Mageia Bugzilla – Bug 7805
perl-HTML-Template-Pro new security issue CVE-2011-4616
Last modified: 2012-10-20 17:40:25 CEST
Fedora has issued an advisory on October 6:
Mageia 2 is not affected as this was fixed in 0.9507 and we have 0.9509.
perl-HTML-Template-Pro-0.950.900-1.mga1 is available in core/updates_testing
Updated perl-HTML-Template-Pro packages fix security vulnerability:
Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module
before 0.9507 for Perl allows remote attackers to inject arbitrary web
script or HTML via template parameters, related to improper handling of
> (greater than) and < (less than) characters (CVE-2011-4616).
tested successfully for mga1 i586 and x86_64
used script from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587
As David already mentioned with this script mga2 is not affected.
Please use Advisory from Comment 2.
Can someone of the sysadmin-team push package to Updates? Thanks.