Advisories » MGASA-2013-0183

Updated perl-Dancer package fixes CVE-2012-5572

Publication date: 26 Jun 2013
Modification date: 26 Jun 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2012-5572

Description

A security flaw was found in the way Dancer.pm, lightweight yet powerful web
application framework / Perl language module, performed sanitization of values
to be used for cookie() and cookies() methods. A remote attacker could use this
flaw to inject arbitrary headers into responses from (Perl) applications, that
use Dancer.pm (CVE-2012-5572).
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108749.html
• https://bugs.mageia.org/show_bug.cgi?id=10523
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5572

SRPMS

3/core

• perl-Dancer-1.311.500-1.mga3

2/core

• perl-Dancer-1.311.500-1.mga2