On Wed, Dec 08, 2010 at 07:47:18PM +0100, Moritz Muehlenhoff wrote: > Package: libcgi-pm-perl > Version: 3.49-1 > Severity: grave > Tags: security > > Three security issues have been reported in libcgi-pm-perl: > > http://security-tracker.debian.org/tracker/CVE-2010-2761 > http://security-tracker.debian.org/tracker/CVE-2010-4410 > http://security-tracker.debian.org/tracker/CVE-2010-4411 > > The first two issues are fixed in 3.50 (already in sid), but > the second is still pending a final fix (see the referenced > link). Please get in touch with the release team to check, > whether migrating 3.50 plus the fix for CVE-2010-4411 or > uploading a tpu fix with 3.49 plus the security fixes is the > best way to resolve this.
Please note that CGI.pm is also in perl-modules. I'm unfortunately busy ATM, and I'd very much appreciate a clone of this bug with proposed patches. NMUs are also fine by me. % corelist -a CGI | fgrep v5.10 v5.10.0 3.29 v5.10.1 3.43 -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
