Overview

File _patchinfo of Package patchinfo.1427

<patchinfo>
  <issue id="804415" tracker="bnc">VUL-0: CVE-2013-1667: perl: Denial of Service (CPU consumption) via specially-crafted, user-supplied hash keys</issue>
  <issue id="797060" tracker="bnc">VUL-1: perl: CVE-2012-6329: missing input sanitation</issue>
  <issue id="789994" tracker="bnc">VUL-1: CVE-2012-5526: perl: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers</issue>
  <issue id="755278" tracker="bnc">fix IPC::Open3 bug when '-' is used</issue>
  <issue id="CVE-2012-6329" tracker="cve" />
  <issue id="CVE-2013-1667" tracker="cve" />
  <issue id="CVE-2012-5526" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>mlschroe</packager>
  <description>Perl was updated to fix 3 security issues:

- fix rehash denial of service (compute time) [bnc#804415] [CVE-2013-1667]
- improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]
- sanitize input in Maketext.pm to avoid code injection [bnc#797060] [CVE-2012-6329]

In openSUSE 12.1 also the following non-security bug was fixed:
- fix IPC::Open3 bug when '-' is used [bnc#755278]
</description>
  <summary>update for perl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places