perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoffrey Young <ge...@modperlcookbook.org>
Subject Re: Security Fix [mp2]
Date Fri, 23 Mar 2007 15:07:54 GMT
Fred Moyer wrote:
> Geoffrey Young wrote:
> 
>> Fred Moyer wrote:
>>
>>> Philip gave a +1 here -
>>> http://marc.info/?l=apache-modperl&m=117462227916610&w=2
>>>
>>> I think I need another +1, right?
>>
>>
>> I'll work on it now.  this needs tests, though.  definitely in mp2, and
>> in mp1 if we can figure it out :)
> 
> 
> Ok I will add tests for this.  Sorry if I jumped the gun with the patch
> - was concerned that we were in some danger here, but reading through
> threads this morning I realize that those concerns may have been premature.

nope, you're good.

I've figured out that nothing we ship as a real handler in mp2 is
affected, and you can see why if you trace the cooker code back.

if you want to whip up a test for a custom cooker module feel free, but
I think we're ok.  I'll commit the test I have that doesn't break but
exercises the security breach.

in light of this, I don't think we need to force our a mp2 release.  but
I'll RM a mp1 release now.

--Geoff

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message