Ausführen beliebiger Kommandos in perl-Dancer
ID: | FEDORA-2013-9918 |
Distribution: | Fedora |
Plattformen: | Fedora 19 |
Datum: | Mi, 12. Juni 2013, 10:21 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5572 |
Applikationen: | Perl Dancer |
Originalnachricht |
|
Name : perl-Dancer Product : Fedora 19 Version : 1.3111 Release : 3.fc19 URL : http://search.cpan.org/dist/Dancer/ Summary : Lightweight yet powerful web application framework Description : Dancer is a web application framework designed to be as effortless as possible for the developer, taking care of the boring bits as easily as possible, yet staying out of your way and letting you get on with writing your code. -------------------------------------------------------------------------------- Update Information: This release fixes CR-LF injection into Cookie HTTP header (CVE-2012-5572). -------------------------------------------------------------------------------- References: [ 1 ] Bug #880329 - CVE-2012-5572 perl-Dancer: Newline injection due to improper CRLF escaping in cookie() and cookies() methods https://bugzilla.redhat.com/show_bug.cgi?id=880329 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update perl-Dancer' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce |