From Mageia wiki
MGASA-2012-0225
| Date: | August 18th, 2012 |
| Affected releases: | 1 |
Description:
Updated perl-Data-FormValidator package fixes security vulnerability:
The Data::FormValidator module 4.66 and earlier for Perl, when
untaint_all_constraints is enabled, does not properly preserve the
taint attribute of data, which might allow remote attackers to bypass
the taint protection mechanism via form input (CVE-2011-2201).
Updated Packages:
perl-Data-FormValidator-4.660.0-1.1.mga1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2201
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html
https://bugs.mageia.org/show_bug.cgi?id=7060
