[trimmed CC list]
On Tue, 2012-11-27 at 08:27 +0100, Salvatore Bonaccorso wrote:
> @ReleaseTeam: This is about #693421 "CVE-2012-5526 CGI.pm: Newline
> injection due to improper CRLF escaping in Set-Cookie and P3P
> headers".
>
> We could wait for some more testing in unstable for the version there.
> The patch for tpu would be the "same" (the package cannot go trough
> unstable -> testing).
fwiw, I've been having a look at the diff, and filtering out meta-data,
tests and documentation changes seems to give a reasonably sized diff:
$ debdiff
ftp/pool/main/libc/libcgi-pm-perl/libcgi-pm-perl_3.{59+dfsg-1,61-2}.dsc |
filterdiff -x '*/t/*' -x '*/META.*' -x '*/repack.*' -x '*/Carp.pm' -x
'*/debian/copyright' -x '*/Changes' -x '*/MANIFEST' -x '*/debian/changelog' -x
'*/debian/watch'| diffstat
/tmp/llc5QdkBjB/libcgi-pm-perl-3.61/examples/dna.small.gif
|binary
/tmp/llc5QdkBjB/libcgi-pm-perl-3.61/examples/wilogo.gif
|binary
libcgi-pm-perl-3.61/Makefile.PL
| 1
libcgi-pm-perl-3.61/debian/control
| 4
libcgi-pm-perl-3.61/debian/patches/0001-CR-escaping-for-P3P-and-Set-Cookie-headers.patch
| 67 ++++++++++
libcgi-pm-perl-3.61/debian/patches/series
| 1
libcgi-pm-perl-3.61/lib/CGI.pm
| 22 +--
libcgi-pm-perl-3.61/lib/CGI/Cookie.pm
| 2
8 files changed, 85 insertions(+), 12 deletions(-)
The vast majority of that is the security update which is the subject of
this report.
Regards,
Adam
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive:
http://lists.debian.org/[email protected]
