A vulnerability was discovered and corrected in perl-CGI: CGI.pm module before 3.63 for Perl does not properly escape newlines in Set-Cookie or P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm . The updated packages have been patched to correct this issue.