CGI::Session 4.08 has been released, primarily to address the issues described
below. Thanks to Matt LeBlanc and Tyler MacDonald, the primary contributors
for this release.
* FIX: DESTROY was sometimes wiping out exception handling. RT#18183, Matt LeBlanc.
* SECURITY: Resolve some issues in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555
- db_file and file now check for symlinks either explicitly or by using O_EXCL on sysopen
- file creation umask defaults to 660
* NEW: db_file and file drivers now accepts a UMask option. (Matt LeBlanc)
* INTERNAL: test suite clean up (Tyler MacDonald)
Mark
On Sun, Mar 12, 2006 at 02:19:23PM -0500, Sherzod Ruzmetov wrote:
>
>
> > -----Original Message-----
> > From: Julien Danjou [mailto:ju...@da...]
> > Sent: Sunday, March 12, 2006 1:54 PM
> > To: Sherzod Ruzmetov
> > Subject: Potential security problems with CGI::Session
> >
> >
> > Hello,
> >
> > I am the current maintainer of CGI-Session in Debian. Joey
> > Hess sent me a bug report about potential security issue with
> > your Perl module. I did not treat it yet, but I will try to
> > as soon as possible. Your help would be welcome.
> >
> > The corresponding Debian bug number is #356555, see:
> > http://bugs.debian.org/356555
> >
> > Regards,
> > --
> > Julien Danjou
> > //
> > <ju...@da...> http://julien.danjou.info
> > // 9A0D 5FD9 EB42 22F6 8974 C95C A462 B51E C2FE E5CD
> >
--
. . . . . . . . . . . . . . . . . . . . . . . . . . .
Mark Stosberg Principal Developer
ma...@su... Summersault, LLC
765-939-9301 ext 202 database driven websites
. . . . . http://www.summersault.com/ . . . . . . . .
|
