Bug 57391 - CGI.pm in ports/lang/perl5* have a cross-site scripting vulneravility
Summary: CGI.pm in ports/lang/perl5* have a cross-site scripting vulneravility
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Anton Berezin
Depends on:
Reported: 2003-09-30 06:20 UTC by IIJIMA Hiromitsu
Modified: 2003-09-30 09:38 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description IIJIMA Hiromitsu 2003-09-30 06:20:14 UTC
	** THIS IS A REPOST OF PR bin/57323,
		since I labelled wrong Category: line **

        A cross-site scripting vulnerability is reported in CGI.pm.
        All of the following are affected:
                - 4.x base system's perl 5.005_03
                - ports/japanese/perl5 (5.005_03 with Japanese patch)
                - ports/lang/perl5 (5.6.1)
                - ports/lang/perl5.8 (5.8.0)

        I sent separate PRs for 4.x base system (PR bin/57321) and


Replace CGI.pm with a newer one, or install ports/www/p5-CGI.pm.
How-To-Repeat:         See the exploit code at:
Comment 1 Kirill Ponomarev freebsd_committer 2003-09-30 06:26:05 UTC
Responsible Changed
From-To: freebsd-ports-bugs->tobez

Over to maintainer
Comment 2 IIJIMA Hiromitsu 2003-09-30 06:26:57 UTC
Sorry, I reposted this without checking that PRs bin/57322 and PR bin/57323
are renumbered as ports/57322 and ports/57323.

Therefore, PRs ports/57390 and ports/57391 are now just the duplicates.
Please close them and solve ports/57322 and ports/57323.
Comment 3 Anton Berezin freebsd_committer 2003-09-30 09:37:23 UTC
State Changed
From-To: open->closed

Fix committed, thanks!