On Fri, Jan 07, 2011 at 02:48:28PM +0200, Niko Tyni wrote: > On Thu, Jan 06, 2011 at 10:37:11PM +0200, Niko Tyni wrote: > > On Mon, Dec 27, 2010 at 04:23:40PM +0200, Niko Tyni wrote: > > > > > Assuming this is the case, I'm attaching preliminary patches for > > > > > > 3.29 (perl-modules / lenny) > > > 3.38 (libcgi-pm-perl / lenny) > > > 3.43 (perl-modules / squeeze + sid) > > > 3.49 (libcgi-pm-perl / squeeze) > > > 3.50 (libcgi-pm-perl / sid) > > > All this means I need another test session when I'm feeling less tired, > > so no perl upload tonight. > > Done, just uploaded perl/5.10.1-17 with the attached patch. > > Changes: > perl (5.10.1-17) unstable; urgency=medium > . > * [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411: > fix CGI.pm MIME boundary and multiline header vulnerabilities. > (Closes: #606995) > > Release team: please consider > > unblock perl/5.10.1-17 > > The patch applies to lenny (5.10.0-19lenny2) as well with some fuzz after > s/rearrange_header/rearrange/. > > Moritz: shall I upload a fixed lenny package to stable-security? > FWIW, I'd prefer to wait the five days for squeeze migration before a > DSA in case we get any regression reports.
Let's wait a bit, it's not urgent. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org