rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
Posted: Wed Aug 13, 2003 10:16 pm Post subject: Pre-GLSA: CGI.pm |
|
|
There is a cross-site scripting vulnerability in CGI.pm that was corrected in 2.94. The version in the 5.8.0 perl core is vulnerable. In a future release of perl, we may include a patched version, but I think it would be overkill to have everybody recompile perl just to address this.
Instead, anybody that is using CGI.pm should emerge the dev-perl/CGI module, which will bring you a version of CGI.pm that is not vulnerable. _________________ For every higher wall, there is a taller ladder |
|