{ "schema_version": "1.6.2", "id": "MGASA-2014-0098", "published": "2014-02-25T21:42:12Z", "modified": "2014-02-25T21:41:22Z", "summary": "Updated perl-CGI-Application packages fix CVE-2013-7329", "details": "Updated perl-CGI-Application package fixes security vulnerability:\n\nWhen applications using CGI::Application overload setup(), which is normally\nthe case, CGI::Application since version 4.19 has dump_html as a default\nrun-mode unless the application explicitly redefines it. This unexpectedly\ndumps a complete set of web query data and server environment information as\nan error page, thus leaking information (CVE-2013-7329).\n", "related": [ "CVE-2013-7329" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0098.html" }, { "type": "REPORT", "url": "http://openwall.com/lists/oss-security/2014/02/20/1" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1067180" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=12827" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "perl-CGI-Application", "purl": "pkg:rpm/mageia/perl-CGI-Application?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.500.0-2.1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "perl-CGI-Application", "purl": "pkg:rpm/mageia/perl-CGI-Application?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.500.0-3.1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }