| Summary: | perl-HTML-Template-Pro new security issue CVE-2011-4616 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | jquelin, marc.lattemann, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/519847/ | ||
| Whiteboard: | MGA1-32-OK, MGA1-64-OK | ||
| Source RPM: | perl-HTML-Template-Pro-0.950.400-1.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-10-15 21:31:45 CEST
perl-HTML-Template-Pro-0.950.900-1.mga1 is available in core/updates_testing CC:
(none) =>
jquelin Thanks Jerome! Advisory: ======================== Updated perl-HTML-Template-Pro packages fix security vulnerability: Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters (CVE-2011-4616). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html tested successfully for mga1 i586 and x86_64 used script from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 As David already mentioned with this script mga2 is not affected. Please use Advisory from Comment 2. src-RPM: perl-HTML-Template-Pro-0.950.900-1.mga1.src.rpm Can someone of the sysadmin-team push package to Updates? Thanks. Keywords:
(none) =>
validated_update Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0302 Status:
NEW =>
RESOLVED |