Bug#581194: libpoe-component-irc-perl: Insufficient stripping of CR/LF allows arbitrary IRC command execution
Luciano Bello
luciano at debian.org
Tue Aug 3 16:59:06 UTC 2010
Hi Ansgar,
Thanks for getting in touch with us and sorry for the delay in the answer.
El Mar 03 Ago 2010, Ansgar Burchardt escribió:
> > Security Team: Should we upload the proposed fix to stable-security or
> > should this rather be fixed in the next point release of Lenny?
Since the problem affects only IRC commands in script that doesn't remove CR/LF
from parameters they send to the IRC component, the problem should be fixed via
an stable-proposed-update. Can you (or somebody else in the perl group) please
make this upload? Remember to contact debian-release at lists.d.o attaching the
debdiff.
Thanks you for all your contributions
Luciano
More information about the pkg-perl-maintainers
mailing list