Two vulnerabilities were discovered in the implementation of the Perl programming language:
The x operator could cause the Perl interpreter to crash if very long strings were created.
The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers.
In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data.
For the stable distribution (squeeze), these problems have been fixed in version 5.10.1-17squeeze4.
For the unstable distribution (sid), these problems have been fixed in version 5.14.2-16.
We recommend that you upgrade your perl packages.