Package: libcgi-simple-perl / 1.280-2+deb12u1
Metadata
Package | Version | Patches format |
---|---|---|
libcgi-simple-perl | 1.280-2+deb12u1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
no shellwords pl.patch | (download) |
lib/CGI/Simple.pm |
4 2 + 2 - 0 ! |
use text::parsewords instead of shellwords.pl The shellwords.pl library is deprecated and will be removed in a future version of perl. Text::ParseWords has been in core since 5.0.0 and it is used by shellwords.pl already. Adapted from <https://github.com/markstos/CGI.pm/commit/0cf175dbfbeaa46d71343412c715096da5bd0eaf> |
Sanitize all user supplied values before inserting i.patch | (download) |
lib/CGI/Simple.pm |
8 5 + 3 - 0 ! |
- sanitize all user-supplied values before inserting into http headers. Thanks Maxim Kosenko for raising the issue with recommended solution. Thanks breno for the patch. Thanks Stig Palmquist for assiginig it CVE-2025-40927. |
1