Bug#693420: perl-modules: CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers

Salvatore Bonaccorso carnil at debian.org
Fri Nov 16 09:55:29 UTC 2012 

Package: perl-modules
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,
the following vulnerability was published for CGI.pm:

CVE-2012-5526[0]:
libcgi-pm-perl: newline injection

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
    http://security-tracker.debian.org/tracker/CVE-2012-5526
[1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
[2] https://github.com/markstos/CGI.pm/pull/23
[3] https://bugzilla.redhat.com/show_bug.cgi?id=877015

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages perl-modules depends on:
ii  libclass-isa-perl  0.36-5
ii  libswitch-perl     2.16-2
ii  perl               5.14.2-15

perl-modules recommends no packages.

Versions of packages perl-modules suggests:
ii  libpod-plainer-perl  1.03-1

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQpg2OAAoJEHidbwV/2GP+fYMP/2mddx22RGDz7XVgwcm0q19i
WC8De0NRSSxso0CMLg0/zuDYwrUPPa6y5pan5Yh8V2Ia0yfHqkbIsRWjZWX8wkN9
woO6EpeKo9pVVB0Va+66xkhhU2fKl41AirixQdsP1KRnBr+T9T+PVtZ2x8qHdxNs
yBZlGhHFcNlxy2alWInS30vqzMBXPpmrfofCLWcleReNO09ESScbR5T68SXC39Pp
T1VhQMZujiB8AkznOAMMf+CeNlQUF6DGL30ScyF/+SirFhoEu5WHfLyYteOAdrnG
Zx4Vjz+pCBAhlupSRBH3ld8ssix5I4o9Fq4I4ZESCeC8MWrVntZatRrnK3myusUW
96p3BTtBfuOFJEE/mdx9S5dP5dtnffIqm99OAYyWmy5175brkUahmGl0fNJTbrzB
fDqFrJrv+y1TakdLbfzLkBhr0GBXTgP/JX+NEYdRgiJwPXuSGMIwPa+CG4TYTDBw
294Iq2fr3L33SVrvaVMGozy5xqaJgzVROtn5jI1PfI2Swk+JZ0uiSL1k704qQDTq
GHLUFLzqfBdoUCiUKv8T1iGQSKswZOPfEx1mAz3gqrGs1TGCi9wEtV/29oDOqLXK
j5Vb7ioGw0ZKNb9tj2Ht1NiZBc1EFxLC/n0OykOUcEF9r9bY4rDo4lVZDzgNcRq0
kvG9UAUALSLns4MB84zr
=bgDd
-----END PGP SIGNATURE-----

More information about the Perl-maintainers mailing list