clone 606370 -1 reassign -1 libcgi-simple-perl thanks On Wed, 08 Dec 2010 19:47:18 +0100, Moritz Muehlenhoff wrote:
> Three security issues have been reported in libcgi-pm-perl: > > http://security-tracker.debian.org/tracker/CVE-2010-2761 > http://security-tracker.debian.org/tracker/CVE-2010-4410 > http://security-tracker.debian.org/tracker/CVE-2010-4411 > > The first two issues are fixed in 3.50 (already in sid), but > the second is still pending a final fix (see the referenced > link). http://security-tracker.debian.org/tracker/CVE-2010-4410 says: "CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier ..." CGI::Simple is in libcgi-simple-perl, cloning/reassigning. Hm, and I'm a bit confused by "first two issues are fixed" and "the second ...". Let's look if I got it right: CVE-2010-2761: "The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier" -> libcgi-simple-perl -> libcgi-pm-perl in squeeze and older CVE-2010-4410: "CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier" -> libcgi-simple-perl -> libcgi-pm-perl in squeeze and older CVE-2010-4411: "Unspecified vulnerability in CGI.pm 3.50 and earlier" -> libcgi-pm-perl Cheers, gregor -- .''`. http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4 : :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe `- NP: Donovan: Jennifer Juniper
signature.asc
Description: Digital signature