Package: libfcgi-perl / 0.71-1+squeeze1


Package Version Patches format
libfcgi-perl 0.71-1+squeeze1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix pod spelling.patch | (download)

FCGI.PL | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix pod spelling
cve 2011 2766.patch | (download)

FCGI.PL | 12 6 + 6 - 0 !
1 file changed, 6 insertions(+), 6 deletions(-)

 replace testing of hash value with hash reference
 %hash is false if the hash hasn't been assigned to, *or* if the hash is simply
 empty. This causes the environment from the *second* request (that is, the
 environment produced by the first request) to be saved as default if the first
 request had empty environment. This way, request after the first can get
 access to credentials set up by the first request. badbadbad
 This is CVE-2011-2766.