[perl-CGI/f16] 3.52 bump to fix CVE-2012-5526

Petr Pisar <ppisar@xxxxxxxxxxxxxxxxx> · Mon, 26 Nov 2012 14:31:35 +0000 (UTC)

commit 2e05079f215ab2f2c3a9d804461f780c8274a728
Author: Petr Písař <ppisar@xxxxxxxxxx>
Date:   Mon Nov 26 15:02:09 2012 +0100

    3.52 bump to fix CVE-2012-5526

 .gitignore                                         |    1 +
 ...n_cookies.patch => CGI-3.51-CVE-2012-5526.patch |    0
 perl-CGI.spec                                      |   11 ++++++++---
 sources                                            |    2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)
---

diff --git a/.gitignore b/.gitignore
index 879a835..3db305c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /CGI.pm-3.50.tar.gz
 /CGI.pm-3.51.tar.gz
+/CGI.pm-3.52.tar.gz
diff --git a/CGI-3.51-escape_new_lines_in_cookies.patch b/CGI-3.51-CVE-2012-5526.patch
similarity index 100%
rename from CGI-3.51-escape_new_lines_in_cookies.patch
rename to CGI-3.51-CVE-2012-5526.patch
diff --git a/perl-CGI.spec b/perl-CGI.spec
index dafa504..e4e079e 100644
--- a/perl-CGI.spec
+++ b/perl-CGI.spec
@@ -1,12 +1,12 @@
 Name:           perl-CGI
 Summary:        Handle Common Gateway Interface requests and responses
-Version:        3.51
-Release:        6%{?dist}
+Version:        3.52
+Release:        203%{?dist}
 License:        GPL+ or Artistic
 Group:          Development/Libraries
 Source0:        http://search.cpan.org/CPAN/authors/id/M/MA/MARKSTOS/CGI.pm-%{version}.tar.gz
 # CVE-2012-5526, RHBZ #876974
-Patch0:         CGI-3.51-escape_new_lines_in_cookies.patch
+Patch0:         CGI-3.51-CVE-2012-5526.patch
 URL:            http://search.cpan.org/dist/CGI
 Requires:       perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 BuildArch:      noarch
@@ -75,6 +75,11 @@ rm -rf %{buildroot}
 %{_mandir}/man3/*.3*
 
 %changelog
+* Mon Nov 26 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 3.52-203
+- 3.52 bump
+- Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P response headers
+  properly (bug #876974)
+
 * Fri Nov 16 2012 Petr Pisar <ppisar@xxxxxxxxxx> - 3.51-6
 - Improper new-line escaping in Set-Cookie and P3P headers is known as
   CVE-2012-5526 (bug #876974)
diff --git a/sources b/sources
index 3fbe366..d83777a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-53534654f745a1388bbda477022cf971  CGI.pm-3.51.tar.gz
+6ec43c8777713175e71ad9b19598899f  CGI.pm-3.52.tar.gz
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel






