From https://bugzilla.redhat.com/show_bug.cgi?id=877015 : A security flaw was found in the way CGI.pm, a Perl module to handle Common Gateway Interface requests and responses, performed sanitization of values to be used for Set-Cookie and P3P headers. If a Perl CGI.pm module based CGI application reused cookies values and accepted untrusted input from web browser(s), a remote attacker could use this flaw to in an unauthorized way alter member items of the cookie or add new items.
CVE-2012-5526 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5526): CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
GLSA vote: no. @maintainers: clean up, please.
(In reply to Chris Reffett from comment #2) > @maintainers: clean up, please. Done.
GLSA vote: no Closing as noglsa