Hi all
On Mon, Feb 27, 2012 at 08:27:05PM +0100, Florian Weimer wrote:
> * Antoine Beaupré:
>
> > I don't actually know - I followed your lead and used that patch in the
> > bugzilla Redhat bugtrackers:
> >
> > https://bugzilla.redhat.com/attachment.cgi?id=556619&action=diff&context=patch&collapsed=&headers=1&format=raw
>
> *grml*
>
> Fedora has already released the potentially incorrect patch. I've
> asked on the oss-security mailing list. Sorry for the delay.
I have contacted Tobi Oetiker regarding the issues mentioned and he
promptly replied to me. He uploaded a new upstream version (2.6.9)
which changes the regexpes to:
qr/[<>%&'";]/
So this can be integrated in the fix addressing stable-security.
p.s.: could also be updated for testing/unstable to have the fix in
upcoming stable release.
p.s.2: Thank you Tobi!
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
