security update for libapache2-mod-fcgid

To: debian-backports@lists.debian.org
Subject: security update for libapache2-mod-fcgid
From: Tatsuki Sugiura <sugi@nemui.org>
Date: Mon, 06 Dec 2010 12:09:30 +0900
Message-id: <[🔎] 878w03ha1h.wl@sugi.office.osdn.jp>

Hello debian-backports members,

I'm maintainer of libapache2-mod-fcgid, and get's report
about CVE-2010-3872 as debian bug #605484.

Details of the issue is described here;
https://issues.apache.org/bugzilla/show_bug.cgi?id=49406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3872

This affects on lenny and lenny-backports.

The impact is; local FastCGI application can cause stack
buffer overwrite by sending long FastCGI header. (Not remote,
because mod_fcgid don't have any connectivities via IP.)

I prepared patched new package for lenny and attach diff and
sent that for security team.

What do I need to do for backports? Would I ask you to update
libapache2-mod-fcgid to sid/squeeze version?

Thanks,
-- 
Tatsuki Sugiura   mailto:sugi@nemui.org

Reply to:

Prev by Date: libdbd-pg-perl for lenny-backports-sloppy?
Next by Date: Re: libdbd-pg-perl for lenny-backports-sloppy?
Previous by thread: Re: libdbd-pg-perl for lenny-backports-sloppy?
Next by thread: nvidia for backported kernel
Index(es):
- Date
- Thread