subject:"Bug#972189\: sympa\: CVE\-2020\-10936 regression \- removal of needed environment variables"

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

2020-11-06 Thread Sylvain Beucler

Hi, From what I understand the FCGI wrapper was used as CGI through e.g. fcgiwrap, and upstream recommended to switch to fcgi-spawn following https://sympa-community.github.io/manual/install/configure-http-server-spawnfcgi.html Carsten agreed and suggested we add a note about this in the

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

2020-10-15 Thread Holger Levsen

Hi, On Thu, Oct 15, 2020 at 10:20:14AM +0200, Sylvain Beucler wrote: > For reasons stated in dla-needed.txt, and more importantly for reasons > mentioned internally (see elts-git or Holger), I can't dedicate more > time this month. Sylvain, thanks for being explicit! (and still giving it a quick

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

2020-10-15 Thread Sylvain Beucler

Hi, Thank you both for notifying me. For reasons stated in dla-needed.txt, and more importantly for reasons mentioned internally (see elts-git or Holger), I can't dedicate more time this month. >From a quick look: - the patch for older versions is the same besides the copyright notices. - I'm

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

2020-10-14 Thread Chris Lamb

[adding b...@debian.org to CC] Hi Carsten, > since applying the security update from 6.2.16~dfsg-3+deb9u2 to > 6.2.16~dfsg-3+deb9u3 I found some troubles with the session handling, > i.e. the web server reports Thanks for the report. I've added Sylvain Beucler (my colleague who prepared

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

2020-10-14 Thread Stefan Hornburg (Racke)

On 10/14/20 8:02 AM, Carsten Aulbert wrote: > Package: sympa > Version: 6.2.16~dfsg-3+deb9u3 > Severity: important > > Dear Maintainer(s), > > since applying the security update from 6.2.16~dfsg-3+deb9u2 to > 6.2.16~dfsg-3+deb9u3 I found some troubles with the session handling, > i.e. the web

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

2020-10-14 Thread Stefan Hornburg (Racke)

On 10/14/20 8:02 AM, Carsten Aulbert wrote: > Package: sympa > Version: 6.2.16~dfsg-3+deb9u3 > Severity: important > > Dear Maintainer(s), > > since applying the security update from 6.2.16~dfsg-3+deb9u2 to > 6.2.16~dfsg-3+deb9u3 I found some troubles with the session handling, > i.e. the web

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

2020-10-14 Thread Carsten Aulbert

Package: sympa Version: 6.2.16~dfsg-3+deb9u3 Severity: important Dear Maintainer(s), since applying the security update from 6.2.16~dfsg-3+deb9u2 to 6.2.16~dfsg-3+deb9u3 I found some troubles with the session handling, i.e. the web server reports 2020/10/13 11:59:18 [error] 2123#2123: *3525

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables

7 matches

Site Navigation

Mail list logo

Footer information