From https://bugzilla.redhat.com/show_bug.cgi?id=877015 :
A security flaw was found in the way CGI.pm, a Perl module to handle Common Gateway Interface
requests and responses, performed sanitization of values to be used for Set-Cookie and P3P headers.
If a Perl CGI.pm module based CGI application reused cookies values and accepted untrusted input
from web browser(s), a remote attacker could use this flaw to in an unauthorized way alter member
items of the cookie or add new items.
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1)
Set-Cookie or (2) P3P headers, which might allow remote attackers to inject
arbitrary headers into responses from applications that use CGI.pm.
GLSA vote: no. @maintainers: clean up, please.
(In reply to Chris Reffett from comment #2)
> @maintainers: clean up, please.
GLSA vote: no
Closing as noglsa