Bug#574066: Bug#574067: CVE-2010-0044 cookie weakness

Michael Gilbert michael.s.gilbert at gmail.com
Tue Mar 16 17:00:29 UTC 2010


On Tue, 16 Mar 2010 17:18:33 +0100, gregor herrmann wrote:
> On Mon, 15 Mar 2010 22:39:21 -0400, Michael Gilbert wrote:
> 
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for safari.  I'm not sure if their version of pubsub relates
> > to this package, but it should be checked.  If it does not, please
> > close the bug.  Thanks.
> 
> I don't see anything related to web cookies in
> POE::Component::PubSub.

it looks like Apple's "PubSub" is oriented around rss feeds, and
looking at apple's manpage [0], it doesn't look related to these
packages.  my best guess is that their PubSub is either an independent
implementation, a modified version, or a wrapper geared toward rss
feeds.  in any case, the problem is likely in their own code, and not
these core libraries.  i would say its safe to close.

mike

[0] http://developer.apple.com/mac/library/DOCUMENTATION/Darwin/Reference/ManPages/man1/pubsub.1.html





More information about the pkg-perl-maintainers mailing list