[Bug 876974] New: CGI::header() does not escape new lines in cookie value

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
Subject: [Bug 876974] New: CGI::header() does not escape new lines in cookie value
From: bugzilla@xxxxxxxxxx
Date: Thu, 15 Nov 2012 12:40:35 +0000
Auto-submitted: auto-generated
Delivered-to: perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
Reply-to: Fedora perl development team <perl-devel@xxxxxxxxxxxxxxxxxxxxxxx>

Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=876974

            Bug ID: 876974
           Summary: CGI::header() does not escape new lines in cookie
                    value
           Product: Fedora
           Version: 17
         Component: perl-CGI
          Severity: high
          Priority: unspecified
          Reporter: ppisar@xxxxxxxxxx
              Type: Bug

$ cat test
#!/usr/bin/perl
use strict;
use warnings;
use CGI qw/header/;

print header(
   -cookie => [ "foo\nbar\nbaz", ],
   -p3p    => [ "foo\nbar\nbaz", ],
);

$ ./test
P3P: policyref="/w3c/p3p.xml", CP="foo
bar
baz"
Set-Cookie: foo
bar
baz
Date: Thu, 15 Nov 2012 12:23:39 GMT
Content-Type: text/html; charset=ISO-8859-1

Fixed in upstream CGI-3.63.

F<19 are affected.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel

Follow-Ups:
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers [fedora-all]
  - From: bugzilla
- [Bug 876974] CGI::header() does not escape new lines in cookie value
  - From: bugzilla
- [Bug 876974] CGI::header() does not escape new lines in cookie value
  - From: bugzilla
- [Bug 876974] CGI::header() does not escape new lines in cookie value
  - From: bugzilla
- [Bug 876974] CGI::header() does not escape new lines in cookie value
  - From: bugzilla
- [Bug 876974] CGI::header() does not escape new lines in cookie value
  - From: bugzilla
- [Bug 876974] CGI::header() does not escape new lines in cookie value
  - From: bugzilla

Prev by Date: [perl-DateTime-TimeZone] Add BR, filter duplicated requires.
Next by Date: [Bug 876974] CGI::header() does not escape new lines in cookie value
Previous by thread: [perl-DateTime-TimeZone] Add BR, filter duplicated requires.
Next by thread: [Bug 876974] CGI::header() does not escape new lines in cookie value
Index(es):
- Date
- Thread

[Index of Archives] [Fedora Announce] [Fedora Kernel] [Fedora Testing] [Fedora Legacy Announce] [Fedora PHP Devel] [Kernel Devel] [Fedora Legacy] [Fedora Maintainers] [Fedora Desktop] [PAM] [Red Hat Development] [Big List of Linux Books] [Gimp] [Yosemite Information]