Bug#631529: Missing fix for CVE-2010-1447

On Wed, Jun 29, 2011 at 05:30:08PM +0200, Moritz Muehlenhoff wrote: On Wed, Jun 29, 2011 at 02:10:17PM +0300, Niko Tyni wrote: On Tue, Jun 28, 2011 at 06:28:52PM +0200, Moritz Muehlenhoff wrote: Ahh, I forgot that mail. Personally I would think the perl update is more important than

Bug#631529: Missing fix for CVE-2010-1447

On Tue, Jun 28, 2011 at 06:28:52PM +0200, Moritz Muehlenhoff wrote: Ahh, I forgot that mail. Personally I would think the perl update is more important than Petal, which is dead upstream and has hardly any users in popcon. We can add a note to the DSA, so that people who really need it can

Bug#631529: Missing fix for CVE-2010-1447

On Wed, Jun 29, 2011 at 02:10:17PM +0300, Niko Tyni wrote: On Tue, Jun 28, 2011 at 06:28:52PM +0200, Moritz Muehlenhoff wrote: Ahh, I forgot that mail. Personally I would think the perl update is more important than Petal, which is dead upstream and has hardly any users in popcon. We can

Bug#631529: Missing fix for CVE-2010-1447

On Mon, Jun 27, 2011 at 07:01:24PM +0200, Moritz Mühlenhoff wrote: On Sun, Jun 26, 2011 at 08:49:12AM +0300, Niko Tyni wrote: On Sat, Jun 25, 2011 at 12:09:03PM +0100, Dominic Hargreaves wrote: On Fri, Jun 24, 2011 at 06:56:40PM +0200, Moritz Muehlenhoff wrote: Package: perl

Bug#631529: Missing fix for CVE-2010-1447

On Tue, Jun 28, 2011 at 02:26:27PM +0300, Niko Tyni wrote: But this software must've already been broken with the initial Safe.pm fix for Lenny/Squeeze? (5.10.0-19lenny3 / CVE-2010-1168) No, it's really this fix for CVE-2010-1447 that breaks it. I've verified on both Lenny and Squeeze

Bug#631529: Missing fix for CVE-2010-1447

On Tue, Jun 28, 2011 at 06:28:52PM +0200, Moritz Muehlenhoff wrote: On Tue, Jun 28, 2011 at 02:26:27PM +0300, Niko Tyni wrote: But this software must've already been broken with the initial Safe.pm fix for Lenny/Squeeze? (5.10.0-19lenny3 / CVE-2010-1168) No, it's really this fix

Bug#631529: Missing fix for CVE-2010-1447

On Sun, Jun 26, 2011 at 08:49:12AM +0300, Niko Tyni wrote: On Sat, Jun 25, 2011 at 12:09:03PM +0100, Dominic Hargreaves wrote: On Fri, Jun 24, 2011 at 06:56:40PM +0200, Moritz Muehlenhoff wrote: Package: perl Severity: grave Tags: security Hi Perl maintainers, it turns out

Bug#631529: Missing fix for CVE-2010-1447

On Mon, Jun 27, 2011 at 07:01:24PM +0200, Moritz Mühlenhoff wrote: On Sun, Jun 26, 2011 at 08:49:12AM +0300, Niko Tyni wrote: On Sat, Jun 25, 2011 at 12:09:03PM +0100, Dominic Hargreaves wrote: On Fri, Jun 24, 2011 at 06:56:40PM +0200, Moritz Muehlenhoff wrote: Package: perl

Bug#631529: Missing fix for CVE-2010-1447

On Fri, Jun 24, 2011 at 06:56:40PM +0200, Moritz Muehlenhoff wrote: Package: perl Severity: grave Tags: security Hi Perl maintainers, it turns out that CVE-2010-1447 is still missing in Lenny and Squeeze. It was originally attributed to Postgres, but it was later found out that Perl is

Bug#631529: Missing fix for CVE-2010-1447

On Sat, Jun 25, 2011 at 12:09:03PM +0100, Dominic Hargreaves wrote: On Fri, Jun 24, 2011 at 06:56:40PM +0200, Moritz Muehlenhoff wrote: Package: perl Severity: grave Tags: security Hi Perl maintainers, it turns out that CVE-2010-1447 is still missing in Lenny and Squeeze. It was

Bug#631529: Missing fix for CVE-2010-1447

Package: perl Severity: grave Tags: security Hi Perl maintainers, it turns out that CVE-2010-1447 is still missing in Lenny and Squeeze. It was originally attributed to Postgres, but it was later found out that Perl is affected as well. The attached patch is still needed in both Lenny and