|Main Archive Page > Month Archives > oss-security archives|
> Are there some patches to come yet wrt to Perl's CPAN CGI-Simple module
> and those two CVE ids yet?
Yes, this one. It is not currently applied in the master branch yet:
> I can see latest CGi-Simple-v113 released on Monday, 27-th December 2010:
>  http://search.cpan.org/dist/CGI-Simple/
> Does it contain fixes for both CVE issues (so it is possible to rebase
> to new
> version) or anything else to be done in this part of the world yet?
It contains only a partial fix, mirroring what happened with CGI.pm.
> Is the fix, we were waiting for on the CGI-Simple side:
That's not it, that's separate.
Lincoln is the primary maintainer of CGI.pm, but I have upload rights.
However, we haven't heard from recently. A week ago I asked again for
his input and notified him that I would upload a new release myself I
hadn't heard from him in another week. That time has come now-- I will
plan to upload a new release of CGI.pm in the next 24 hours.