Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
Niko Tyni
ntyni at debian.org
Fri Dec 10 07:19:52 UTC 2010
On Wed, Dec 08, 2010 at 07:47:18PM +0100, Moritz Muehlenhoff wrote:
> Package: libcgi-pm-perl
> Version: 3.49-1
> Severity: grave
> Tags: security
>
> Three security issues have been reported in libcgi-pm-perl:
>
> http://security-tracker.debian.org/tracker/CVE-2010-2761
> http://security-tracker.debian.org/tracker/CVE-2010-4410
> http://security-tracker.debian.org/tracker/CVE-2010-4411
>
> The first two issues are fixed in 3.50 (already in sid), but
> the second is still pending a final fix (see the referenced
> link). Please get in touch with the release team to check,
> whether migrating 3.50 plus the fix for CVE-2010-4411 or
> uploading a tpu fix with 3.49 plus the security fixes is the
> best way to resolve this.
Please note that CGI.pm is also in perl-modules. I'm unfortunately busy
ATM, and I'd very much appreciate a clone of this bug with proposed
patches. NMUs are also fine by me.
% corelist -a CGI | fgrep v5.10
v5.10.0 3.29
v5.10.1 3.43
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list