On Sun, 06 May 2012 22:13:05 +0100, Adam D. Barratt wrote:
> Specifically, a loss of error handling. The original version at least
> let the caller gracefully handle the failure, whereas the new version is
> technically an API change in that the function is defined as returning
> undef in the cas
On Sun, May 06, 2012 at 03:20:03PM +0200, gregor herrmann wrote:
> On Wed, 02 May 2012 22:02:13 +0300, Henri Salo wrote:
>
> > https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
> > CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225
>
> Attached is a b
On Mon, 07 May 2012 00:04:35 +0200, Cyril Brulebois wrote:
> > > Specifically, a loss of error handling. […]
> > Hm, good catch.
> > Maybe it's better to give this a second look ...
> Given the above, it very much looks like fixing that bug properly in
> unstable first (which is what we encourage
gregor herrmann (06/05/2012):
> > Specifically, a loss of error handling. […]
Yeah, my bad. Shouldn't try and mix paracetamol and s-p-u diff reviews…
Sorry about that.
> Hm, good catch.
> (tempfile() indeed just croak()s on errors according to the
> documentation).
>
> Maybe it's better to give
On Sun, 06 May 2012 22:13:05 +0100, Adam D. Barratt wrote:
> > (No error handling when doing I/O? Bad. But oh well, using tempfile
> > makes it look better anyway.)
> Specifically, a loss of error handling. The original version at least
> let the caller gracefully handle the failure, whereas the
On Sun, 2012-05-06 at 22:48 +0200, Cyril Brulebois wrote:
> gregor herrmann (06/05/2012):
> > Attached is a backport of the fix for squeeze; reviews welcome.
> >
> > Dear security and release teams: Please advise on how to proceed;
> > does s-p-u sound right for this isse?
>
> I'm happy to take
On Sun, 06 May 2012 22:48:45 +0200, Cyril Brulebois wrote:
> (strange to see your mail target the bug report and no-one else; Cc
> added manually.)
(Thanks for adding the CCs, and sorry for the confusion; I bounced
the mail later after missing the CCs in my first try.)
> > Dear security and rel
Hi,
(strange to see your mail target the bug report and no-one else; Cc
added manually.)
gregor herrmann (06/05/2012):
> Attached is a backport of the fix for squeeze; reviews welcome.
>
> Dear security and release teams: Please advise on how to proceed;
> does s-p-u sound right for this isse?
On Wed, 02 May 2012 22:02:13 +0300, Henri Salo wrote:
> https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
> CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225
Attached is a backport of the fix for squeeze; reviews welcome.
Dear security and release t
On Sun, 06 May 2012 14:28:39 +0200, gregor herrmann wrote:
> > https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
> > CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225
> Here's the diff of this commit.
Next attempt ...
--
.''`. Homepage: http://
tag 671255 + patch + fixed-upstream
thanks
On Wed, 02 May 2012 22:02:13 +0300, Henri Salo wrote:
> https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
> CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225
Here's the diff of this commit.
--
.''`. Hom
Package: libconfig-inifiles-perl
Version: 2.52-1
Severity: important
Tags: security
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225
-- System Information:
Debian Release: 6.0.4
APT prefers stable-
12 matches
Mail list logo
