Bug#606995: Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
Moritz Muehlenhoff
jmm at inutil.org
Mon Jan 3 18:15:03 UTC 2011
On Mon, Dec 27, 2010 at 04:12:16PM +0100, gregor herrmann wrote:
> tag 606370 + patch
> tag 606995 + patch
> thanks
>
> On Mon, 27 Dec 2010 16:23:40 +0200, Niko Tyni wrote:
>
> > > > > > http://security-tracker.debian.org/tracker/CVE-2010-2761
> > > > > > http://security-tracker.debian.org/tracker/CVE-2010-4410
> > > > > > http://security-tracker.debian.org/tracker/CVE-2010-4411
> > > > > I'm not quite sure yet what CVE-2010-4411 refers to. It seems that the
> > > > > fix for CVE-2010-2761 was not complete, but it is not a different, new
> > > > > issue?
> > > https://github.com/markstos/CGI.pm/commit/77b3b2056c003edee034a2a890212edab800900d
>
> Thanks for digging this out; I was looking a few times and never
> understood CVE-2010-4411 ...
>
> > Assuming this is the case, I'm attaching preliminary patches for
>
> Thanks!
>
> > I haven't looked at libcgi-simple-perl at all.
>
> I think Damyan has started to look at it.
Could you upload the fixes targeted at squeeze to tpu?
Cheers,
Moritz
More information about the Perl-maintainers
mailing list