security update for libapache2-mod-fcgid
Hello debian-backports members,
I'm maintainer of libapache2-mod-fcgid, and get's report
about CVE-2010-3872 as debian bug #605484.
Details of the issue is described here;
https://issues.apache.org/bugzilla/show_bug.cgi?id=49406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3872
This affects on lenny and lenny-backports.
The impact is; local FastCGI application can cause stack
buffer overwrite by sending long FastCGI header. (Not remote,
because mod_fcgid don't have any connectivities via IP.)
I prepared patched new package for lenny and attach diff and
sent that for security team.
What do I need to do for backports? Would I ask you to update
libapache2-mod-fcgid to sid/squeeze version?
Thanks,
--
Tatsuki Sugiura mailto:sugi@nemui.org
Reply to: