Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411

Moritz Muehlenhoff Mon, 03 Jan 2011 10:18:15 -0800

On Mon, Dec 27, 2010 at 04:12:16PM +0100, gregor herrmann wrote:
> tag 606370 + patch
> tag 606995 + patch
> thanks
> 
> On Mon, 27 Dec 2010 16:23:40 +0200, Niko Tyni wrote:
> 
> > > > > > http://security-tracker.debian.org/tracker/CVE-2010-2761 
> > > > > > http://security-tracker.debian.org/tracker/CVE-2010-4410
> > > > > > http://security-tracker.debian.org/tracker/CVE-2010-4411
> > > > > I'm not quite sure yet what CVE-2010-4411 refers to.  It seems that 
> > > > > the
> > > > > fix for CVE-2010-2761 was not complete, but it is not a different, new
> > > > > issue?
> > >  
> > > https://github.com/markstos/CGI.pm/commit/77b3b2056c003edee034a2a890212edab800900d
> 
> Thanks for digging this out; I was looking a few times and never
> understood CVE-2010-4411 ...
> 
> > Assuming this is the case, I'm attaching preliminary patches for
> 
> Thanks!
>  
> > I haven't looked at libcgi-simple-perl at all.
> 
> I think Damyan has started to look at it.


Could you upload the fixes targeted at squeeze to tpu?

Cheers,
        Moritz



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411

Reply via email to