Your message dated Sat, 24 Nov 2012 07:17:39 +0000
with message-id <[email protected]>
and subject line Bug#693421: fixed in libcgi-pm-perl 3.61-2
has caused the Debian Bug report #693421,
regarding CVE-2012-5526 CGI.pm: Newline injection due to improper CRLF escaping
in Set-Cookie and P3P headers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
693421: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693421
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libcgi-pm-perl
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
the following vulnerability was published for libcgi-pm-perl:
CVE-2012-5526[0]:
libcgi-pm-perl: newline injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
http://security-tracker.debian.org/tracker/CVE-2012-5526
[1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
[2] https://github.com/markstos/CGI.pm/pull/23
[3] https://bugzilla.redhat.com/show_bug.cgi?id=877015
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQpg3VAAoJEHidbwV/2GP+4V0QAPbaekVqPqEhQzN/+wc2iM6y
RGWitMIMIbc1nMDj4e0Hb1PG0jFpp+qxTYzld3S5D7rfwTa5NkQ3JV5HuwpdRgJ8
nW74Gx4BjXzyiB2xppJP3JpVK7Yk3PEAc4G+DFMaa9s3oJ5xPOEN2iShQieHQgAK
4kwLBnWuNh57kwqC0RlLkWJn2BR0YLm6qXO1ubDAMD+Yy1nec/v55A1P1YqaajYX
YrQA4qMYqlTN/ge3pLkv27fCjK/FtUStnXDMv8sk/KuU1I5wk96zNjU2OdYhTlyO
o05yr5jYeKgopRiR37m3uBSjsXrXY4tqY2Ml4zQUNipb71LlzexX9iCiJnpZZ94u
NKaOFYcfCLbgB/NU5cX9u1aiVSVMcX4JCwNI2VGyKlNdTwhMieL50NjhXNENNBuA
5NlyDe0KvLOhnbJSldL65FC2eEG/obOX1VI4sNYtbDItsk3qeeBB8ykR+L5XUjRB
4G7wJdaJdzh4D+MQxT5bNY+bnMBvkNtJ32IS/ydr9bVlkIbsOPl/joFbw/o0nxN0
1P5ns9SbVxwne6l8zv2pa4DUcajv6P+hi71nj+1ZOMwxkQwKABgDuAPiYM+g3VdD
bkd76KqEzzyCrN7bCdiM9tESiVFRJKRbQVqRauuhZWCJgWZhiE5o42U1tmwNnYpr
3MDOQp2tAfwJJu9D7GQW
=UTrJ
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: libcgi-pm-perl
Source-Version: 3.61-2
We believe that the bug you reported is fixed in the latest version of
libcgi-pm-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libcgi-pm-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 24 Nov 2012 07:54:36 +0100
Source: libcgi-pm-perl
Binary: libcgi-pm-perl
Architecture: source all
Version: 3.61-2
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libcgi-pm-perl - module for Common Gateway Interface applications
Closes: 693421
Changes:
libcgi-pm-perl (3.61-2) unstable; urgency=low
.
* Team upload.
* Add 0001-CR-escaping-for-P3P-and-Set-Cookie-headers.patch
[SECURITY] CVE-2012-5526: Newline injection due to improper CRLF
escaping in Set-Cookie and P3P headers.
Thanks to Niko Tyni <[email protected]> (Closes: #693421)
Checksums-Sha1:
ba2d7629f533bd333b88b9badd56f9dfe32e9d98 2295 libcgi-pm-perl_3.61-2.dsc
19c6cd2c11471cb4d2a4ff1bb32168ddbb41eaae 9572
libcgi-pm-perl_3.61-2.debian.tar.gz
6c79c9ab3ef940e9ce2ed19590693b75766c76b4 235740 libcgi-pm-perl_3.61-2_all.deb
Checksums-Sha256:
9fa29ca6fe929adea606d765042c34623d4c58ab47a8ed992fec0f1de96aee39 2295
libcgi-pm-perl_3.61-2.dsc
f638a5915b855fb64e8c057521d233e3529756d834d3ed68108a336615c50b47 9572
libcgi-pm-perl_3.61-2.debian.tar.gz
59f2cd784cedebb663244acc8a2722121aec2490b5b3c610fd3e213f023dd59d 235740
libcgi-pm-perl_3.61-2_all.deb
Files:
7ed6aa91c473b758c24af3b5a6413c14 2295 perl optional libcgi-pm-perl_3.61-2.dsc
bc04f77945556f68f5809476e6d30ebd 9572 perl optional
libcgi-pm-perl_3.61-2.debian.tar.gz
51bc94b1dbc58a691436ce081dc67e64 235740 perl optional
libcgi-pm-perl_3.61-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQsHEFAAoJEHidbwV/2GP+3FoQAOwtNVg335qZ46OLhDiCiiYb
AB6cuB8cHJKoi63G7CBrg5g6gxOX0d4ufWzNFlOE//Y93SppjXXVBq94J6NOcLhf
FPrarGOYMI9zVB6sGSwSsmofslEqbITyDQ9CLO/YErh21yZAqmXjq83JVmD/DysV
26FWcSuy6B2fO9xDvkwI82TeSA2Hk7Z4tmfEdH4cPKDFVHkrLT3GQUdkOOzG1jPX
N6SUlbxCdHAcmDfTDfmuEHFxCIv4WLKgcfEFcxRa8TUZQR5Ystg8Pmz5B5EQ20Qn
Impd6YWEcdsjbqBtggLnd1sU78/V+nrcbJ4sXcRW3qwlL6mKf3XouY0puXwuDEwd
FPHsvjWKTohlsUbSv7XlvD5LkNZnq3bSXEYO/2Mt5c1DUKFeEDm/Aw9O5Ye/U1Ty
Rx1OHW9QtIEcNP5Xp/Qa93xjABha9aL+QAa2dM8mZfBa97I8jySd0F7Qg9YNCQbG
rg5U+QEcl3i7a4h4pWSZ4E/E1K4d20cxA8JnDRuQt6pQfdyJIrt6FIDNdLfZuUnq
Q/j1pF6x1ukTSrw888GullfZ358fXWbXXZRnfK7q6cn00n5gJpWKwDn3wSlvt9mr
e0S502sNVzYLJt8sJSdmzQlEhVKfcAZdA3EkSwnPofbenMv5Lh1K7WZbJ7uHxhds
tKIfZcRwIUAcw4g0gFS3
=ONUO
-----END PGP SIGNATURE-----
--- End Message ---
