From http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761: The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. Upstream commit appears to be at $URL.
Fixed in =dev-perl/Cgi-Simple-1.113
(In reply to comment #1) > Fixed in =dev-perl/Cgi-Simple-1.113 > Thank you. Arches, please test and mark stable: =dev-perl/Cgi-Simple-1.113 Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"
Stable on x86 and amd64
alpha/ia64/sparc stable
ppc done
ppc64 stable. @security: last arch done, into your hands
Vote: No.
No too, closing noglsa. Thanks, folks.