Bug#607479: tagging 607479, severity of 607479 is grave
Thijs Kinkhorst
thijs at debian.org
Thu Sep 8 12:05:54 UTC 2011
> This bug just caused a serious security incident for us, and I was able
> to work through the cause and the reason why not everyone sees it. The
> problem was introduced in 0.70 and is still present in 0.73.
>The following change was added in 0.70:
> sub accept() {
> warn "accept called as a method; you probably wanted to call Accept"
if @_;
> - if (defined %FCGI::ENV) {
> - %ENV = %FCGI::ENV;
> + if (%FCGI::ENV) {
> + %ENV = %FCGI::ENV;
> } else {
> - %FCGI::ENV = %ENV;
> + %FCGI::ENV = %ENV;
> }
Please use CVE-2011-2766 to refer to this issue.
Thanks,
Thijs
More information about the pkg-perl-maintainers
mailing list