Re: [SRM] perl lenny upload (CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-1974)

To: debian-release@lists.debian.org
Subject: Re: [SRM] perl lenny upload (CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-1974)
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sun, 16 Jan 2011 00:40:51 +0100
Message-id: <[🔎] slrnij4c43.40k.jmm@inutil.org>
References: <87ipz4qcq4.fsf@marvin.43-1.org> <20101208195328.GB4145@galadriel.inutil.org> <20101227133321.GA7235@madeleine.local.invalid> <20101227142340.GA9311@madeleine.local.invalid> <20110106203711.GA11487@madeleine.local.invalid> <[🔎] 20110107124828.GA17519@madeleine.local.invalid> <20110111201623.GA8009@madeleine.local.invalid> <[🔎] 20110113215555.GO4400@belanna.comodo.priv.at> <[🔎] 1294958101.1480.478.camel@hathi.jungle.funky-badger.org> <[🔎] 20110114072809.GA3449@madeleine.local.invalid> <[🔎] 20110115195106.GA5070@madeleine.local.invalid>

Niko Tyni <ntyni@debian.org> schrieb:
>
> --PEIAKu/WMn1b1Hv9
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
>
> On Fri, Jan 14, 2011 at 09:28:09AM +0200, Niko Tyni wrote:
>
>> I thought stable would be fixed with a DSA, but as the next Lenny point
>> release will be out real soon (Jan 22nd, stable NEW freezes on the 17th),
>> I suppose that's just as good. Cc'ing the security team.
>> 
>> I'll try to get a perl lenny upload (#606995) in stable NEW by Monday.
>
> Moritz kindly reminded me that CVE-2010-1974 / #582978 is still unfixed
> in stable. Release team, would you be OK with including a fix for that
> in the spu upload as well?
>
> Changes: 
>  perl (5.10.0-19lenny3) stable; urgency=low
>  .
>    * [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411:
>      fix CGI.pm MIME boundary and multiline header vulnerabilities.
>      (Closes: #606995)
>    * [SECURITY] CVE-2010-1974: Update to Safe-2.25, fixing code injection
>      and execution vulnerabilities. (Closes: #582978)

The CVE ID is CVE-2010-1168 instead of CVE-2010-1974. The patch itself it
fine.

Cheers,
        Moritz

Reply to:

References:
- Re: Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
  - From: Niko Tyni <ntyni@debian.org>
- Re: Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
  - From: gregor herrmann <gregoa@debian.org>
- Re: Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Bug#606370: CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
  - From: Niko Tyni <ntyni@debian.org>
- [SRM] perl lenny upload (CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-1974)
  - From: Niko Tyni <ntyni@debian.org>

Prev by Date: Re: [SRM] Updating ia32-libs* in lenny
Next by Date: Re: [SRM] Updating ia32-libs* in lenny
Previous by thread: [SRM] perl lenny upload (CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-1974)
Next by thread: Re: [SRM] perl lenny upload (CVE-2010-2761 CVE-2010-4410 CVE-2010-4411 CVE-2010-1974)
Index(es):
- Date
- Thread