Debian Package Tracker
Register | Log in
Subscribe

libcgi-simple-perl

simple CGI.pm compatible OO CGI interface

Choose email to subscribe with

general
  • source: libcgi-simple-perl (main)
  • version: 1.282-1
  • maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
  • uploaders: gregor herrmann [DMD] – Dominic Hargreaves [DMD] – Niko Tyni [DMD] – Ansgar Burchardt [DMD]
  • arch: all
  • std-ver: 4.6.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.115-2
  • oldstable: 1.280-2
  • old-p-u: 1.280-2+deb12u1
  • stable: 1.281-1
  • stable-p-u: 1.282-1~deb13u1
  • testing: 1.282-1
  • unstable: 1.282-1
versioned links
  • 1.115-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.280-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.280-2+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.281-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.282-1~deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.282-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libcgi-simple-perl
action needed
1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:
  • CVE-2025-40927: (needs triaging) CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters. As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks. The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete. Impact By injecting %0A (newline) into a query string parameter, an attacker can: * Break the current HTTP header * Inject a new header or entire body * Deliver a script payload that is reflected in the server’s response That can lead to the following attacks: * reflected XSS * open redirect * cache poisoning * header manipulation

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-08-29 Last update: 2025-08-31 11:30
debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 1.282-1 of the package, we noticed the following issues:

  • 1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.
Created: 2023-02-26 Last update: 2025-08-29 14:31
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.2).
Created: 2024-04-07 Last update: 2025-08-29 09:58
news
[rss feed]
  • [2025-08-29] Accepted libcgi-simple-perl 1.280-2+deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2025-08-29] Accepted libcgi-simple-perl 1.282-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
  • [2025-08-29] Accepted libcgi-simple-perl 1.282-1 (source) into unstable (Salvatore Bonaccorso)
  • [2024-02-08] libcgi-simple-perl 1.281-1 MIGRATED to testing (Debian testing watch)
  • [2024-02-04] Accepted libcgi-simple-perl 1.281-1 (source) into unstable (gregor herrmann)
  • [2022-10-16] libcgi-simple-perl 1.280-2 MIGRATED to testing (Debian testing watch)
  • [2022-10-13] Accepted libcgi-simple-perl 1.280-2 (source) into unstable (Jelmer Vernooij) (signed by: Jelmer Vernooij)
  • [2022-01-17] libcgi-simple-perl 1.280-1 MIGRATED to testing (Debian testing watch)
  • [2022-01-14] Accepted libcgi-simple-perl 1.280-1 (source) into unstable (gregor herrmann)
  • [2015-08-28] libcgi-simple-perl 1.115-2 MIGRATED to testing (Britney)
  • [2015-08-22] Accepted libcgi-simple-perl 1.115-2 (source) into unstable (gregor herrmann)
  • [2014-11-04] libcgi-simple-perl 1.115-1 MIGRATED to testing (Britney)
  • [2014-10-24] Accepted libcgi-simple-perl 1.115-1 (source all) into unstable (gregor herrmann)
  • [2012-02-17] libcgi-simple-perl 1.113-2 MIGRATED to testing (Debian testing watch)
  • [2012-02-06] Accepted libcgi-simple-perl 1.113-2 (source all) (Dominic Hargreaves)
  • [2011-02-20] libcgi-simple-perl 1.113-1 MIGRATED to testing (Debian testing watch)
  • [2011-02-09] Accepted libcgi-simple-perl 1.113-1 (source all) (gregor herrmann)
  • [2011-01-20] libcgi-simple-perl 1.111-2 MIGRATED to testing (Debian testing watch)
  • [2011-01-15] Accepted libcgi-simple-perl 1.105-1lenny1 (source all) (Niko Tyni) (signed by: gregor herrmann)
  • [2011-01-14] Accepted libcgi-simple-perl 1.111-2 (source all) (Niko Tyni)
  • [2009-06-09] libcgi-simple-perl 1.111-1 MIGRATED to testing (Debian testing watch)
  • [2009-05-29] Accepted libcgi-simple-perl 1.111-1 (source all) (Ryan Niebur)
  • [2009-04-29] libcgi-simple-perl 1.109-1 MIGRATED to testing (Debian testing watch)
  • [2009-04-18] Accepted libcgi-simple-perl 1.109-1 (source all) (Ryan Niebur)
  • [2009-03-26] libcgi-simple-perl 1.108-1 MIGRATED to testing (Debian testing watch)
  • [2009-03-15] Accepted libcgi-simple-perl 1.108-1 (source all) (Ryan Niebur)
  • [2009-03-09] Accepted libcgi-simple-perl 1.107-1 (source all) (Ansgar Burchardt)
  • [2009-02-16] libcgi-simple-perl 1.106-1 MIGRATED to testing (Debian testing watch)
  • [2008-10-01] Accepted libcgi-simple-perl 1.106-1 (source all) (gregor herrmann)
  • [2008-05-28] libcgi-simple-perl 1.105-1 MIGRATED to testing (Debian testing watch)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debian patches
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.281-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing