On 12/01/16 15:27, Salvatore Bonaccorso wrote: > My gut feeling about this: Since the issue was already present before, > uncovered indirectly by the perl DSA, and currently affects twiki (not > packaged in Debian), I would tend to ask the SRM to have the fix for > libcgi-session-perl to be scheduled via the next Jessie point release > rather than a DSA. > > Do you feel strong about having it the fix earlier via a DSA?
I don't feel particularly strongly about it being fixed by a DSA as we have a workaround (though the patch I included previously is incorrect and broken; the patch in RT appears to work). That being said, ikiwiki (packaged) appears to use CGI::Session so I would be surprised if it was not affected, assuming it uses the same session storage driver. HTH, Chris -- Chris Boot Tiger Computing Ltd IS27001:2013 Certified Tel: 01600 483 484 Web: https://www.tiger-computing.co.uk Registered in England. Company number: 3389961 Registered address: Wyastone Business Park, Wyastone Leys, Monmouth, NP25 3SR
