Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195The x operator could cause the Perl interpreter to crash if very long strings were created. CVE-2012-5526The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers. In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data.

For the stable distribution (squeeze), these problems have been fixed in version 5.10.1-17squeeze4. For the unstable distribution (sid), these problems have been fixed in version 5.14.2-16. We recommend that you upgrade your perl packages.

An interpreted scripting language, known among some as 'Unix's Swiss Army Chainsaw'.

perl on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2012/dsa-2586.html

---

Updated on 2015-03-25