On Wed, Dec 08, 2010 at 08:23:56PM +0100, gregor herrmann wrote: > clone 606370 -1 > reassign -1 libcgi-simple-perl > thanks > > On Wed, 08 Dec 2010 19:47:18 +0100, Moritz Muehlenhoff wrote: > > > Three security issues have been reported in libcgi-pm-perl: > > > > http://security-tracker.debian.org/tracker/CVE-2010-2761 > > http://security-tracker.debian.org/tracker/CVE-2010-4410 > > http://security-tracker.debian.org/tracker/CVE-2010-4411 > > > > The first two issues are fixed in 3.50 (already in sid), but > > the second is still pending a final fix (see the referenced > > link). > > http://security-tracker.debian.org/tracker/CVE-2010-4410 says: > "CRLF injection vulnerability in the header function in (1) CGI.pm > before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier ..." > > CGI::Simple is in libcgi-simple-perl, cloning/reassigning. > > > Hm, and I'm a bit confused by "first two issues are fixed" and "the > second ...". Let's look if I got it right: > > CVE-2010-2761: > "The multipart_init function in (1) CGI.pm before 3.50 and (2) > Simple.pm in CGI::Simple 1.112 and earlier" > -> libcgi-simple-perl > -> libcgi-pm-perl in squeeze and older > > CVE-2010-4410: > "CRLF injection vulnerability in the header function in (1) CGI.pm > before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier" > -> libcgi-simple-perl > -> libcgi-pm-perl in squeeze and older > > CVE-2010-4411: > "Unspecified vulnerability in CGI.pm 3.50 and earlier" > -> libcgi-pm-perl
Ack. Sorry for the confusion, I meant "third" instead of "second". Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org