Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass

Dominic Hargreaves dom at earth.li
Wed Oct 5 18:14:33 UTC 2011

On Sat, Oct 01, 2011 at 12:44:33PM +0200, Moritz Mühlenhoff wrote:
> On Sat, Oct 01, 2011 at 08:12:18AM +0300, Damyan Ivanov wrote:

> > Porting the patch (for some reason it doesn't apply cleanly) is 
> > trivial. Attached is a patch that does exactly that (to be git 
> > apply'ed to the debian/0.71-1 tag, which is the squeeze version).
> Did update this receive testing?

I've just tested RT 3.8 + squeeze + mod_fcgid, and I can't spot any
> distribution needs to point to stable-security, not unstable. And
> while you're at it, please modify 0.71-1+squeeze.1 to 0.71-1+squeeze1
> for consistency.

Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

More information about the pkg-perl-maintainers mailing list