Makefile.PL | 1 1 + 0 - 0 !
t/120.header-crlf.t | 20 20 + 0 - 0 !
2 files changed, 21 insertions(+)

 test for fix cvs-2010-4410
 Always check for CRLF in supplied header values and require that CRLF
 is followed by a whitespace, in which case the CRLF is stripped.
 Die if CRLF is followed by non-whitespace character.
Bug-Debian: http://bugs.debian.org/606379

lib/CGI/Simple.pm | 2 1 + 1 - 0 !
t/headers.t | 6 6 + 0 - 0 !
2 files changed, 7 insertions(+), 1 deletion(-)

 [cve-2010-4411] port latest header-injection refinement from cgi.pm

See also http://www.openwall.com/lists/oss-security/2011/01/04/9

lib/CGI/Simple.pm | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 use text::parsewords instead of shellwords.pl

The shellwords.pl library is deprecated and will be removed in a future
version of perl. Text::ParseWords has been in core since 5.0.0 and it is
used by shellwords.pl already.

Adapted from <https://github.com/markstos/CGI.pm/commit/0cf175dbfbeaa46d71343412c715096da5bd0eaf>