Package: libfcgi-perl | Debian Sources

Package: libfcgi-perl / 0.71-1+squeeze1+deb6u1

Metadata

Package	Version	Patches format
libfcgi-perl	0.71-1+squeeze1+deb6u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
fix pod spelling.patch \| (download)	FCGI.PL \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	fix pod spelling
cve 2011 2766.patch \| (download)	FCGI.PL \| 12 6 + 6 - 0 ! 1 file changed, 6 insertions(+), 6 deletions(-)	replace testing of hash value with hash reference %hash is false if the hash hasn't been assigned to, or if the hash is simply empty. This causes the environment from the second request (that is, the environment produced by the first request) to be saved as default if the first request had empty environment. This way, request after the first can get access to credentials set up by the first request. badbadbad This is CVE-2011-2766.
cve 2012 6687.patch \| (download)	os_unix.c \| 35 22 + 13 - 0 ! 1 file changed, 22 insertions(+), 13 deletions(-)	---

Patch

File delta

Description

fix pod spelling.patch | (download)

FCGI.PL | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix pod spelling

cve 2011 2766.patch | (download)

FCGI.PL | 12 6 + 6 - 0 !
1 file changed, 6 insertions(+), 6 deletions(-)

 replace testing of hash value with hash reference
 %hash is false if the hash hasn't been assigned to, *or* if the hash is simply
 empty. This causes the environment from the *second* request (that is, the
 environment produced by the first request) to be saved as default if the first
 request had empty environment. This way, request after the first can get
 access to credentials set up by the first request. badbadbad
 This is CVE-2011-2766.

cve 2012 6687.patch | (download)

os_unix.c | 35 22 + 13 - 0 !
1 file changed, 22 insertions(+), 13 deletions(-)

---