Debian Linux Security Advisory 2587-1 - It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.
cfd5541265fe776ae15056217e4875ff0f3a904361d5c687f2c8ee23ca0a3716