From Mageia wiki
MGASA-2012-0302
Date: | October 20th, 2012 |
Affected releases: | 1 |
Description:
Updated perl-HTML-Template-Pro packages fix security vulnerability:
Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module
before 0.9507 for Perl allows remote attackers to inject arbitrary web
script or HTML via template parameters, related to improper handling of
">" (greater than) and "<" (less than) characters (CVE-2011-4616).
Updated Packages:
perl-HTML-Template-Pro-0.950.900-1.mga1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4616
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html
https://bugs.mageia.org/show_bug.cgi?id=7805