[Bug 1200069] CVE-2015-1464 rt: session hijaking flaw in RSS feed handler

bugzilla at redhat.com bugzilla at redhat.com
Tue Mar 10 03:40:54 UTC 2015


https://bugzilla.redhat.com/show_bug.cgi?id=1200069



--- Comment #4 from Ralf Corsepius <rc040203 at freenet.de> ---
(In reply to Ralf Corsepius from comment #3)
> (In reply to Jason Tibbitts from comment #2)
> > So, I'm playing with a rebase to 4.2.10 and pretty much none of the patches
> > apply. I think several of them are upstream so I'll start tracking them down.
> > 
> > But, Ralf, do let me know if you'd rather take care of this yourself. 
> Patience, please. I already had an update candidate pending, but as you
> noticed rebasing the patches isn't trivial and requires testing.

Grumble. Tibbs - Would you please take timezones into account before killing my
work?

This CVE churn started at 16-17:00 local time, you sent your notice ~20:00 
and commited your patches ~01:00 local-time. What am I supposed to think of
this?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=X3Vz1IRuOg&a=cc_unsubscribe



More information about the perl-devel mailing list