update for FastCGI
- added FastCGI-fix_deprecated_api.patch: (bnc#735882)
Fixes an issue where CGI.pm received CGI variables from previous
requests. CVE-2011-2766
-
Submitted by
Marcus Rueckert (darix)
Fixed bugs
bnc#735882
VUL-0: FastCGI: bypass authentication
CVE-CVE-2011-2766
The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.
