Package: libcgi-simple-perl / 1.280-2+deb12u1

Metadata

Package Version Patches format
libcgi-simple-perl 1.280-2+deb12u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
no shellwords pl.patch | (download)

lib/CGI/Simple.pm | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 use text::parsewords instead of shellwords.pl

The shellwords.pl library is deprecated and will be removed in a future
version of perl. Text::ParseWords has been in core since 5.0.0 and it is
used by shellwords.pl already.

Adapted from <https://github.com/markstos/CGI.pm/commit/0cf175dbfbeaa46d71343412c715096da5bd0eaf>


Sanitize all user supplied values before inserting i.patch | (download)

lib/CGI/Simple.pm | 8 5 + 3 - 0 !
t/120.header-crlf.t | 28 20 + 8 - 0 !
2 files changed, 25 insertions(+), 11 deletions(-)

 - sanitize all user-supplied values before inserting into http
 headers.   Thanks Maxim Kosenko for raising the issue with recommended
 solution.   Thanks breno for the patch.   Thanks Stig Palmquist for assiginig
 it CVE-2025-40927.