Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 16 Update: perl-CGI-3.52-203.fc16
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Tuesday 18th December 2012 02:24:56 UTC (over 4 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-18330
2012-11-16 07:03:38
--------------------------------------------------------------------------------

Name        : perl-CGI
Product     : Fedora 16
Version     : 3.52
Release     : 203.fc16
URL         : http://search.cpan.org/dist/CGI
Summary     : Handle Common Gateway Interface requests and responses
Description :
CGI.pm is a stable, complete and mature solution for processing and
preparing
HTTP requests and responses. Major features including processing form
submissions, file uploads, reading and writing cookies, query string
generation
and manipulation, and processing and preparing HTTP headers. Some HTML
generation utilities are included as well.

CGI.pm performs very well in in a vanilla CGI.pm environment and also comes
with built-in support for mod_perl and mod_perl2 as well as FastCGI.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P HTTP response
headers properly) in CGI-3.52.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 26 2012 Petr Pisar  - 3.52-203
- 3.52 bump
- Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P response
headers
  properly (bug #876974)
* Fri Nov 16 2012 Petr Pisar  - 3.51-6
- Improper new-line escaping in Set-Cookie and P3P headers is known as
  CVE-2012-5526 (bug #876974)
* Thu Nov 15 2012 Petr Pisar  - 3.51-5
- Escape new-lines in Set-Cookie and P3P response headers properly (bug
#876974)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #877015 - CVE-2012-5526 perl-CGI: Newline injection due to
improper CRLF escaping in Set-Cookie and P3P headers
        https://bugzilla.redhat.com/show_bug.cgi?id=877015
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl-CGI' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 2ms