Launchpad CVE tracker

CVE 2012-5526

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

Related bugs and status

CVE-2012-5526 (Candidate) is related to these bugs:

Bug #1069034: [CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator

		In	Importance	Status
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Hardy)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Lucid)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Natty)	Medium	Won't Fix
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Oneiric)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Precise)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Quantal)	Medium	Fix Released
1069034	[CVE-2012-5195] heap buffer overrun with the 'x' string repeat operator	perl (Ubuntu Raring)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5526

References