Fedora has issued an advisory on October 6: http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html Mageia 2 is not affected as this was fixed in 0.9507 and we have 0.9509.
perl-HTML-Template-Pro-0.950.900-1.mga1 is available in core/updates_testing
CC: (none) => jquelinAssignee: jquelin => qa-bugs
Thanks Jerome! Advisory: ======================== Updated perl-HTML-Template-Pro packages fix security vulnerability: Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters (CVE-2011-4616). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html
tested successfully for mga1 i586 and x86_64 used script from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587 As David already mentioned with this script mga2 is not affected. Please use Advisory from Comment 2. src-RPM: perl-HTML-Template-Pro-0.950.900-1.mga1.src.rpm Can someone of the sysadmin-team push package to Updates? Thanks.
Keywords: (none) => validated_updateCC: (none) => marc.lattemann, sysadmin-bugsWhiteboard: (none) => MGA1-32-OK, MGA1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0302
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED