-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2005-08-11 16:29:57 UTC
-
Revision ID:
james.westby@ubuntu.com-20050811162957-iwixzj70nm0ht8u3
Tags: 6.3-1ubuntu0.1
* SECURITY UPDATE: Fix arbitrary command injection.
* Add debian/patches/03_remove_eval.patch:
- Replace all eval() calls for dynamically constructed function names with
soft references. This fixes arbitrary command injection with specially
crafted referer URLs which contain Perl code.
- Patch taken from upstream CVS, and contained in 6.5 release.
* References:
CAN-2005-1527
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities