Re: CVE-2011-4115 doesn't affect squeeze/wheezy

To: Damyan Ivanov <dmn@debian.org>
Cc: team@security.debian.org, debian-perl@lists.debian.org
Subject: Re: CVE-2011-4115 doesn't affect squeeze/wheezy
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 1 Apr 2013 16:23:39 +0200
Message-id: <[🔎] 20130401142339.GA32727@elende>
Mail-followup-to: Damyan Ivanov <dmn@debian.org>, team@security.debian.org, debian-perl@lists.debian.org
In-reply-to: <[🔎] 20130401135223.GX3443@ktnx.net>
References: <[🔎] 20130401135223.GX3443@ktnx.net>

Hi Damyan!

On Mon, Apr 01, 2013 at 04:52:23PM +0300, Damyan Ivanov wrote:
> It seems the security tracker is told that CVE-2011-4115 in package 
> libparallel-forkmanager-perl is affecting squeeze/wheezy, but this is 
> not true.
> 
> Thing is, the problem with the insecure temporary files handling is 
> introduced in version 0.7.6, and squeeze/wheezy ship 0.7.5. Later the 
> problem is fixed in version 1.0.0 and instable has 1.02 (yes, version 
> numbering scheme changed) and is ok.
> 
> Some more information about the bug is available in upstream bug 
> report at https://rt.cpan.org/Public/Bug/Display.html?id=68298

I have updated the tracker entry. Should now mentions that the
affected code was never in Debian.

Regards,
Salvatore

Reply to:

References:
- CVE-2011-4115 doesn't affect squeeze/wheezy
  - From: Damyan Ivanov <dmn@debian.org>

Prev by Date: CVE-2011-4115 doesn't affect squeeze/wheezy
Next by Date: Bug#704898: ITP: libnet-idn-nameprep-perl -- stringprep profile for Internationalized Domain Names (RFC 3491)
Previous by thread: CVE-2011-4115 doesn't affect squeeze/wheezy
Next by thread: Bug#704898: ITP: libnet-idn-nameprep-perl -- stringprep profile for Internationalized Domain Names (RFC 3491)
Index(es):
- Date
- Thread