Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411

Niko Tyni ntyni at debian.org
Fri Dec 10 07:19:52 UTC 2010


On Wed, Dec 08, 2010 at 07:47:18PM +0100, Moritz Muehlenhoff wrote:
> Package: libcgi-pm-perl
> Version: 3.49-1
> Severity: grave
> Tags: security
> 
> Three security issues have been reported in libcgi-pm-perl:
> 
> http://security-tracker.debian.org/tracker/CVE-2010-2761 
> http://security-tracker.debian.org/tracker/CVE-2010-4410
> http://security-tracker.debian.org/tracker/CVE-2010-4411
> 
> The first two issues are fixed in 3.50 (already in sid), but
> the second is still pending a final fix (see the referenced
> link). Please get in touch with the release team to check,
> whether migrating 3.50 plus the fix for CVE-2010-4411 or
> uploading a tpu fix with 3.49 plus the security fixes is the
> best way to resolve this.

Please note that CGI.pm is also in perl-modules. I'm unfortunately busy
ATM, and I'd very much appreciate a clone of this bug with proposed
patches. NMUs are also fine by me.

% corelist -a CGI | fgrep v5.10
  v5.10.0    3.29      
  v5.10.1    3.43      

-- 
Niko Tyni   ntyni at debian.org




More information about the Perl-maintainers mailing list