r67387 - in /trunk/libcgi-simple-perl/debian: changelog patches/cve-2010-4411.patch patches/series

ntyni at users.alioth.debian.org ntyni at users.alioth.debian.org
Fri Jan 14 17:43:55 UTC 2011 

Author: ntyni
Date: Fri Jan 14 17:43:30 2011
New Revision: 67387

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=67387
Log:
[SECURITY] CVE-2010-4411: fix a newline injection issue that resulted
from an incomplete fix for CVE-2010-4410.

Added:
    trunk/libcgi-simple-perl/debian/patches/cve-2010-4411.patch
Modified:
    trunk/libcgi-simple-perl/debian/changelog
    trunk/libcgi-simple-perl/debian/patches/series

Modified: trunk/libcgi-simple-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcgi-simple-perl/debian/changelog?rev=67387&op=diff
==============================================================================
--- trunk/libcgi-simple-perl/debian/changelog (original)
+++ trunk/libcgi-simple-perl/debian/changelog Fri Jan 14 17:43:30 2011
@@ -22,6 +22,10 @@
   * add a patch for CVE-2010-4410
     + add libtest-exception-perl to dependencies
   * use "3.0 (quilt)" source format
+
+  [ Niko Tyni ]
+  * [SECURITY] CVE-2010-4411: fix a newline injection issue that resulted
+    from an incomplete fix for CVE-2010-4410.
 
  -- Damyan Ivanov <dmn at debian.org>  Fri, 31 Dec 2010 17:57:27 +0200
 

Added: trunk/libcgi-simple-perl/debian/patches/cve-2010-4411.patch
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcgi-simple-perl/debian/patches/cve-2010-4411.patch?rev=67387&op=file
==============================================================================
--- trunk/libcgi-simple-perl/debian/patches/cve-2010-4411.patch (added)
+++ trunk/libcgi-simple-perl/debian/patches/cve-2010-4411.patch Fri Jan 14 17:43:30 2011
@@ -1,0 +1,30 @@
+Author: Mark Stosberg <mark at stosberg.com>
+Origin: http://github.com/markstos/CGI--Simple/commit/daff9ca164a7d88d68b6d4d729331e03e32d00dd
+Origin: http://github.com/markstos/CGI--Simple/commit/e811ab874a5e0ac8a99e76b645a0e537d8f714da
+Subject: [CVE-2010-4411] Port latest header-injection refinement from CGI.pm
+
+See also http://www.openwall.com/lists/oss-security/2011/01/04/9
+
+--- libcgi-simple-perl.orig/lib/CGI/Simple.pm
++++ libcgi-simple-perl/lib/CGI/Simple.pm
+@@ -1007,7 +1007,7 @@
+       $header =~ s/$CRLF(\s)/$1/g;
+ 
+       # All other uses of newlines are invalid input.
+-      if ( $header =~ m/$CRLF/ ) {
++      if ($header =~ m/$CRLF|\015|\012/) {
+         # shorten very long values in the diagnostic
+         $header = substr( $header, 0, 72 ) . '...'
+          if ( length $header > 72 );
+--- libcgi-simple-perl.orig/t/headers.t
++++ libcgi-simple-perl/t/headers.t
+@@ -76,3 +76,9 @@
+   'redirect with leading newlines blows up'
+ );
+ 
++{
++    my $cgi = CGI::Simple->new('t=bogus%0A%0A<html>');
++    my $out;
++    eval { $out = $cgi->redirect( $cgi->param('t') ) };
++    like($@,qr/contains a newline/, "redirect does not allow double-newline injection");
++}

Modified: trunk/libcgi-simple-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcgi-simple-perl/debian/patches/series?rev=67387&op=diff
==============================================================================
--- trunk/libcgi-simple-perl/debian/patches/series (original)
+++ trunk/libcgi-simple-perl/debian/patches/series Fri Jan 14 17:43:30 2011
@@ -1,1 +1,2 @@
 cve-2010-4410.patch
+cve-2010-4411.patch

More information about the Pkg-perl-cvs-commits mailing list