Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass
Damyan Ivanov
dmn at debian.org
Sat Oct 1 05:12:18 UTC 2011
-=| Dominic Hargreaves, 30.09.2011 18:26:41 +0100 |=-
> I'm reopening the bug, because I believe this fix applies to
> squeeze, and should be fixed there.
Agreed.
> Has anyone yet contacted the security team about this/is anyone
> working on packages for squeeze?
I don't think so.
Porting the patch (for some reason it doesn't apply cleanly) is
trivial. Attached is a patch that does exactly that (to be git
apply'ed to the debian/0.71-1 tag, which is the squeeze version).
HTH,
dam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-patch-from-upstream-bug-tracker-fixing-CVE-2011-.patch
Type: text/x-diff
Size: 3070 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20111001/37fc5069/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20111001/37fc5069/attachment-0001.pgp>
More information about the pkg-perl-maintainers
mailing list