Niko Tyni <nt...@debian.org> schrieb: > > --PEIAKu/WMn1b1Hv9 > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > > On Fri, Jan 14, 2011 at 09:28:09AM +0200, Niko Tyni wrote: > >> I thought stable would be fixed with a DSA, but as the next Lenny point >> release will be out real soon (Jan 22nd, stable NEW freezes on the 17th), >> I suppose that's just as good. Cc'ing the security team. >> >> I'll try to get a perl lenny upload (#606995) in stable NEW by Monday. > > Moritz kindly reminded me that CVE-2010-1974 / #582978 is still unfixed > in stable. Release team, would you be OK with including a fix for that > in the spu upload as well? > > Changes: > perl (5.10.0-19lenny3) stable; urgency=low > . > * [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411: > fix CGI.pm MIME boundary and multiline header vulnerabilities. > (Closes: #606995) > * [SECURITY] CVE-2010-1974: Update to Safe-2.25, fixing code injection > and execution vulnerabilities. (Closes: #582978)
The CVE ID is CVE-2010-1168 instead of CVE-2010-1974. The patch itself it fine. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/slrnij4c43.40k....@inutil.org