CVE-2012-5526

Priority
Description
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1)
Set-Cookie or (2) P3P headers, which might allow remote attackers to inject
arbitrary headers into responses from applications that use CGI.pm.
Notes
Package
Upstream:released (3.63)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [3.64-1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.64-1)
Patches:
Upstream:https://github.com/markstos/CGI.pm/pull/23.patch
Package
Source: perl (LP Ubuntu Debian)
Upstream:released (5.14.2-16)
Ubuntu 12.04 ESM (Precise Pangolin):released (5.14.2-6ubuntu2.2)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (5.14.2-16)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (5.14.2-16)
Patches:
Upstream:https://github.com/markstos/CGI.pm/pull/23.patch
More Information

Updated: 2020-09-10 02:23:43 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)