From: Reed Loden <reed@reedloden.com>
Date: Thu, 11 Nov 2010 02:40:08 +0000 (-0800)
Subject: Bug 591165: (CVE-2010-2761) [SECURITY] Add CGI.pm v3.50 as an optional module in... 
X-Git-Tag: bugzilla-3.4.10~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a3540a32c6490c6d99d5128e048cb522d9c00a13;p=thirdparty%2Fbugzilla.git

Bug 591165: (CVE-2010-2761) [SECURITY] Add CGI.pm v3.50 as an optional module in order to address header injection vulnerability.
[r=mkanat a=mkanat]
---

diff --git a/Bugzilla/Install/Requirements.pm b/Bugzilla/Install/Requirements.pm
index b21595c831..1563597d69 100644
--- a/Bugzilla/Install/Requirements.pm
+++ b/Bugzilla/Install/Requirements.pm
@@ -280,6 +280,15 @@ sub OPTIONAL_MODULES {
         version => '1.999022',
         feature => 'mod_perl'
     },
+
+    {
+        package => 'CGI.pm',
+        module  => 'CGI',
+        # 3.50 fixes a security problem that affects Bugzilla.
+        # (bug 591165)
+        version => '3.50',
+        feature => 'Recommended important security fix'
+    },
     );
 
     my $all_modules = _get_extension_requirements(