Jaldhar H. Vyas wrote: > I thought I had sent this out a couple of days ago but apparently not > but in case you are seeing this twice, sorry. Oh and please Cc me on > replies. > >> Bug #470890 reported that the CGI::Application::Plugin::ActionDispatch >> perl module in libcgi-application-plugins-perl 0.10 from lenny >> included Data::Dumper output which could potentially leak database >> DSNs or other private information. Thus the bug submitter and I >> decided it would be appropriate to change the severity to grave. The >> problem does not exist in sid or squeeze which have newer versions or >> in Etch which did not contain this module. >> >> I have prepared a fixed package which changes nothing except it >> removes that >> Data::Dumper call. I jumped the gun a little bit and uploaded >> libcgi-application-plugins-perl_0.10+lenny1_i386.changes though I don't >> seem to see it in incoming anymore. One thing about this package is >> it contains tarballs within the source tarball so you can't just diff >> it against the package in lenny. Sorry about that. But if you unpack >> it you will see it it is the only thing I changed.
Ok, this should get in the first point release. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
