[Cgi-session-user] Re: Potential security problems with CGI::Session (addressed with 4.08 release)
Brought to you by:
sherzodr
Menu
▾
▴
[Cgi-session-user] Re: Potential security problems with CGI::Session (addressed with 4.08 release)
|
From: Mark S. <ma...@su...> - 2006-03-16 02:49:31
|
CGI::Session 4.08 has been released, primarily to address the issues described below. Thanks to Matt LeBlanc and Tyler MacDonald, the primary contributors for this release. * FIX: DESTROY was sometimes wiping out exception handling. RT#18183, Matt LeBlanc. * SECURITY: Resolve some issues in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555 - db_file and file now check for symlinks either explicitly or by using O_EXCL on sysopen - file creation umask defaults to 660 * NEW: db_file and file drivers now accepts a UMask option. (Matt LeBlanc) * INTERNAL: test suite clean up (Tyler MacDonald) Mark On Sun, Mar 12, 2006 at 02:19:23PM -0500, Sherzod Ruzmetov wrote: > > > > -----Original Message----- > > From: Julien Danjou [mailto:ju...@da...] > > Sent: Sunday, March 12, 2006 1:54 PM > > To: Sherzod Ruzmetov > > Subject: Potential security problems with CGI::Session > > > > > > Hello, > > > > I am the current maintainer of CGI-Session in Debian. Joey > > Hess sent me a bug report about potential security issue with > > your Perl module. I did not treat it yet, but I will try to > > as soon as possible. Your help would be welcome. > > > > The corresponding Debian bug number is #356555, see: > > http://bugs.debian.org/356555 > > > > Regards, > > -- > > Julien Danjou > > // > > <ju...@da...> http://julien.danjou.info > > // 9A0D 5FD9 EB42 22F6 8974 C95C A462 B51E C2FE E5CD > > -- . . . . . . . . . . . . . . . . . . . . . . . . . . . Mark Stosberg Principal Developer ma...@su... Summersault, LLC 765-939-9301 ext 202 database driven websites . . . . . http://www.summersault.com/ . . . . . . . . |
