Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
Note: I'm not sure about the Gentoo package name, it might be dev-perl/Cgi-Simple :-/
Fixed in =dev-lang/perl-5.12.2-r6 =virtual/perl-CGI-3.510 =perl-core/CGI-3.510
(In reply to comment #2) > =dev-lang/perl-5.12.2-r6 > =virtual/perl-CGI-3.510 > =perl-core/CGI-3.510 Arches, please test and stabilize the above.
ppc/ppc64 stable
Created attachment 259925 [details] Build log On amd64 is ok, but i see: /usr/share/man/man1/pl2pm.1 /usr/share/man/man1/prove.1 /usr/share/man/man1/ptar.1 /usr/share/man/man1/ptardiff.1 no documentation in utils/cpanp-run-perl /usr/share/man/man1/cpanp.1 /usr/share/man/man1/cpan2dist.1 and installhtml: ./pod/perlhack.pod: cannot resolve L<writemain> in paragraph 125. installhtml: ./pod/perlhack.pod: cannot resolve L<Test Anything Protocol|TAP> in paragraph 455. /usr/share/man/man1/cpanp-run-perl.1 does not exist! >>> Completed installing perl-5.12.2-r6 into /tmp/portage/dev-lang/perl-5.12.2-r6/image/ What about this?
amd64 done I couldn't reproduce the warnings but they don't seem serious anyway
Tested on x86, all good here.
(In reply to comment #7) > Tested on x86, all good here. > +1
stable x86, thanks David and Agostino
Stable for HPPA.
alpha/arm/ia64/m68k/s390/sh/sparc stable
Thanks, everyone. GLSA Vote: yes.
Thanks tove! GLSA vote: NO.
GLSA vote: NO, closing [noglsa].