Bug 57391 - CGI.pm in ports/lang/perl5* have a cross-site scripting vulneravility
Summary: CGI.pm in ports/lang/perl5* have a cross-site scripting vulneravility
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Anton Berezin
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-30 06:20 UTC by IIJIMA Hiromitsu
Modified: 2003-09-30 09:38 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description IIJIMA Hiromitsu 2003-09-30 06:20:14 UTC 
	** THIS IS A REPOST OF PR bin/57323,
		since I labelled wrong Category: line **

        A cross-site scripting vulnerability is reported in CGI.pm.
        All of the following are affected:
                - 4.x base system's perl 5.005_03
                - ports/japanese/perl5 (5.005_03 with Japanese patch)
                - ports/lang/perl5 (5.6.1)
                - ports/lang/perl5.8 (5.8.0)

        I sent separate PRs for 4.x base system (PR bin/57321) and
	japanese/perl5.

Fix: 

Replace CGI.pm with a newer one, or install ports/www/p5-CGI.pm.
How-To-Repeat:         See the exploit code at:
        http://marc.theaimsgroup.com/?l=bugtraq&m=105880349328877&w=2
Comment 1 Kirill Ponomarev freebsd_committer freebsd_triage 2003-09-30 06:26:05 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->tobez

Over to maintainer
Comment 2 IIJIMA Hiromitsu 2003-09-30 06:26:57 UTC 
Sorry, I reposted this without checking that PRs bin/57322 and PR bin/57323
are renumbered as ports/57322 and ports/57323.

Therefore, PRs ports/57390 and ports/57391 are now just the duplicates.
Please close them and solve ports/57322 and ports/57323.
Comment 3 Anton Berezin freebsd_committer freebsd_triage 2003-09-30 09:37:23 UTC 
State Changed
From-To: open->closed

Fix committed, thanks!