On Mon, Jan 25, 2016 at 09:17:38AM +0000, Chris Boot wrote: > Thanks for pushing out the fix with the point release. Unfortunately, it > seems that the fix doesn't help for TWiki, although it does help the > test case pass. > > I'll see if I can come up with a new test case that demonstrates the > issue we're seeing. For now, I have resolved this by un-tainting the > $sid in CGI::Session::Driver::file::_file again. > > I haven't explicitly re-opened this bug because I'm not sure whether > that's appropriate in this case.
Thanks for following up. A test case is indeed what we need for this. See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810799#66 This is going to need a new bug number anyway as it's a separate issue, so the cleanest thing would be to file a new bug altogether. -- Niko Tyni [email protected]
