Re: [oss-security] Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)

> Are there some patches to come yet wrt to Perl's CPAN CGI-Simple module
> and those two CVE ids yet?

Yes, this one. It is not currently applied in the master branch yet:

https://github.com/markstos/CGI--Simple/commit/e811ab874a5e0ac8a99e76b645a0e537d8f714da

> I can see latest CGi-Simple-v113 released on Monday, 27-th December 2010:
> [1] http://search.cpan.org/dist/CGI-Simple/
>
> Does it contain fixes for both CVE issues (so it is possible to rebase
> to new
> version) or anything else to be done in this part of the world yet?

It contains only a partial fix, mirroring what happened with CGI.pm.

> Is the fix, we were waiting for on the CGI-Simple side:
> [2]
> https://github.com/AndyA/CGI--Simple/commit/5a861280ef524661105e132536ff7d1a9084941f

That's not it, that's separate.

Lincoln is the primary maintainer of CGI.pm, but I have upload rights.
However, we haven't heard from recently. A week ago I asked again for
his input and notified him that I would upload a new release myself I
hadn't heard from him in another week. That time has come now-- I will
plan to upload a new release of CGI.pm in the next 24 hours.

   Mark

• This message: [ Message body ]
• Next message: Hyrum Wright: "Re: [oss-security] CVE request for subversion"
• Previous message: Jan Lieskovsky: "Re: [oss-security] CVE request for subversion"
• In reply to: Jan Lieskovsky: "Re: [oss-security] Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part)"
• Next in thread: Mark Stosberg: "[oss-security] CGI.pm 3.51 released"
• Reply: Mark Stosberg: "[oss-security] CGI.pm 3.51 released"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]