Bug#574066: CVE-2010-0044 cookie weakness

Michael Gilbert michael.s.gilbert at gmail.com
Tue Mar 16 02:38:26 UTC 2010


Package: libipc-pubsub-perl
Version: 0.05-1
Severity: normal
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for safari.  I'm not sure if their version of pubsub relates
to this package, but it should be checked.  If it does not, please
close the bug.  Thanks.

CVE-2010-0044[0]:
| PubSub in Apple Safari before 4.0.5 does not properly implement use of
| the Accept Cookies preference to block cookies, which makes it easier
| for remote web servers to track users by setting a cookie in a (1) RSS
| or (2) Atom feed.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0044
    http://security-tracker.debian.org/tracker/CVE-2010-0044





More information about the pkg-perl-maintainers mailing list