Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195 The x operator could cause the Perl interpreter to crash if very long strings were created. CVE-2012-5526 The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers. In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data. For the stable distribution (squeeze), these problems have been fixed in version 5.10.1-17squeeze4. For the unstable distribution (sid), these problems have been fixed in version 5.14.2-16. We recommend that you upgrade your perl packages.
Two vulnerabilities were discovered in the implementation of the Perl programming language:
The x
operator could cause the Perl interpreter to crash
if very long strings were created.
The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers.
In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data.
For the stable distribution (squeeze), these problems have been fixed in version 5.10.1-17squeeze4.
For the unstable distribution (sid), these problems have been fixed in version 5.14.2-16.
We recommend that you upgrade your perl packages.