Your message dated Mon, 10 Dec 2012 15:05:53 +0000
with message-id <[email protected]>
and subject line Bug#693420: fixed in perl 5.14.2-16
has caused the Debian Bug report #693420,
regarding CVE-2012-5526 CGI.pm: Newline injection due to improper CRLF escaping
in Set-Cookie and P3P headers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
693420: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693420
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: perl-modules
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
the following vulnerability was published for CGI.pm:
CVE-2012-5526[0]:
libcgi-pm-perl: newline injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
http://security-tracker.debian.org/tracker/CVE-2012-5526
[1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
[2] https://github.com/markstos/CGI.pm/pull/23
[3] https://bugzilla.redhat.com/show_bug.cgi?id=877015
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages perl-modules depends on:
ii libclass-isa-perl 0.36-5
ii libswitch-perl 2.16-2
ii perl 5.14.2-15
perl-modules recommends no packages.
Versions of packages perl-modules suggests:
ii libpod-plainer-perl 1.03-1
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQpg2OAAoJEHidbwV/2GP+fYMP/2mddx22RGDz7XVgwcm0q19i
WC8De0NRSSxso0CMLg0/zuDYwrUPPa6y5pan5Yh8V2Ia0yfHqkbIsRWjZWX8wkN9
woO6EpeKo9pVVB0Va+66xkhhU2fKl41AirixQdsP1KRnBr+T9T+PVtZ2x8qHdxNs
yBZlGhHFcNlxy2alWInS30vqzMBXPpmrfofCLWcleReNO09ESScbR5T68SXC39Pp
T1VhQMZujiB8AkznOAMMf+CeNlQUF6DGL30ScyF/+SirFhoEu5WHfLyYteOAdrnG
Zx4Vjz+pCBAhlupSRBH3ld8ssix5I4o9Fq4I4ZESCeC8MWrVntZatRrnK3myusUW
96p3BTtBfuOFJEE/mdx9S5dP5dtnffIqm99OAYyWmy5175brkUahmGl0fNJTbrzB
fDqFrJrv+y1TakdLbfzLkBhr0GBXTgP/JX+NEYdRgiJwPXuSGMIwPa+CG4TYTDBw
294Iq2fr3L33SVrvaVMGozy5xqaJgzVROtn5jI1PfI2Swk+JZ0uiSL1k704qQDTq
GHLUFLzqfBdoUCiUKv8T1iGQSKswZOPfEx1mAz3gqrGs1TGCi9wEtV/29oDOqLXK
j5Vb7ioGw0ZKNb9tj2Ht1NiZBc1EFxLC/n0OykOUcEF9r9bY4rDo4lVZDzgNcRq0
kvG9UAUALSLns4MB84zr
=bgDd
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.14.2-16
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <[email protected]> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 10 Dec 2012 12:47:14 +0000
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.14
libperl-dev perl
Architecture: source all i386
Version: 5.14.2-16
Distribution: unstable
Urgency: medium
Maintainer: Niko Tyni <[email protected]>
Changed-By: Dominic Hargreaves <[email protected]>
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl-dev - Perl library: development files
libperl5.14 - shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules - Core Perl modules
Closes: 693420 695223 695224
Changes:
perl (5.14.2-16) unstable; urgency=medium
.
