Re: CVE-2011-4115 doesn't affect squeeze/wheezy
Hi Damyan!
On Mon, Apr 01, 2013 at 04:52:23PM +0300, Damyan Ivanov wrote:
> It seems the security tracker is told that CVE-2011-4115 in package
> libparallel-forkmanager-perl is affecting squeeze/wheezy, but this is
> not true.
>
> Thing is, the problem with the insecure temporary files handling is
> introduced in version 0.7.6, and squeeze/wheezy ship 0.7.5. Later the
> problem is fixed in version 1.0.0 and instable has 1.02 (yes, version
> numbering scheme changed) and is ok.
>
> Some more information about the bug is available in upstream bug
> report at https://rt.cpan.org/Public/Bug/Display.html?id=68298
I have updated the tracker entry. Should now mentions that the
affected code was never in Debian.
Regards,
Salvatore
Reply to: