Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass
Dominic Hargreaves
dom at earth.li
Tue Oct 11 13:33:42 UTC 2011
On Sat, Oct 01, 2011 at 12:44:33PM +0200, Moritz Mühlenhoff wrote:
> On Sat, Oct 01, 2011 at 08:12:18AM +0300, Damyan Ivanov wrote:
> > -=| Dominic Hargreaves, 30.09.2011 18:26:41 +0100 |=-
> > > I'm reopening the bug, because I believe this fix applies to
> > > squeeze, and should be fixed there.
> >
> > Agreed.
> >
> > > Has anyone yet contacted the security team about this/is anyone
> > > working on packages for squeeze?
> >
> > I don't think so.
> >
> > Porting the patch (for some reason it doesn't apply cleanly) is
> > trivial. Attached is a patch that does exactly that (to be git
> > apply'ed to the debian/0.71-1 tag, which is the squeeze version).
>
> Did update this receive testing?
>
> distribution needs to point to stable-security, not unstable. And
> while you're at it, please modify 0.71-1+squeeze.1 to 0.71-1+squeeze1
> for consistency.
Hello Damyan, are you planning to do this or do you need someone else
to take over? IMO this one warrants a DSA.
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the pkg-perl-maintainers
mailing list