Package: libcgi-simple-perl

Package: libcgi-simple-perl / 1.280-2+deb12u1

Metadata

Package	Version	Patches format
libcgi-simple-perl	1.280-2+deb12u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
no shellwords pl.patch \| (download)	lib/CGI/Simple.pm \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	use text::parsewords instead of shellwords.pl The shellwords.pl library is deprecated and will be removed in a future version of perl. Text::ParseWords has been in core since 5.0.0 and it is used by shellwords.pl already. Adapted from <https://github.com/markstos/CGI.pm/commit/0cf175dbfbeaa46d71343412c715096da5bd0eaf>
Sanitize all user supplied values before inserting i.patch \| (download)	lib/CGI/Simple.pm \| 8 5 + 3 - 0 ! t/120.header-crlf.t \| 28 20 + 8 - 0 ! 2 files changed, 25 insertions(+), 11 deletions(-)	- sanitize all user-supplied values before inserting into http headers. Thanks Maxim Kosenko for raising the issue with recommended solution. Thanks breno for the patch. Thanks Stig Palmquist for assiginig it CVE-2025-40927.

Patch

File delta

Description

no shellwords pl.patch | (download)

lib/CGI/Simple.pm | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

use text::parsewords instead of shellwords.pl

The shellwords.pl library is deprecated and will be removed in a future
version of perl. Text::ParseWords has been in core since 5.0.0 and it is
used by shellwords.pl already.

Adapted from <https://github.com/markstos/CGI.pm/commit/0cf175dbfbeaa46d71343412c715096da5bd0eaf>

Sanitize all user supplied values before inserting i.patch | (download)

lib/CGI/Simple.pm | 8 5 + 3 - 0 !
t/120.header-crlf.t | 28 20 + 8 - 0 !
2 files changed, 25 insertions(+), 11 deletions(-)

 - sanitize all user-supplied values before inserting into http
 headers.   Thanks Maxim Kosenko for raising the issue with recommended
 solution.   Thanks breno for the patch.   Thanks Stig Palmquist for assiginig
 it CVE-2025-40927.