Bug#607479: libfcgi-perl/CVE-2011-2766 authentication bypass
Moritz Mühlenhoff
jmm at inutil.org
Thu Oct 20 20:22:41 UTC 2011
On Fri, Oct 14, 2011 at 05:54:44PM +0200, Moritz Muehlenhoff wrote:
> On Wed, Oct 12, 2011 at 12:03:50PM +0300, Damyan Ivanov wrote:
>
> > > Hello Damyan, are you planning to do this or do you need someone
> > > else to take over? IMO this one warrants a DSA.
> >
> > Thanks for the nudge. I have pushed the squeeze branch of
> > http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libfcgi-perl.git;a=summary
> > with the changes so others can take over for the actual uploading if I am away.
> >
> > The squeeze version still has Vcs-Svn in its control file. Would it be
> > acceptable to change that too?
>
> Yes. Please upload to security-master. Note that it needs to be build
> with "-sa", since libfcgi-perl is new in stable-security.
*ping*
Cheers,
Moritz
More information about the pkg-perl-maintainers
mailing list