> This bug just caused a serious security incident for us, and I was able
> to work through the cause and the reason why not everyone sees it. The
> problem was introduced in 0.70 and is still present in 0.73.
>The following change was added in 0.70:
> sub accept() {
> warn "accept called as a method; you probably wanted to call Accept"
if @_;
> - if (defined %FCGI::ENV) {
> - %ENV = %FCGI::ENV;
> + if (%FCGI::ENV) {
> + %ENV = %FCGI::ENV;
> } else {
> - %FCGI::ENV = %ENV;
> + %FCGI::ENV = %ENV;
> }
Please use CVE-2011-2766 to refer to this issue.
Thanks,
Thijs
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