* [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
CRLF escaping (Closes: #693420)
* [SECURITY] Fix misparsing of maketext strings which could allow
arbitrary code execution from untrusted maketext templates
(Closes: #695224)
* [SECURITY] add warning to Storable documentation that Storable
documents should not be accepted from untrusted sources
(Closes: #695223)
Checksums-Sha1:
c8b7f6a30c413ea4b2e5c896cf1d17b13bafcbe2 1721 perl_5.14.2-16.dsc
9e8d151dcf329576a4b1a7657e9268dec06d0243 155151 perl_5.14.2-16.debian.tar.gz
e718582112c701aa54bc551bd46eb852c4644d40 74914
libcgi-fast-perl_5.14.2-16_all.deb
c8a40a664daeaac9caa70bba041de708d4d4aefc 8166594 perl-doc_5.14.2-16_all.deb
e9570fa287f148c8f23c186293ad32c240c6b220 3439114 perl-modules_5.14.2-16_all.deb
60c6d439372d063f69608a27a2a1bed02c01d6d7 1493988 perl-base_5.14.2-16_i386.deb
00b6946d0b2e1c268255be9da86bbbf18c083c45 9225014 perl-debug_5.14.2-16_i386.deb
1965addcfa618214b57a71e7ab134c9cd6fcff24 731478 libperl5.14_5.14.2-16_i386.deb
5bcb88cbcf38056ca23ea6bf045b6e09e15da29a 3054592 libperl-dev_5.14.2-16_i386.deb
22f7f5b2ed3af5d54aabb2ef2b12b09f6f9a641a 3700978 perl_5.14.2-16_i386.deb
Checksums-Sha256:
024b02816fce4888c75c2e4a41c25ea751c01cf40b138c51294fd14a4642cfde 1721
perl_5.14.2-16.dsc
ddd143e1ea79a706731bd362a421518f53cf1f8c8e7c431f95691787b8ba4117 155151
perl_5.14.2-16.debian.tar.gz
55eef21650fcdec9fd64a32519da6625cbef8011ef3020b907a2d01b25478085 74914
libcgi-fast-perl_5.14.2-16_all.deb
f4bc71ed91c741dc16353f4c2ddaaa27bffcc8db64c216eaefe93c56f3dc926d 8166594
perl-doc_5.14.2-16_all.deb
fdb7a02824aecc27a0616295990cd2fd5661d23997334aafa1d607b03ca07c84 3439114
perl-modules_5.14.2-16_all.deb
59deffd6f8f982874b684014a37df8abc5311e7a5c1f4aec5642aa4ee05e2f7c 1493988
perl-base_5.14.2-16_i386.deb
83590a117136029682c5a542d3d48459183f652cace5905cb029ad8f5d56e1a2 9225014
perl-debug_5.14.2-16_i386.deb
4af5cb0c464a7afc92a83b90d4fe00988b1bfcc3b22bbb9ba6fc54aafbd2fda2 731478
libperl5.14_5.14.2-16_i386.deb
e0a8860044e28dc0b3c1f1fca6b2b62dc287b67ee5cc8746492f92212d359b80 3054592
libperl-dev_5.14.2-16_i386.deb
c87257ae8f7221eeb523094bf578ae5fc4673b6af4a88e54ad9e238c5494f9ba 3700978
perl_5.14.2-16_i386.deb
Files:
858164359163428bf082fad51e300b7a 1721 perl standard perl_5.14.2-16.dsc
c5ae3219697cd323db59faa0d5aa53cd 155151 perl standard
perl_5.14.2-16.debian.tar.gz
303efa86279da45a8badeb4fd3e8ae0b 74914 perl optional
libcgi-fast-perl_5.14.2-16_all.deb
ad770d4148849db198b4c857bbcc8340 8166594 doc optional
perl-doc_5.14.2-16_all.deb
b4cfa2c0f754258e07c089bc4bcf18d1 3439114 perl standard
perl-modules_5.14.2-16_all.deb
bba51c64dd09a6e47d9b3f80416eb692 1493988 perl required
perl-base_5.14.2-16_i386.deb
a73a0072a482104c3e59711db2a09f2e 9225014 debug extra
perl-debug_5.14.2-16_i386.deb
043212af3300bc414fddadfcdacbbdcd 731478 libs optional
libperl5.14_5.14.2-16_i386.deb
9681b4d187a5901b74dfc7f1fbf04304 3054592 libdevel optional
libperl-dev_5.14.2-16_i386.deb
7ea94b65ead39491b13e6a3c00a8d492 3700978 perl standard perl_5.14.2-16_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFQxeayYzuFKFF44qURAr/PAJ4yAHz2cl1U+O0fZdG2aiPw0qEGHwCaAgB/
jQIpgbLwRp7n3lwotLWi8pw=
=8cNp
-----END PGP SIGNATURE-----
--- End Message ---
