Package: fex
Version: 20100208+debian1-1+squeeze2
Severity: grave
--- Please enter the report below this line. ---
Following lines are missing for the security-patch to work:
--- bin/fexsrv
+++ bin/fexsrv
@@ -137,7 +137,7 @@
seek $log,0,SEEK_END;
-$ENV{REQUEST_URI} = '';
+$ENV{REQUEST_URI} = $uri = '';
$http_req = $cgi = '';
$hl = 0;
@@ -225,7 +225,7 @@
goto REQUEST; # uh-uhhhh! ugly! ;-)
} elsif (/^(GET|HEAD|POST)\s+(.+)\s(HTTP\/[\d\.]+$)/i) {
$ENV{REQUEST_METHOD} = uc($1);
- $ENV{REQUEST_URI} = $cgi = $2;
+ $ENV{REQUEST_URI} = $uri = $cgi = $2;
$ENV{HTTP_VERSION} = $protocol = $3;
$ENV{QUERY_STRING} = $1 if $cgi =~ s/\?(.*)//;
--- System information. ---
--- Package information. ---
Package's Depends field is empty.
Package's Recommends field is empty.
Package's Suggests field is empty.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
