Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 16 Update: perl-5.14.3-203.fc16
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Tuesday 18th December 2012 02:24:56 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-18330
2012-11-16 07:03:38
--------------------------------------------------------------------------------

Name        : perl
Product     : Fedora 16
Version     : 5.14.3
Release     : 203.fc16
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk and
shell
scripting.  Perl is good at handling processes and files, and is especially
good at handling text.  Perl's hallmarks are practicality and efficiency.
While it is used to do a lot of different things, Perl's most common
applications are system administration utilities and web programming.  A
large
proportion of the CGI scripts on the web are written in Perl.  You need the
perl package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your system
to
handle Perl scripts.

--------------------------------------------------------------------------------
Update Information:

Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P HTTP response
headers properly) in CGI-3.52.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 26 2012 Petr Pisar  - 4:5.14.3-203
- Remove perl-CGI sub-package to favour standalone one (bug #876974)
* Tue Oct 16 2012 Jitka Plesnikova <[email protected]> - 4:5.14.3-202
- 5.14.3 bump (see
  https://metacpan.org/module/DOM/perl-5.14.3/pod/perldelta.pod
for release
  notes).
* Fri Sep 14 2012 Petr Pisar  - 4:5.14.2-201
- Override the Pod::Simple::parse_file to set output to STDOUT by default
  (bug #826872)
* Tue Sep 11 2012 Petr Pisar  - 4:5.14.2-200
- Clear $@ before `do' I/O error (bug #834226)
- Do not truncate syscall() return value to 32 bits (bug #838551)
- Match starting byte in non-UTF-8 mode (bug #801739)
- Free hash entries before values on delete (bug #771303)
* Wed Sep  5 2012 Petr Pisar  - 4:5.14.2-199
- Remove perl-devel dependency from perl-Test-Harness and perl-Test-Simple
- Move App::Cpan from perl-Test-Harness to perl-CPAN (bug #854577)
* Tue May 29 2012 Jitka Plesnikova <[email protected]> - 4:5.14.2-198
- Fix find2perl to translate ? glob properly (bug #825701)
* Thu Feb 23 2012 Paul Howarth  - 4:5.14.2-197
- Add %exclude entries for Socket sub-package so as not to duplicate its
  files in the main perl package
* Thu Feb 23 2012 Paul Howarth  - 4:5.14.2-196
- Move %files list for Socket to correct place so as retain proper %exclude
  entries for main perl package (#549306)
* Mon Feb  6 2012 Petr Pisar  - 4:5.14.2-195
- Fix searching for Unicode::Collate::Locale data (bug #756118)
- Run safe signal handlers before returning from sigsuspend() and pause()
  (bug #771228)
- Correct perl-Scalar-List-Utils files list
- Stop !$^V from leaking (bug #787613)
* Thu Feb  2 2012 Petr Šabata  - 4:5.14.2-194
- Sub-package Socket for IO::Socket::IP
* Tue Dec 20 2011 Petr Pisar  - 4:5.14.2-193
- Fix interrupted reading. Thanks to Šimon Lukašík for reporting this
issue
  and thanks to Marcela Mašláňová for finding fix. (bug #767931)
* Wed Dec 14 2011 Petr Pisar  - 4:5.14.2-192
- Fix leak with non-matching named captures (bug #767597)
* Fri Nov 18 2011 Petr Pisar  - 4:5.14.2-191
- Increase epoch of perl-Module-CoreList to overcome version regression in
  upstream (bug #754641)
* Thu Nov  3 2011 Petr Pisar  - 4:5.14.2-190
- Provide perl(DB) by perl
* Wed Nov  2 2011 Petr Pisar  - 4:5.14.2-189
- Correct perl-CGI list of Provides
- Make tests optional
- Correct perl-ExtUtils-ParseXS Provides
- Correct perl-Locale-Codes Provides
- Correct perl-Module-CoreList version
- Automate perl-Test-Simple-tests Requires version
- 5.14.2 bump (see
  https://metacpan.org/module/FLORA/perl-5.14.2/pod/perldelta.pod
for release
  notes).
- Fixes panics when processing regular expression with \b class and /aa
  modifier (bug #731062)
- Fixes CVE-2011-2728 (File::Glob bsd_glob() crash with certain glob flags)
  (bug #742987)
- Filter false perl(DynaLoader) provide from perl-ExtUtils-MakeMaker
  (bug #736714)
- Change Perl_repeatcpy() prototype to allow repeat count above 2^31
  (bug #720610)
- Do not own site directories located in /usr/local (bug #732799)
- cleaned spec (thanks to Grigory Batalov)
-  Module-Metadata sub-package contained perl_privlib instead of privlib
-  %files parent section was repeated twice
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #877015 - CVE-2012-5526 perl-CGI: Newline injection due to
improper CRLF escaping in Set-Cookie and P3P headers
        https://bugzilla.redhat.com/show_bug.cgi?id=877015
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms