Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 13 Update: perl-5.10.1-123.fc13
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Saturday 23rd April 2011 20:49:40 UTC (over 5 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-4918
2011-04-06 21:49:12
--------------------------------------------------------------------------------

Name        : perl
Product     : Fedora 13
Version     : 5.10.1
Release     : 123.fc13
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting.  Perl is good at handling processes and files,
and is especially good at handling text.  Perl's hallmarks are
practicality and efficiency.  While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming.  A large proportion of
the CGI scripts on the web are written in Perl.  You need the perl
package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your
system to handle Perl scripts.

--------------------------------------------------------------------------------
Update Information:

Security bug: lc launder tainted data

http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr  4 2011 Marcela Mašláňová  -
4:5.12.3-123
- 692900 - lc launders tainted flag, RT #87336
* Thu Mar 10 2011 Tom Callaway  - 4:5.12.3-122
- update ExtUtils::ParseXS to 2.2206 (current) to fix Wx build
* Wed Dec  1 2010 Marcela Mašláňová  -
4:5.10.1-121
- create sub-package for CGI 3.43
- create sub-package for threads-shared
* Mon Oct 11 2010 Petr Pisar  - 4:5.10.1-120
- Sub-package threads (bug #622190)
* Mon Sep  6 2010 Petr Pisar  - 4:5.10.1-119
- Do not leak when destroying thread (RT #77352, RHBZ #630667)
* Thu Aug 19 2010 Petr Pisar  - 4:5.10.1-118
- Add "-Wl,--enable-new-dtags" to linker to allow to override perl's rpath
by
  LD_LIBRARY_PATH used in tests. Otherwise tested perl would link to old
  in-system libperl.so.
* Thu Aug 12 2010 Marcela Mašláňová  -
4:5.10.1-117.1
- 622896 remove paths, which were in INC duplicated. The rest of duplicated
 must be here because it's always different macro: privlib/vendorlib.
* Mon Jul 26 2010 Petr Pisar  - 4:5.10.1-117
- Enable parallel testing in IO module
- Run tests in C locale to pass t/op/stat.t test in localized environment
- Run tests in parallel
* Fri Jul 23 2010 Marcela Mašláňová  -
4:5.10.1-116
- 575842 remove -DPERL_USE_SAFE_PUTENV from Configure. All related bugs
were
 tested with perl compiled without this option.
* Wed Jul 21 2010 Marcela Mašláňová  -
4:5.10.1-115 
- CVE-2010-1168 perl Safe: Intended restriction bypass via object
references
- CVE-2010-1447 perl: Safe restriction bypass when reference to subroutine
in
 compartment is called from outside
- Resolves: rhbz#588269, rhbz#576508
- 576824 backport unpack patch from upstream:
   http://rt.perl.org/rt3//Public/Bug/Display.html?id=73814
* Fri Jul  9 2010 Petr Pisar  - 4:5.10.1-114
- Add Digest::SHA requirement to perl-CPAN and perl-CPANPLUS (bug #612563)
* Wed Jul  7 2010 Petr Pisar  - 4:5.10.1-113
- fix incorrect return code on failed extraction by upgrading Archive::Tar
  to 1.62 (bug #607687)
- remove unused patches and renumber used ones
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #692898 - CVE-2011-1487 perl: lc(), uc() routines are
laundering tainted data
        https://bugzilla.redhat.com/show_bug.cgi?id=692898
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 4ms