Please merge libapache2-mod-perl2 (2.0.4-6)(main) from debian squeeze(main)

Bug #516430 reported by Bhavani Shankar on 2010-02-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libapache2-mod-perl2 (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: libapache2-mod-perl2

Debian changelog:

libapache2-mod-perl2 (2.0.4-6) unstable; urgency=high
 .
   [ gregor herrmann ]
   * debian/control: Changed: (build-)depend on perl instead of perl-
     modules.
 .
   [ Dario Minnucci ]
   * docs/index_top.html: Issued patch 099-fix-url-on-index_top.patch
     to fix link URL. (Closes: #507606)
 .
   [ Damyan Ivanov ]
   * add 100-svn-XSS-Status.patch; fixes XSS in Apache2::Status (CVE-2009-0796)
     Patch taken from r760926 of upstream SVN.
     Closes: #567635
   * .docs: drop debian/NEWS.Debian and Changes
   * -doc: depend on ${misc:Depends}
   * drop debian/NEWS (documents changes before oldstable)

CVE References

Bhavani Shankar (bhavi) wrote :
Changed in libapache2-mod-perl2 (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libapache2-mod-perl2 - 2.0.4-6ubuntu1

---------------
libapache2-mod-perl2 (2.0.4-6ubuntu1) lucid; urgency=low

  * Merge from debian testing. Remaining changes: LP: #516430
    - Change locales-all to locales. (LP: #184206)
    - Don't ignore testsuite failures on armel anymore.

libapache2-mod-perl2 (2.0.4-6) unstable; urgency=high

  [ gregor herrmann ]
  * debian/control: Changed: (build-)depend on perl instead of perl-
    modules.

  [ Dario Minnucci ]
  * docs/index_top.html: Issued patch 099-fix-url-on-index_top.patch
    to fix link URL. (Closes: #507606)

  [ Damyan Ivanov ]
  * add 100-svn-XSS-Status.patch; fixes XSS in Apache2::Status (CVE-2009-0796)
    Patch taken from r760926 of upstream SVN.
    Closes: #567635
  * .docs: drop debian/NEWS.Debian and Changes
  * -doc: depend on ${misc:Depends}
  * drop debian/NEWS (documents changes before oldstable)
 -- Bhavani Shankar <email address hidden> Wed, 03 Feb 2010 12:25:44 +0530

Changed in libapache2-mod-perl2 (Ubuntu):
status: Confirmed → Fix Released
Mark (markwalker-l) wrote :

http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0796.html
Ubuntu 8.04 LTS (Hardy Heron): ignored (reached end-of-life)

I happily accept that the desktop version has reached end of life.
However the server version has support until April 2013.

The comment above says that the bug was fixed in 2.0.4 in February 2010, which was within the support period even for Hardy desktop!

What is the point of having LTS versions if you still fail to patch issues which have been fixed already in other versions within the support period!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers