Bug 57391

Summary: CGI.pm in ports/lang/perl5* have a cross-site scripting vulneravility
Product: Ports & Packages Reporter: IIJIMA Hiromitsu <delmonta>
Component: Individual Port(s)Assignee: Anton Berezin <tobez>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description IIJIMA Hiromitsu 2003-09-30 06:20:14 UTC
	** THIS IS A REPOST OF PR bin/57323,
		since I labelled wrong Category: line **

        A cross-site scripting vulnerability is reported in CGI.pm.
        All of the following are affected:
                - 4.x base system's perl 5.005_03
                - ports/japanese/perl5 (5.005_03 with Japanese patch)
                - ports/lang/perl5 (5.6.1)
                - ports/lang/perl5.8 (5.8.0)

        I sent separate PRs for 4.x base system (PR bin/57321) and
	japanese/perl5.

Fix: 

Replace CGI.pm with a newer one, or install ports/www/p5-CGI.pm.
How-To-Repeat:         See the exploit code at:
        http://marc.theaimsgroup.com/?l=bugtraq&m=105880349328877&w=2
Comment 1 Kirill Ponomarev freebsd_committer freebsd_triage 2003-09-30 06:26:05 UTC
Responsible Changed
From-To: freebsd-ports-bugs->tobez

Over to maintainer
Comment 2 IIJIMA Hiromitsu 2003-09-30 06:26:57 UTC
Sorry, I reposted this without checking that PRs bin/57322 and PR bin/57323
are renumbered as ports/57322 and ports/57323.

Therefore, PRs ports/57390 and ports/57391 are now just the duplicates.
Please close them and solve ports/57322 and ports/57323.
Comment 3 Anton Berezin freebsd_committer freebsd_triage 2003-09-30 09:37:23 UTC
State Changed
From-To: open->closed

Fix committed, thanks!