On Tue, 03 Jan 2012 20:54:12 +0100, Moritz Muehlenhoff wrote: > > On Tue, 19 Apr 2011 19:48:35 +0200, Salvatore Bonaccorso wrote: > > > > > As this about SQL injection weaknesses, should the severity be raised > > > to grave, as security bug? > > > > Hm, probably yes. > > > > Upstream Changes has more infos: > > http://cpansearch.perl.org/src/SARTAK/Jifty-DBI-0.68/Changes > > This is still open in stable. Can you fix this for the upcoming > 6.0.4 Squeeze point update? Oops! Yes, sure, if the release team agrees. (Funnily, there was already a squeeze-branch in svn which didn't make it into our shiny new git repo, and I still have the files built in April lying around.) Looking at the diff again (attached for reference), it's quite long and also includes documentation fixes. I guess we have to look a bit to trim it down to the relevant parts. (CC'ing Yves who might be quicker to provide a minimal patch :)) Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key ID: 0x8649AA06 : :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe `- NP: Kurt Ostbahn & die Chefpartie
Attachment:
signature.asc
Description: Digital signature