Package: libcgi-session-perl

Package: libcgi-session-perl / 4.48-1+deb8u1

Metadata

Package	Version	Patches format
libcgi-session-perl	4.48-1+deb8u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
0001 Untaint raw data coming from session storage backend.patch \| (download)	lib/CGI/Session.pm \| 4 4 + 0 - 0 ! t/taint_storage.t \| 34 34 + 0 - 0 ! 2 files changed, 38 insertions(+)	[patch] untaint raw data coming from session storage backends The various storage backends need to be considered trusted, so data coming out of them should be untainted. The _CLAIMED_ID comes from an HTTP cookie and is probably tainted, but presumably it's OK if it matched some data in the storage. Bug: https://rt.cpan.org/Public/Bug/Display.html?id=80346 Bug-Debian: https://bugs.debian.org/810799

Patch

File delta

Description

0001 Untaint raw data coming from session storage backend.patch | (download)

lib/CGI/Session.pm | 4 4 + 0 - 0 !
t/taint_storage.t | 34 34 + 0 - 0 !
2 files changed, 38 insertions(+)

 [patch] untaint raw data coming from session storage backends

The various storage backends need to be considered trusted,
so data coming out of them should be untainted.

The _CLAIMED_ID comes from an HTTP cookie and is probably tainted,
but presumably it's OK if it matched some data in the storage.

Bug: https://rt.cpan.org/Public/Bug/Display.html?id=80346
Bug-Debian: https://bugs.debian.org/810799