Bug#694279: libdancer-perl: Cookie name CRLF injection
Niko Tyni
ntyni at debian.org
Mon Jun 3 14:28:53 UTC 2013
tag 694279 fixed-upstream
thanks
On Sun, Nov 25, 2012 at 12:49:25AM +0100, Salvatore Bonaccorso wrote:
> Package: libdancer-perl
> Severity: important
> Tags: security
> Similar to #693421, CVE-2012-5526 it was reported[1] that
> libdancer-perl's Dancer::Cookie also do not validate cookie name for
> CRLF and other invalid symbols in headers. A patch however does not
> seem to be present so far.
This seems to have been fixed upstream recently.
https://github.com/PerlDancer/Dancer/issues/859
The Fedora bug may also be helpful, see
https://bugzilla.redhat.com/show_bug.cgi?id=880329
--
Niko Tyni ntyni at debian.org
More information about the pkg-perl-maintainers
mailing list