Advisories ยป MGASA-2013-0183

Updated perl-Dancer package fixes CVE-2012-5572

Publication date: 26 Jun 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2012-5572

Description

A security flaw was found in the way Dancer.pm, lightweight yet powerful web
application framework / Perl language module, performed sanitization of values
to be used for cookie() and cookies() methods. A remote attacker could use this
flaw to inject arbitrary headers into responses from (Perl) applications, that
use Dancer.pm (CVE-2012-5572).
                

References

SRPMS

3/core

2/core