[perl-CGI/f17] Bug #876974 is known as CVE-2012-5526

Petr Pisar ppisar at fedoraproject.org
Fri Nov 16 08:38:29 UTC 2012


commit 7b9f5778d2d429cb5cee932a7eea343f73794237
Author: Petr Písař <ppisar at redhat.com>
Date:   Fri Nov 16 09:34:34 2012 +0100

    Bug #876974 is known as CVE-2012-5526

 perl-CGI.spec |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/perl-CGI.spec b/perl-CGI.spec
index c7d1c62..f31a26d 100644
--- a/perl-CGI.spec
+++ b/perl-CGI.spec
@@ -1,11 +1,11 @@
 Name:           perl-CGI
 Summary:        Handle Common Gateway Interface requests and responses
 Version:        3.51
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 Source0:        http://search.cpan.org/CPAN/authors/id/M/MA/MARKSTOS/CGI.pm-%{version}.tar.gz
-# RHBZ #876974
+# CVE-2012-5526, RHBZ #876974
 Patch0:         CGI-3.51-escape_new_lines_in_cookies.patch
 URL:            http://search.cpan.org/dist/CGI
 Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
@@ -75,6 +75,10 @@ rm -rf %{buildroot}
 %{_mandir}/man3/*.3*
 
 %changelog
+* Fri Nov 16 2012 Petr Pisar <ppisar at redhat.com> - 3.51-7
+- Improper new-line escaping in Set-Cookie and P3P headers is known as
+  CVE-2012-5526 (bug #876974)
+
 * Thu Nov 15 2012 Petr Pisar <ppisar at redhat.com> - 3.51-6
 - Escape new-lines in Set-Cookie and P3P response headers properly (bug #876974)
 



More information about the perl-devel mailing list