1
PublicDateAtUSN: 2010-12-06
2
Candidate: CVE-2010-2761
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2761
6
http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes
7
http://openwall.com/lists/oss-security/2010/12/01/1
8
https://usn.ubuntu.com/usn/usn-1129-1
10
The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in
11
CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary
12
string in multipart/x-mixed-replace content, which allows remote attackers
13
to inject arbitrary HTTP headers and conduct HTTP response splitting
14
attacks via crafted input that contains this value, a different
15
vulnerability than CVE-2010-3172.
18
mdeslaur> debian fix in perl is cgi-multiline-header.diff
24
Patches_libcgi-pm-perl:
25
upstream: https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380
26
upstream_libcgi-pm-perl: released (3.50-1)
27
dapper_libcgi-pm-perl: DNE
28
hardy_libcgi-pm-perl: DNE
29
karmic_libcgi-pm-perl: ignored (reached end-of-life)
30
lucid_libcgi-pm-perl: ignored (reached end-of-life)
31
maverick_libcgi-pm-perl: ignored (reached end-of-life)
32
natty_libcgi-pm-perl: not-affected (3.50-1)
33
oneiric_libcgi-pm-perl: not-affected (3.50-1)
34
precise_libcgi-pm-perl: not-affected (3.50-1)
35
quantal_libcgi-pm-perl: not-affected (3.50-1)
36
raring_libcgi-pm-perl: not-affected (3.50-1)
37
saucy_libcgi-pm-perl: not-affected (3.50-1)
38
devel_libcgi-pm-perl: not-affected (3.50-1)
40
Patches_libcgi-simple-perl:
41
upstream_libcgi-simple-perl: released (1.111-2)
42
dapper_libcgi-simple-perl: ignored (reached end-of-life)
43
hardy_libcgi-simple-perl: ignored (reached end-of-life)
44
karmic_libcgi-simple-perl: ignored (reached end-of-life)
45
lucid_libcgi-simple-perl: ignored (reached end-of-life)
46
maverick_libcgi-simple-perl: ignored (reached end-of-life)
47
natty_libcgi-simple-perl: not-affected (1.111-2)
48
oneiric_libcgi-simple-perl: not-affected (1.111-2)
49
precise_libcgi-simple-perl: not-affected (1.111-2)
50
quantal_libcgi-simple-perl: not-affected (1.111-2)
51
raring_libcgi-simple-perl: not-affected (1.111-2)
52
saucy_libcgi-simple-perl: not-affected (1.111-2)
53
devel_libcgi-simple-perl: not-affected (1.111-2)
56
upstream_perl: released (5.10.1-17)
57
dapper_perl: released (5.8.7-10ubuntu1.3)
58
hardy_perl: released (5.8.8-12ubuntu0.5)
59
karmic_perl: ignored (reached end-of-life)
60
lucid_perl: released (5.10.1-8ubuntu2.1)
61
maverick_perl: released (5.10.1-12ubuntu2.1)
62
natty_perl: not-affected (5.10.1-17ubuntu1)
63
oneiric_perl: not-affected (5.10.1-17ubuntu1)
64
precise_perl: not-affected (5.10.1-17ubuntu1)
65
quantal_perl: not-affected (5.10.1-17ubuntu1)
66
raring_perl: not-affected (5.10.1-17ubuntu1)
67
saucy_perl: not-affected (5.10.1-17ubuntu1)
68
devel_perl: not-affected (5.10.1-17ubuntu1)