Package: libdancer-perl Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi Similar to #693421, CVE-2012-5526 it was reported[1] that libdancer-perl's Dancer::Cookie also do not validate cookie name for CRLF and other invalid symbols in headers. A patch however does not seem to be present so far. [1]: https://github.com/sukria/Dancer/issues/859 Regards, Salvatore - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQsV0BAAoJEHidbwV/2GP+L5gP/2B+f7DmIh7GZM7b/vJAVX1r HKNqthkRkskiqILOOZpW/PyOA/f/sJfDICtXLmwU2Vg+wAeX6LbLTMpE09pkIyyJ +5lfOffPT1fMxqcCI1miTuzDTrztBQrQtWVA0SU4XYw8qWTS8Eqg0lYoP7Y87n4I Dbrg5HpVcgz7fgj0Cup0iD1Q0QOhrcSS3iSVN/T4T8MYSRfm8BJHr2ihPrq2N/Bk qY+rsz49OuTgvZ9H7a53bFQLbaT9whnpEwtF2JvQLHicYWLl71iL4XwLFYIc/KzQ shmlm2vHbUQV+vYaB6i0O9Pg1Ks5BnprOe0KT9cmxLREORZpRxdvi5+ivNFbcpTZ l8xrF1Hr5RssLheh8rsX+EFx2Wfg3xCpAsDPtEK04//LEm6LtJbpE+QKxDq5Qn64 4zKPPAnBf7ebnbaPerj/PvhFdvAfjEs2I048OqAQJozlHDLtirC6MtynY0DP1O0N 4bYZfwGl5uu7WcnySMxizn4ydzE0FdR9OU+fMNUzsyT9STiCCPJQVqR3mNVixJI3 rCCRYWnSJVTwbiYz2BolS+NtVgtzqHYbk/hDvIbbzrVdJvhkQGToz5C8bdlplSrJ 9sNQrnYoMsqkRIT4VABqK/amBC2X+/B08NyH4p37ykQN1PNOtU0PU5QkgDLY2tVs 1k6Oa+K0b99BL0nOJfwW =Fxk0 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
