On Wed, Oct 12, 2011 at 12:03:50PM +0300, Damyan Ivanov wrote: > -=| Dominic Hargreaves, 11.10.2011 14:33:42 +0100 |=- > > On Sat, Oct 01, 2011 at 12:44:33PM +0200, Moritz Mühlenhoff wrote: > > > Did update this receive testing? > > The changes look sane "in theory". They address all mentions of > FCGI::ENV in the source. > > The RT testing by Dominic seems sufficient additional assurance to me.
Russ, I guess you've been involved in fixing this locally; are you able to make any comments on the soundness of the patch at <http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libfcgi-perl.git;a=blob;f=debian/patches/cve-2011-2766.patch;h=62ca4ac0aff279faba37ce2168fccd248e5c45a6;hb=48b6294e73f73323310250fde667b2a2b7032df2> ? Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
