On Sun, Nov 18, 2012 at 12:08:21PM +0200, Niko Tyni wrote: > Testing with the new testcases in CGI.pm-3.62, CVE-2012-5526 (CGI.pm > newline injection in Set-Cookie and P3P headers) affects all of squeeze, > wheezy, and sid. > > The attached patch should apply to the wheezy and sid versions; squeeze > may need some backporting at least for the testcases, and the perl package > needs filename modifications due to the different directory structure. > > The sid and wheezy versions of libcgi-pm-perl have diverged, so > I suppose this needs to go in wheezy via tpu.
As both bugs are important rather than RC, neither a t-p-u upload for libcgi-pm-perl nor an upload for perl including this would qualify for migration to testing under the tightened up freeze policy[1], so CCing debian-release for opinions from their side. Cheers, Dominic. [1] <http://release.debian.org/wheezy/freeze_policy.html> -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121118123144.gu4...@urchin.earth.li
