Bug#693421: libcgi-pm-perl: CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers

[Salvatore Bonaccorso]

Package: libcgi-pm-perl
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,
the following vulnerability was published for libcgi-pm-perl:

CVE-2012-5526[0]:
libcgi-pm-perl: newline injection

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
    http://security-tracker.debian.org/tracker/CVE-2012-5526
[1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
[2] https://github.com/markstos/CGI.pm/pull/23
[3] https://bugzilla.redhat.com/show_bug.cgi?id=877015

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQpg3VAAoJEHidbwV/2GP+4V0QAPbaekVqPqEhQzN/+wc2iM6y
RGWitMIMIbc1nMDj4e0Hb1PG0jFpp+qxTYzld3S5D7rfwTa5NkQ3JV5HuwpdRgJ8
nW74Gx4BjXzyiB2xppJP3JpVK7Yk3PEAc4G+DFMaa9s3oJ5xPOEN2iShQieHQgAK
4kwLBnWuNh57kwqC0RlLkWJn2BR0YLm6qXO1ubDAMD+Yy1nec/v55A1P1YqaajYX
YrQA4qMYqlTN/ge3pLkv27fCjK/FtUStnXDMv8sk/KuU1I5wk96zNjU2OdYhTlyO
o05yr5jYeKgopRiR37m3uBSjsXrXY4tqY2Ml4zQUNipb71LlzexX9iCiJnpZZ94u
NKaOFYcfCLbgB/NU5cX9u1aiVSVMcX4JCwNI2VGyKlNdTwhMieL50NjhXNENNBuA
5NlyDe0KvLOhnbJSldL65FC2eEG/obOX1VI4sNYtbDItsk3qeeBB8ykR+L5XUjRB
4G7wJdaJdzh4D+MQxT5bNY+bnMBvkNtJ32IS/ydr9bVlkIbsOPl/joFbw/o0nxN0
1P5ns9SbVxwne6l8zv2pa4DUcajv6P+hi71nj+1ZOMwxkQwKABgDuAPiYM+g3VdD
bkd76KqEzzyCrN7bCdiM9tESiVFRJKRbQVqRauuhZWCJgWZhiE5o42U1tmwNnYpr
3MDOQp2tAfwJJu9D7GQW
=UTrJ
-----END PGP SIGNATURE-----