[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

security update for libapache2-mod-fcgid



Hello debian-backports members,

I'm maintainer of libapache2-mod-fcgid, and get's report
about CVE-2010-3872 as debian bug #605484.

Details of the issue is described here;
https://issues.apache.org/bugzilla/show_bug.cgi?id=49406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3872

This affects on lenny and lenny-backports.

The impact is; local FastCGI application can cause stack
buffer overwrite by sending long FastCGI header. (Not remote,
because mod_fcgid don't have any connectivities via IP.)

I prepared patched new package for lenny and attach diff and
sent that for security team.

What do I need to do for backports? Would I ask you to update
libapache2-mod-fcgid to sid/squeeze version?

Thanks,
-- 
Tatsuki Sugiura   mailto:sugi@nemui.org


Reply to: