Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 14 Update: perl-5.12.4-147.fc14
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Thursday 3rd November 2011 00:22:52 UTC (over 5 years ago)
---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-13874
2011-10-05 23:31:13
---------------------------------------------------------------------------=
-----

Name        : perl
Product     : Fedora 14
Version     : 5.12.4
Release     : 147.fc14
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting.  Perl is good at handling processes and files,
and is especially good at handling text.  Perl's hallmarks are
practicality and efficiency.  While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming.  A large proportion of
the CGI scripts on the web are written in Perl.  You need the perl
package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your
system to handle Perl scripts.

---------------------------------------------------------------------------=
-----
Update Information:

This update fixes security bug in Digest object constructor
(CVE-2011-3597)=
 and in decoding Unicode string by interpreter (CVE-2011-2939).
---------------------------------------------------------------------------=
-----
ChangeLog:

* Wed Oct  5 2011 Petr Pisar  - 4:5.12.4-147
- Fix CVE-2011-3597 (code injection in Digest) (bug #743010)
- Fix CVE-2011-2939 (heap overflow while decoding Unicode string) (bug
#731=
246)
* Fri Jun 24 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1
 - 4:5.12.4-146
- every Fedora has different paths -> remove dirs, which were added in
  previous commit
* Wed Jun 22 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1
 - 4:5.12.4-145
- update to minor update release 5.12.4
- Upstream changes: remove patch for lc tainting RT #87336,
-          updated Module-CoreList v2.50 in tarball
- add un-owned but existing perl_vendorarch
* Wed Jun  1 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1
 - 4:5.12.3-144
- arm can't do parallel build
- add require EE::MM into IPC::Cmd 711486
* Fri Apr  1 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1
 - 4:5.12.3-143 =

- 692900 - lc launders tainted flag, RT #87336
* Thu Mar 10 2011 Tom Callaway  - 4:5.12.3-142
- update ExtUtils::ParseXS to 2.2206 (current) to fix Wx build
* Mon Jan 24 2011 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1
 - 4:5.12.3-141
- stable update 5.12.3
- add COMPAT
* Wed Dec  1 2010 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1
 - 4:5.12.2-140
- create sub-package for CGI 3.49
- create sub-package for threads-shared
* Tue Nov  9 2010 Petr Pisar  - 4:5.12.2-139
- Sub-package perl-Class-ISA (bug #651317)
* Mon Nov  8 2010 Marcela Ma=C5=A1l=C3=A1=C5=88ov=C3=A1
 - 4:5.12.2-138
- 643447 fix redefinition of constant C in h2ph (visible in git send mail,
  XML::Twig test suite)
* Mon Nov  8 2010 Petr Pisar  - 4:5.12.2-137
- Make perl(ExtUtils::ParseXS) version 4 digits long (bug #650882)
---------------------------------------------------------------------------=
-----
References:

  [ 1 ] Bug #743010 - CVE-2011-3597 Perl Digest improper control of
generat=
ion of code
        https://bugzilla.redhat.com/show_bug.cgi?id=3D743010
  [ 2 ] Bug #731246 - CVE-2011-2939 Perl decode_xs heap-based buffer
overfl=
ow
        https://bugzilla.redhat.com/show_bug.cgi?id=3D731246
---------------------------------------------------------------------------=
-----

This update can be installed with the "yum" update program.  Use =

su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 2ms