Skip Menu |
 

This queue is for tickets about the FCGI CPAN distribution.

Report information
The Basics
Id: 118405
Status: new
Priority: 0/
Queue: FCGI

People
Owner: ether [...] cpan.org
Requestors: fsfs [...] debian.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



MIME-Version: 1.0
X-Spam-Status: No, score=-3.578 tagged_above=-99.9 required=10 tests=[AWL=0.621, BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
X-Mailer: MIME::Lite 3.030 (F2.85; T2.13; A2.13; B3.15; Q3.13)
X-Zedat-Hint: A
X-Spam-Flag: NO
Message-ID: <1476625564.469891.6362.nullmailer [...] fschlich.dialup.fu-berlin.de>
Content-Type: multipart/mixed; boundary="_----------=_147662556463540"
X-Virus-Scanned: Debian amavisd-new at bestpractical.com
X-Spam-Score: -3.578
Received: from localhost (localhost [127.0.0.1]) by hipster.bestpractical.com (Postfix) with ESMTP id 048B924028E for <cpan-bug+FCGI [...] hipster.bestpractical.com>; Sun, 16 Oct 2016 09:46:20 -0400 (EDT)
Received: from hipster.bestpractical.com ([127.0.0.1]) by localhost (hipster.bestpractical.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3TEwgbvIfGvq for <cpan-bug+FCGI [...] hipster.bestpractical.com>; Sun, 16 Oct 2016 09:46:18 -0400 (EDT)
Received: from la.mx.develooper.com (x1.develooper.com [207.171.7.70]) by hipster.bestpractical.com (Postfix) with SMTP id F40912400A3 for <bug-FCGI [...] rt.cpan.org>; Sun, 16 Oct 2016 09:46:17 -0400 (EDT)
Received: (qmail 6660 invoked by alias); 16 Oct 2016 13:46:16 -0000
Received: from outpost1.zedat.fu-berlin.de (HELO outpost1.zedat.fu-berlin.de) (130.133.4.66) by la.mx.develooper.com (qpsmtpd/0.28) with ESMTP; Sun, 16 Oct 2016 06:46:09 -0700
Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) for bug-FCGI [...] rt.cpan.org with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (envelope-from <florian.schlichting [...] gmx.de>) id <1bvllN-002XEA-33>; Sun, 16 Oct 2016 15:46:05 +0200
Received: from ip5b423918.dynamic.kabel-deutschland.de ([91.66.57.24] helo=fschlich.dialup.fu-berlin.de) by inpost2.zedat.fu-berlin.de (Exim 4.85) for bug-FCGI [...] rt.cpan.org with esmtpsa (TLSv1.2:AES256-GCM-SHA384:256) (envelope-from <florian.schlichting [...] gmx.de>) id <1bvllM-0018kl-S1>; Sun, 16 Oct 2016 15:46:05 +0200
Received: (nullmailer pid 6363 invoked by uid 1000); Sun, 16 Oct 2016 13:46:04 -0000
Delivered-To: cpan-bug+FCGI [...] hipster.bestpractical.com
Subject: [PATCH] fix CVE-2012-6687 in bundled libfcgi
Return-Path: <florian.schlichting [...] gmx.de>
X-RT-Mail-Extension: fcgi
X-Original-To: cpan-bug+FCGI [...] hipster.bestpractical.com
X-Spam-Check-BY: la.mx.develooper.com
Date: Sun, 16 Oct 2016 15:46:04 +0200
X-Spam-Level:
X-Originating-Ip: 91.66.57.24
To: bug-FCGI [...] rt.cpan.org
Content-Transfer-Encoding: binary
From: Florian Schlichting <fsfs [...] debian.org>
X-RT-Interface: Email
Content-Length: 0
content-type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-RT-Original-Encoding: ascii
Content-Length: 657
Download (untitled) / with headers
text/plain 657b
The version of libfcgi bundled with FCGI is apparently affected by CVE-2012-6687: Stack smashing while using a lot of connections In Debian we are currently applying the following patch to FCGI. We thought you might be interested in it too. Description: fix CVE-2012-6687 in bundled libfcgi Origin: https://bugs.launchpad.net/ubuntu/+source/libfcgi/+bug/933417 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815840 The patch is tracked in our Git repository at https://anonscm.debian.org/cgit/pkg-perl/packages/libfcgi-perl.git/plain/debian/patches/CVE-2012-6687.patch Thanks for considering, Florian Schlichting, Debian Perl Group
content-type: text/plain; charset="utf-8"; name="CVE-2012-6687.patch"
Content-Disposition: attachment; filename="CVE-2012-6687.patch"
Content-Transfer-Encoding: 8bit
X-RT-Original-Encoding: ascii
Content-Length: 2409
Download CVE-2012-6687.patch
text/x-diff 2.3k

Message body is not shown because sender requested not to inline it.



This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.