Debian: DSA-2586-1: perl security update
Debian: DSA-2586-1: perl security update
Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2586-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ December 11, 2012 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : perl Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2012-5195 CVE-2012-5526 Debian Bug : 689314 693420 695223 Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195 The "x" operator could cause the Perl interpreter to crash if very long strings were created. CVE-2012-5526 The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers. In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data. For the stable distribution (squeeze), these problems have been fixed in version 5.10.1-17squeeze4. For the unstable distribution (sid), these problems have been fixed in version 5.14.2-16. We recommend that you upgrade your perl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.