[Rt-commit] rt branch, 4.0/fcgi-env-vulnerability, created. rt-4.0.6-126-gd99ae58

Alex Vandiver alexmv at bestpractical.com
Thu May 24 21:44:52 EDT 2012


The branch, 4.0/fcgi-env-vulnerability has been created
        at  d99ae580f1ee7b67aa404adaea8d9af0e5ab14ec (commit)

- Log -----------------------------------------------------------------
commit d99ae580f1ee7b67aa404adaea8d9af0e5ab14ec
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Thu May 24 17:41:15 2012 -0400

    Bump the FCGI dependency to one which closes FCGI's CVE-2011-2766
    
    This commit, originally included as 8064158, fixed the dependency in
    3.8.11; while it was subsequently merged into 4.0-trunk in 14eb138, this
    hunk was mistakenly dropped as part of the merge.  Re-include the
    change; see 8064158 for complete rationale.

diff --git a/sbin/rt-test-dependencies.in b/sbin/rt-test-dependencies.in
index 9d898e8..250b9af 100755
--- a/sbin/rt-test-dependencies.in
+++ b/sbin/rt-test-dependencies.in
@@ -293,7 +293,7 @@ Test::LongString
 .
 
 $deps{'FASTCGI'} = [ text_to_hash( << '.') ];
-FCGI
+FCGI 0.74
 FCGI::ProcManager
 .
 

-----------------------------------------------------------------------


More information about the Rt-commit mailing list