Bug#626135: libmojolicious-perl: XSS vulnerability in the link_to helper
Salvatore Bonaccorso
carnil at debian.org
Mon May 9 05:44:21 UTC 2011
Package: libmojolicious-perl
Version: 0.999926-1+squeeze1
Severity: grave
Tags: squeeze security
Justification: user security hole
Hi
libmojolicious-perl prior to 1.12 seems vulnerable to a cross-site
scripting vulnerability.
The CVE for this issue is CVE-2011-1841 [1].
[1] http://security-tracker.debian.org/tracker/CVE-2011-1841
Debian wheezy and unstable already have 1.21-1. Debian squeeze has
0.999926-1+squeeze1, which according to [2] is vulnerable.
[2] http://www.securityfocus.com/bid/47713/info
Changelog for 1.12 contains:
- Fixed XSS issue in link_to helper.
This seems to be fixed in upstream git commit
f6801ef7be8c78092e38f870b19fae3da0899d60 (but needs a check if we can
apply it to version in squeeze).
Bests
Salvatore
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
More information about the pkg-perl-maintainers
mailing list