Debian Security Advisory

DLA-61-1 libplack-perl -- LTS security update

Date Reported:

24 Sep 2014

Affected Packages:

libplack-perl

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-5269.

More information:

Apply fix for CVE-2014-5269: Plack::App::File would previously strip trailing slashes off provided paths. This could under specific circumstances lead to the unintended delivery of files. For details see https://github.com/plack/Plack/pull/446 .

For Debian 6 Squeeze, these issues have been fixed in libplack-perl version 0.9941-1+deb6u1