Bug 57391 - CGI.pm in ports/lang/perl5* have a cross-site scripting vulneravility
CGI.pm in ports/lang/perl5* have a cross-site scripting vulneravility
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: Anton Berezin
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-09-30 06:20 UTC by delmonta
Modified: 2003-09-30 09:38 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description delmonta 2003-09-30 06:20:14 UTC
	** THIS IS A REPOST OF PR bin/57323,
		since I labelled wrong Category: line **

        A cross-site scripting vulnerability is reported in CGI.pm.
        All of the following are affected:
                - 4.x base system's perl 5.005_03
                - ports/japanese/perl5 (5.005_03 with Japanese patch)
                - ports/lang/perl5 (5.6.1)
                - ports/lang/perl5.8 (5.8.0)

        I sent separate PRs for 4.x base system (PR bin/57321) and
	japanese/perl5.

Fix: 

Replace CGI.pm with a newer one, or install ports/www/p5-CGI.pm.
How-To-Repeat:         See the exploit code at:
        http://marc.theaimsgroup.com/?l=bugtraq&m=105880349328877&w=2
Comment 1 krion freebsd_committer 2003-09-30 06:26:05 UTC
Responsible Changed
From-To: freebsd-ports-bugs->tobez

Over to maintainer
Comment 2 delmonta 2003-09-30 06:26:57 UTC
Sorry, I reposted this without checking that PRs bin/57322 and PR bin/57323
are renumbered as ports/57322 and ports/57323.

Therefore, PRs ports/57390 and ports/57391 are now just the duplicates.
Please close them and solve ports/57322 and ports/57323.
Comment 3 Anton Berezin freebsd_committer 2003-09-30 09:37:23 UTC
State Changed
From-To: open->closed

Fix committed, thanks!