 4.48-1+deb8u1

We believe that the bug you reported is fixed in the latest version of

libcgi-session-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

attached.

Thank you for reporting the bug, which will now be closed.  If you

have further comments please address them to <a class="moz-txt-link-abbreviated" href="mailto:810799@bugs.debian.org">810799@bugs.debian.org</a>,

and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software

pp.

Niko Tyni <a class="moz-txt-link-rfc2396E" href="mailto:ntyni@debian.org"><ntyni@debian.org></a> (supplier of updated libcgi-session-perl package)

(This message was generated automatically at their request; if you

believe that there is a problem with it please contact the archive

administrators by mailing <a class="moz-txt-link-abbreviated" href="mailto:ftpmaster@ftp-master.debian.org">ftpmaster@ftp-master.debian.org</a>)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

Format: 1.8

Date: Fri, 15 Jan 2016 17:37:38 +0200

Source: libcgi-session-perl

Binary: libcgi-session-perl

Architecture: source all

Version: 4.48-1+deb8u1

Distribution: jessie

Urgency: medium

Maintainer: Debian Perl Group <a class="moz-txt-link-rfc2396E" href="mailto:pkg-perl-maintainers@lists.alioth.debian.org"><pkg-perl-maintainers@lists.alioth.debian.org></a>

Changed-By: Niko Tyni <a class="moz-txt-link-rfc2396E" href="mailto:ntyni@debian.org"><ntyni@debian.org></a>

Description:

 libcgi-session-perl - persistent session data in CGI applications

Closes: 810799

Changes:

 libcgi-session-perl (4.48-1+deb8u1) jessie; urgency=medium

 .

   * Team upload.

   * Untaint raw data coming from session storage backends.

     + fixes a taint regression caused by CVE-2015-8607 fixes in perl

       (Closes: #810799)

Checksums-Sha1:

 dd9f83880c6e00799d0227ab97f0a53d9f4e3e56 2310 libcgi-session-perl_4.48-1+deb8u1.dsc

 3f414fda9db1f6709c2138f88eabfb006ac07959 5212 libcgi-session-perl_4.48-1+deb8u1.debian.tar.xz

 416fa42341118941ded98b8bac1724b99c06662e 118682 libcgi-session-perl_4.48-1+deb8u1_all.deb

Checksums-Sha256:

 89a831bc5ee51ed2efa734c0424e38b99a53fcccddebfa0c75cdbcc06de5e8db 2310 libcgi-session-perl_4.48-1+deb8u1.dsc

 0fd7899549ba370648c84daf47a9c9c9db027503a2b649be206bb03540a06078 5212 libcgi-session-perl_4.48-1+deb8u1.debian.tar.xz

 7620fec43861ee6aff8c4ce9614438738a3142dfe0a501f9d26ae0658f2aeb6d 118682 libcgi-session-perl_4.48-1+deb8u1_all.deb

Files:

 e8763ea03d0ee8263025f2fa212ef1f4 2310 perl optional libcgi-session-perl_4.48-1+deb8u1.dsc

 fe371a64c0d220a676692b98af27e014 5212 perl optional libcgi-session-perl_4.48-1+deb8u1.debian.tar.xz

 ed1fc424632fca5164cda489517ecb89 118682 perl optional libcgi-session-perl_4.48-1+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1

iQIcBAEBCAAGBQJWmRQEAAoJEC7A/7O3MBsfS8sP/jNEBmo7hVWLjzXGHfCEGSzd

TUKWO9+nVBxESs64j4gBVGuAAK56AL8U55CYWmHxUGhY6vFS7orp3vrxbNtwvAvU

xJsRYtj/zZk/2erwHMXiHFFGAU3ItqzNfD4Rper8LwllsvWy8vdY1EXaMTYW0qA0

hkxuVPeXYzFNq0FAfGbksxPTcXce0GmxKm/j7btVsgedPcGbSGlSPxhwbdM2QSiX

IExK3y9au5UNKkTYXYgmh0Lyt5SSBoiMvn65ZZ4B6ZkMVywchmBjM8B+ysIqvedy

zB908tt7SX/Yf9zbuaXzT+krT5yBgT7MJIYZHD7ELMTHsy+CEkqEZhSq3X4pAg/6

EP1WAdLuiTsjG3D9+N6mYaTrCV2OSTLnxrzwGMDoMEQrIUBEie+QjaI9cPvfqK2k

jPjzbORIWMJSyLFy3u5pEW8MhsvlFj4cpDfkMxYgTBCYf03SSCfelp38L5c3CrQw

nj3jn7EYYi790khxso9NJlH9tKi8FVKUbSlUcXo6SzJYwnvrvT1AExW8187FQhAo

U7+aqUyeYc70vLKcVoY+dP1dvQJMrlHAzRkKNVFlMyfC3nmeDhRqVgZdQrB68gPj

H7y9zelIS6Bj7bBa8fnUb/4vcRzGdrNUWnq7E8WCS95drOfbpQtnm2pHUK8OesOH

/9yYiMLdXphy2992JeIS

=4mF8

-----END PGP SIGNATURE-----

</pre>

    </blockquote>

    <br>

  </body>

</html>