[SECURITY] Fedora 10 Update: perl-Crypt-OpenSSL-DSA-0.13-12.fc10
updates at fedoraproject.org
updates at fedoraproject.org
Wed Feb 25 16:27:07 UTC 2009
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-2090
2009-02-25 15:44:42
--------------------------------------------------------------------------------
Name : perl-Crypt-OpenSSL-DSA
Product : Fedora 10
Version : 0.13
Release : 12.fc10
URL : http://search.cpan.org/dist/Crypt-OpenSSL-DSA/
Summary : Perl interface to OpenSSL for DSA
Description :
Crypt::OpenSSL::DSA - Digital Signature Algorithm using OpenSSL
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2009-0129: The Crypto::OpenSSL::DSA module now croaks upon error
rather than returning a -1 to ensure programmers are not caught by surprise
which only checking for non-zero results.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 23 2009 Wes Hardaker <wjhns174 at hardakers.net> - 0.13-12
- remove openssl from build requirements trying to the build servers happy
* Thu Feb 19 2009 Wes Hardaker <wjhns174 at hardakers.net> - 0.13-11
- Version bump (again again) to solve build issues
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #486012 - CVE-2009-0129 perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify()
https://bugzilla.redhat.com/show_bug.cgi?id=486012
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Crypt-OpenSSL-DSA' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list