Advisories ยป MGASA-2014-0486

Updated perl-Plack package fixes security vulnerability

Publication date: 26 Nov 2014
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-5269

Description

Plack::App::File would previously strip trailing slashes off provided paths.
This in combination with the common pattern of serving files with
Plack::Middleware::Static could allow an attacker to bypass a whitelist of
generated files (CVE-2014-5269).
                

References

SRPMS

4/core

3/core