From: Reed Loden <reed@reedloden.com>
Date: Thu, 11 Nov 2010 02:41:23 +0000 (-0800)
Subject: Bug 591165: (CVE-2010-2761) [SECURITY] Add CGI.pm v3.50 as an optional module in... 
X-Git-Tag: bugzilla-3.2.10~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=718b75143a9979055e2b7514ec842416b2523353;p=thirdparty%2Fbugzilla.git

Bug 591165: (CVE-2010-2761) [SECURITY] Add CGI.pm v3.50 as an optional module in order to address header injection vulnerability.
[r=mkanat a=mkanat]
---

diff --git a/Bugzilla/Install/Requirements.pm b/Bugzilla/Install/Requirements.pm
index cf6ee03532..3991743b76 100644
--- a/Bugzilla/Install/Requirements.pm
+++ b/Bugzilla/Install/Requirements.pm
@@ -243,6 +243,15 @@ sub OPTIONAL_MODULES {
         version => '1.999022',
         feature => 'mod_perl'
     },
+
+    {
+        package => 'CGI.pm',
+        module  => 'CGI',
+        # 3.50 fixes a security problem that affects Bugzilla.
+        # (bug 591165)
+        version => '3.50',
+        feature => 'Recommended important security fix'
+    },
     );
 
     my $all_modules = _get_extension_requirements(