Bug#810799: closed by Niko Tyni <ntyni at debian.org> (Bug#810799: fixed in libcgi-session-perl 4.48-1+deb8u1)
Niko Tyni
ntyni at debian.org
Mon Jan 25 11:37:11 UTC 2016
On Mon, Jan 25, 2016 at 09:17:38AM +0000, Chris Boot wrote:
> Thanks for pushing out the fix with the point release. Unfortunately, it
> seems that the fix doesn't help for TWiki, although it does help the
> test case pass.
>
> I'll see if I can come up with a new test case that demonstrates the
> issue we're seeing. For now, I have resolved this by un-tainting the
> $sid in CGI::Session::Driver::file::_file again.
>
> I haven't explicitly re-opened this bug because I'm not sure whether
> that's appropriate in this case.
Thanks for following up. A test case is indeed what we need for this.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810799#66
This is going to need a new bug number anyway as it's a separate issue,
so the cleanest thing would be to file a new bug altogether.
--
Niko Tyni ntyni at debian.org
More information about the pkg-perl-maintainers
mailing list