Your message dated Thu, 13 Dec 2012 23:47:22 +0000
with message-id <[email protected]>
and subject line Bug#693421: fixed in libcgi-pm-perl 3.49-1squeeze2
has caused the Debian Bug report #693421,
regarding CVE-2012-5526 CGI.pm: Newline injection due to improper CRLF escaping
in Set-Cookie and P3P headers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
693421: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693421
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libcgi-pm-perl
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
the following vulnerability was published for libcgi-pm-perl:
CVE-2012-5526[0]:
libcgi-pm-perl: newline injection
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
http://security-tracker.debian.org/tracker/CVE-2012-5526
[1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
[2] https://github.com/markstos/CGI.pm/pull/23
[3] https://bugzilla.redhat.com/show_bug.cgi?id=877015
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQpg3VAAoJEHidbwV/2GP+4V0QAPbaekVqPqEhQzN/+wc2iM6y
RGWitMIMIbc1nMDj4e0Hb1PG0jFpp+qxTYzld3S5D7rfwTa5NkQ3JV5HuwpdRgJ8
nW74Gx4BjXzyiB2xppJP3JpVK7Yk3PEAc4G+DFMaa9s3oJ5xPOEN2iShQieHQgAK
4kwLBnWuNh57kwqC0RlLkWJn2BR0YLm6qXO1ubDAMD+Yy1nec/v55A1P1YqaajYX
YrQA4qMYqlTN/ge3pLkv27fCjK/FtUStnXDMv8sk/KuU1I5wk96zNjU2OdYhTlyO
o05yr5jYeKgopRiR37m3uBSjsXrXY4tqY2Ml4zQUNipb71LlzexX9iCiJnpZZ94u
NKaOFYcfCLbgB/NU5cX9u1aiVSVMcX4JCwNI2VGyKlNdTwhMieL50NjhXNENNBuA
5NlyDe0KvLOhnbJSldL65FC2eEG/obOX1VI4sNYtbDItsk3qeeBB8ykR+L5XUjRB
4G7wJdaJdzh4D+MQxT5bNY+bnMBvkNtJ32IS/ydr9bVlkIbsOPl/joFbw/o0nxN0
1P5ns9SbVxwne6l8zv2pa4DUcajv6P+hi71nj+1ZOMwxkQwKABgDuAPiYM+g3VdD
bkd76KqEzzyCrN7bCdiM9tESiVFRJKRbQVqRauuhZWCJgWZhiE5o42U1tmwNnYpr
3MDOQp2tAfwJJu9D7GQW
=UTrJ
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: libcgi-pm-perl
Source-Version: 3.49-1squeeze2
We believe that the bug you reported is fixed in the latest version of
libcgi-pm-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libcgi-pm-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 24 Nov 2012 07:47:58 +0100
Source: libcgi-pm-perl
Binary: libcgi-pm-perl
Architecture: source all
Version: 3.49-1squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libcgi-pm-perl - module for Common Gateway Interface applications
Closes: 693421
Changes:
libcgi-pm-perl (3.49-1squeeze2) stable-security; urgency=high
.
* Team upload.
* Add 0001-CR-escaping-for-P3P-and-Set-Cookie-headers.patch
[SECURITY] CVE-2012-5526: Newline injection due to improper CRLF escaping
in
Set-Cookie and P3P headers.
Thanks to Niko Tyni <[email protected]> (Closes: #693421)
Checksums-Sha1:
601ccaa620ef4b4935220c9245ff2f5c91fc87bb 2124 libcgi-pm-perl_3.49-1squeeze2.dsc
4f4e9a7725ae8d937efdbd6052fa7a8672560e35 241762 libcgi-pm-perl_3.49.orig.tar.gz
b80c20415c98648fae79bd6eb0f8238afdea2ca1 6364
libcgi-pm-perl_3.49-1squeeze2.diff.gz
d8edb5b796f0390c6c1668db8cee6ff5c3c923bc 224816
libcgi-pm-perl_3.49-1squeeze2_all.deb
Checksums-Sha256:
c59f07b46bfe578f46fa123a753314c4dc328e19483d3e5e7a9a879e520b33e8 2124
libcgi-pm-perl_3.49-1squeeze2.dsc
4a136457d0387f96b8f084c5e4c2d92e87df0cfde9fe57d504569f9a39837fca 241762
libcgi-pm-perl_3.49.orig.tar.gz
2f5de968ad533c2fdb72b8875eefd4e70b06ca4fe6f802073f707c4be33e74d2 6364
libcgi-pm-perl_3.49-1squeeze2.diff.gz
95a81e761e71f1a4cd61c83cc24cbf9b3f19770708bd4111ced8e62f1b7eac03 224816
libcgi-pm-perl_3.49-1squeeze2_all.deb
Files:
59fc50f9daeff75b94e78211db89b22f 2124 perl optional
libcgi-pm-perl_3.49-1squeeze2.dsc
c485cedf1033de838598b21db439600c 241762 perl optional
libcgi-pm-perl_3.49.orig.tar.gz
adb5d1f446c95a3970e6d220fb338cff 6364 perl optional
libcgi-pm-perl_3.49-1squeeze2.diff.gz
661e814cb7e0a1a3eea28d128626b102 224816 perl optional
libcgi-pm-perl_3.49-1squeeze2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQx5IvAAoJEHidbwV/2GP+LDoQAPBeCOgWS1wTUwU36HLaJMDR
WMV2jiWKqofqObSdapCPF9KZV3th/ADnX8yg1QniyIcNlKFtcCpqsS61DOCTMU0f
zom9FanJAz+8sTs8JWa6RHQRKAKdECGbO67wh60yNfK4watVmfG28iYHoTcnOQih
tZmITD3UhVyQpDbC6+Jo1ltYxE+gIgzY+b/fZ5P0sdnF7TL0nZCErHnUB4qi0nF0
faoqT5iVacPrQjGrYnzcNkX7ugWsdwDlHn1XoyQxCQ5EqwqxP9kHOJyEh+DupNU7
TnsG8gI5y6PT3dFgohRrjNTIj5Rv8Efo1Sv1r5rbm+07vee/sSjHgEZw+nLeDEAn
IpY3or4HHg9z8Ma4DVHxF9E8mOKAObefl/P5n5KZRa5rTLsFPCwRnOJCKi1y+GTo
fKeOk/EybxISmvYj+whZ0sLbfLtuLxoeyWXIIPJkpvlivcsXqQ1CC2+w6kckVfpO
Q6k+tM0dNXZg7cmpPfhRTakFxMQvpgSWcVkJz91p8ZxLsbu7KPwKrb2/9fmHoRK4
QgjvuWBYo8gybT8e8fWmcR+ZI/rTUnMlC5WerpaV9OsUscjpitmXuULX7LjNsgdB
8nbciWX1vCnGMP1lxumwINktNUJ6J52zlDJ2CUh5CeT+fyhvjqHrIrHHlMHU0qtT
S5sb/Tl21FNfKJp5frhy
=NTs+
-----END PGP SIGNATURE-----
--- End Message ---
