Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 17 Update: perl-Module-Signature-0.73-1.fc17
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Tuesday 18th June 2013 01:35:48 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-10415
2013-06-09 00:51:26
--------------------------------------------------------------------------------

Name        : perl-Module-Signature
Product     : Fedora 17
Version     : 0.73
Release     : 1.fc17
URL         : http://search.cpan.org/dist/Module-Signature/
Summary     : CPAN signature management utilities and modules
Description :
This package contains a command line tool and module for checking and
creating
SIGNATURE files for Perl CPAN distributions.

--------------------------------------------------------------------------------
Update Information:

This update ensures that digest modules are only loaded from absolute paths
in @INC, avoiding a potential arbitrary code execution problem
(CVE-2013-2145).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun  7 2013 Paul Howarth  - 0.73-1
- Update to 0.73
  - Constrain the user-specified digest name to /^\w+\d+$/
  - Only allow loading Digest::* from absolute paths in @INC
(CVE-2013-2145)
* Thu Feb 14 2013 Fedora Release Engineering
 - 0.70-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Nov 28 2012 Paul Howarth  - 0.70-1
- Update to 0.70
  - Don't check gpg version if gpg does not exist
* Fri Nov  2 2012 Paul Howarth  - 0.69-1
- Update to 0.69
  - Support for gpg under these alternate names: gpg gpg2 gnupg gnupg2
- This release by AUDREYT -> update source URL
- BR:/R: perl(Text::Diff)
- Include Andreas Koenig's GPG key in the SRPM and import it in %prep so
  that we don't need to get it from a keyserver in %check
* Thu Nov  1 2012 Petr Pisar  - 0.68-7
- Make building non-interactive
- Specify all dependencies
* Fri Jul 20 2012 Fedora Release Engineering
 - 0.68-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Jun 12 2012 Paul Howarth  - 0.68-5
- BR: perl(constant), perl(Data::Dumper) and perl(lib)
- Don't need to remove empty directories from the buildroot
- Drop %defattr, redundant since rpm 4.4
* Tue Jun 12 2012 Petr Pisar  - 0.68-4
- Perl 5.16 rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #971096 - CVE-2013-2145 perl-Module-Signature: arbitrary code
execution when verifying SIGNATURE
        https://bugzilla.redhat.com/show_bug.cgi?id=971096
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl-Module-Signature' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms