Advisories ยป MGASA-2014-0098

Updated perl-CGI-Application packages fix CVE-2013-7329

Publication date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7329

Description

Updated perl-CGI-Application package fixes security vulnerability:

When applications using CGI::Application overload setup(), which is normally
the case, CGI::Application since version 4.19 has dump_html as a default
run-mode unless the application explicitly redefines it. This unexpectedly
dumps a complete set of web query data and server environment information as
an error page, thus leaking information (CVE-2013-7329).
                

References

SRPMS

4/core

3/core