Patches for CVE-2011-0009
Xavier Bachelot
xavier at bachelot.org
Wed Jan 26 23:43:01 UTC 2011
On 01/26/2011 09:16 PM, Xavier Bachelot wrote:
> On 01/26/2011 12:00 AM, Xavier Bachelot wrote:
>> Hi,
>>
>> I've been looking at the issue for both rt 3.6 and 3.8.
>> I have a rather full featured patch for 3.8 and I took the Debian patch
>> for 3.6. However, I'm not happy with 3.6, it's lacking the script to fix
>> all the passwords. I'll try to come up with something better in the next
>> few days. Here's my WIP for reference.
>>
>> Regards,
>> Xavier
>
> Here are the updated patches against master and el5 branches. I only
> have an rt 3.6 to test against, so the 3.8 patch is not run time tested,
> but I'm confident.
> The only missing bit is a paragraph about the password mass-update
> script in the UPGRADING file for 3.6.
>
Sorry, slightly wrong patches, it was missing the patch to the UPGRADING
file. Here is a fixed one for 3.8. I've pushed the 3.6 patch to el5.
http://koji.fedoraproject.org/koji/taskinfo?taskID=2744662
https://admin.fedoraproject.org/updates/rt3-3.6.10-2.el5
Ralf, Mark, I let you give a test at 3.8 on Rawhide/F14/F13 and EL6,
respectively.
X.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rt3-3.8.8-CVE-2011-0009.patch
Type: text/x-patch
Size: 11212 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/perl-devel/attachments/20110127/7f3316e2/attachment.bin>
More information about the perl-devel
mailing list