Bug#567635: XSS in Status.pm
Moritz Muehlenhoff
jmm at debian.org
Sat Jan 30 11:17:19 UTC 2010
Package: libapache2-mod-perl2
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796
which contains links to the upstream commits.
This doesn't warrant a DSA, but it would be nice if you could fix this
in a stable point update for Lenny.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages libapache2-mod-perl2 depends on:
pn apache2.2-common <none> (no description available)
ii libapr1 1.3.8-1 The Apache Portable Runtime Librar
ii libaprutil1 1.3.9+dfsg-3 The Apache Portable Runtime Utilit
ii libc6 2.10.2-5 Embedded GNU C Library: Shared lib
ii libdevel-symdump-perl 2.08-2 Perl module for inspecting perl's
ii libperl5.10 5.10.1-9 shared Perl library
ii liburi-perl 1.52-1 module to manipulate and access UR
ii libuuid1 2.16.2-0 Universally Unique ID library
ii libwww-perl 5.834-1 Perl HTTP/WWW client/server librar
ii netbase 4.40 Basic TCP/IP networking system
ii perl [libmime-base64-perl] 5.10.1-9 Larry Wall's Practical Extraction
ii perl-base [perlapi-5.10.0] 5.10.1-9 minimal Perl system
Versions of packages libapache2-mod-perl2 recommends:
pn libapache2-reload-perl <none> (no description available)
pn libbsd-resource-perl <none> (no description available)
libapache2-mod-perl2 suggests no packages.
More information about the pkg-perl-maintainers
mailing list