Register | Log in

libplack-perl

interface between web servers and Perl web applications

Choose email to subscribe with

general

source: libplack-perl (main)
version: 1.0054-1
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: gregor herrmann [DMD] – Iñigo Tejedor Arrondo [DMD]
arch: all
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.0048-1
oldstable: 1.0050-1
stable: 1.0051-1
testing: 1.0054-1
unstable: 1.0054-1

versioned links

1.0048-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0050-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0051-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.0054-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libplack-perl (1 bugs: 0, 1, 0, 0)

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Plack environment. A malicious client can set the X-Sendfile-Type header to "X-Accel-Redirect" to services running behind nginx reverse proxies, and then set the X-Accel-Mapping to map the path to an arbitrary file on the server. Since 1.0053, Plack::Middleware::XSendfile is deprecated and will be removed from future releases of Plack. This is similar to CVE-2025-61780 for Rack::Sendfile, although Plack::Middleware::XSendfile has some mitigations that disallow regular expressions to be used in the mapping, and only apply the mapping for the "X-Accel-Redirect" type.

Created: 2026-04-30 Last update: 2026-05-18 01:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Plack environment. A malicious client can set the X-Sendfile-Type header to "X-Accel-Redirect" to services running behind nginx reverse proxies, and then set the X-Accel-Mapping to map the path to an arbitrary file on the server. Since 1.0053, Plack::Middleware::XSendfile is deprecated and will be removed from future releases of Plack. This is similar to CVE-2025-61780 for Rack::Sendfile, although Plack::Middleware::XSendfile has some mitigations that disallow regular expressions to be used in the mapping, and only apply the mapping for the "X-Accel-Redirect" type.

Created: 2026-04-30 Last update: 2026-05-18 01:00

No known security issue in trixie wishlist

There is 1 open security issue in trixie.

1 ignored issue:

CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Plack environment. A malicious client can set the X-Sendfile-Type header to "X-Accel-Redirect" to services running behind nginx reverse proxies, and then set the X-Accel-Mapping to map the path to an arbitrary file on the server. Since 1.0053, Plack::Middleware::XSendfile is deprecated and will be removed from future releases of Plack. This is similar to CVE-2025-61780 for Rack::Sendfile, although Plack::Middleware::XSendfile has some mitigations that disallow regular expressions to be used in the mapping, and only apply the mapping for the "X-Accel-Redirect" type.

Created: 2026-04-30 Last update: 2026-05-18 01:00

No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:

CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Plack environment. A malicious client can set the X-Sendfile-Type header to "X-Accel-Redirect" to services running behind nginx reverse proxies, and then set the X-Accel-Mapping to map the path to an arbitrary file on the server. Since 1.0053, Plack::Middleware::XSendfile is deprecated and will be removed from future releases of Plack. This is similar to CVE-2025-61780 for Rack::Sendfile, although Plack::Middleware::XSendfile has some mitigations that disallow regular expressions to be used in the mapping, and only apply the mapping for the "X-Accel-Redirect" type.

Created: 2026-04-30 Last update: 2026-05-18 01:00

news

[2026-05-18] libplack-perl 1.0054-1 MIGRATED to testing (Debian testing watch)
[2026-05-05] Accepted libplack-perl 1.0054-1 (source) into unstable (gregor herrmann)
[2024-01-22] libplack-perl 1.0051-1 MIGRATED to testing (Debian testing watch)
[2024-01-20] Accepted libplack-perl 1.0051-1 (source) into unstable (gregor herrmann)
[2022-09-09] libplack-perl 1.0050-1 MIGRATED to testing (Debian testing watch)
[2022-09-06] Accepted libplack-perl 1.0050-1 (source) into unstable (gregor herrmann)
[2022-09-05] libplack-perl 1.0049-1 MIGRATED to testing (Debian testing watch)
[2022-09-04] Accepted libplack-perl 1.0049-1 (source) into unstable (gregor herrmann)
[2022-07-02] libplack-perl 1.0048-2 MIGRATED to testing (Debian testing watch)
[2022-06-30] Accepted libplack-perl 1.0048-2 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2020-12-06] libplack-perl 1.0048-1 MIGRATED to testing (Debian testing watch)
[2020-12-03] Accepted libplack-perl 1.0048-1 (source) into unstable (gregor herrmann)
[2019-10-26] libplack-perl 1.0047-2 MIGRATED to testing (Debian testing watch)
[2019-10-23] Accepted libplack-perl 1.0047-2 (source) into unstable (gregor herrmann)
[2018-02-20] libplack-perl 1.0047-1 MIGRATED to testing (Debian testing watch)
[2018-02-14] Accepted libplack-perl 1.0047-1 (source) into unstable (gregor herrmann)
[2018-01-07] libplack-perl 1.0045-1 MIGRATED to testing (Debian testing watch)
[2018-01-01] Accepted libplack-perl 1.0045-1 (source) into unstable (gregor herrmann)
[2017-10-03] libplack-perl 1.0044-1 MIGRATED to testing (Debian testing watch)
[2017-09-27] Accepted libplack-perl 1.0044-1 (source) into unstable (gregor herrmann)
[2016-11-06] libplack-perl 1.0042-1 MIGRATED to testing (Debian testing watch)
[2016-10-26] Accepted libplack-perl 1.0042-1 (source) into unstable (gregor herrmann)
[2015-12-13] libplack-perl 1.0039-1 MIGRATED to testing (Debian testing watch)
[2015-12-07] Accepted libplack-perl 1.0039-1 (source) into unstable (gregor herrmann)
[2015-12-05] libplack-perl 1.0038-1 MIGRATED to testing (Debian testing watch)
[2015-11-29] Accepted libplack-perl 1.0038-1 (source) into unstable (gregor herrmann)
[2015-07-03] libplack-perl 1.0037-1 MIGRATED to testing (Britney)
[2015-06-27] Accepted libplack-perl 1.0037-1 (source all) into unstable (gregor herrmann)
[2015-06-26] libplack-perl 1.0036-2 MIGRATED to testing (Britney)
[2015-06-17] Accepted libplack-perl 1.0036-2 (source all) into unstable (gregor herrmann)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.0051-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing