perl-devel December 2016

perl-devel@lists.fedoraproject.org

3 participants
1347 discussions

[Bug 1163295] New: perl-Sort-Key-1.33 is available
by Red Hat Bugzilla 02 Apr '18

02 Apr '18

https://bugzilla.redhat.com/show_bug.cgi?id=1163295 Bug ID: 1163295 Summary: perl-Sort-Key-1.33 is available Product: Fedora Version: rawhide Component: perl-Sort-Key Keywords: FutureFeature, Triaged Assignee: psabata(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: iarnell(a)gmail.com, perl-devel(a)lists.fedoraproject.org, psabata(a)redhat.com Latest upstream release: 1.33 Current version/release in Fedora Rawhide: 1.32-7.fc22 URL: http://search.cpan.org/dist/Sort-Key/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service will be implemented by a new system: https://github.com/fedora-infra/anitya/ It will require to manage monitored projects via a new web interface. Please make yourself familiar with the new system to ease the transition. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ViBSSor8nd&a=cc_unsubscribe

2 7

[Bug 1336671] New: CVE-2016-2803 bugzilla: Cross-site-scripting in dependency graphs
by Red Hat Bugzilla 30 Mar '18

30 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1336671 Bug ID: 1336671 Summary: CVE-2016-2803 bugzilla: Cross-site-scripting in dependency graphs Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr, itamar(a)ispbrasil.com.br, perl-devel(a)lists.fedoraproject.org, xavier(a)bachelot.org A vulnerability was found in the bugzilla application. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs. External references: https://bugzilla.mozilla.org/show_bug.cgi?id=1253263 References: http://seclists.org/bugtraq/2016/May/72 Upstream fix: https://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commitdiff;h=dd61903 -- You are receiving this mail because: You are on the CC list for the bug.

2 8

[Bug 1262404] New: CVE-2015-4499 bugzilla: Email address is not properly validated during registration
by Red Hat Bugzilla 30 Mar '18

30 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1262404 Bug ID: 1262404 Summary: CVE-2015-4499 bugzilla: Email address is not properly validated during registration Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr, itamar(a)ispbrasil.com.br, perl-devel(a)lists.fedoraproject.org, xavier(a)bachelot.org As announced in http://seclists.org/bugtraq/2015/Sep/48 : Login names (usually an email address) longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested. The login name could then be automatically added to groups based on the group's regular expression setting. Upstream patches: Fix for 4.2: https://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commitdiff;h=10b1fef Fix for 4.4: https://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commitdiff;h=be1be8c Fix for 5.0: https://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commitdiff;h=69386c5 Fix on master branch: https://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commitdiff;h=9d64d15 -- You are receiving this mail because: You are on the CC list for the bug.

2 7

[Bug 1185483] New: CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes
by Red Hat Bugzilla 30 Mar '18

30 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1185483 Bug ID: 1185483 Summary: CVE-2014-8630 Bugzilla: Command Injection into product names and other attributes Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: kseifried(a)redhat.com CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr, itamar(a)ispbrasil.com.br, perl-devel(a)lists.fedoraproject.org, xavier(a)bachelot.org The Bugzilla project reports: Class: Command Injection Versions: All versions before 4.0.16, 4.1.1 to 4.2.11, 4.3.1 to 4.4.6, 4.5.1 to 4.5.6 Fixed In: 4.0.16, 4.2.12, 4.4.7, 5.0rc1 Description: Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1079065 CVE Number: CVE-2014-8630 External references: http://www.bugzilla.org/security/4.0.15/ -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wv1CAf1O1K&a=cc_unsubscribe

2 5

[Bug 1150091] New: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release
by Red Hat Bugzilla 30 Mar '18

30 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1150091 Bug ID: 1150091 Summary: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr, itamar(a)ispbrasil.com.br, mcepl(a)redhat.com, perl-devel(a)lists.fedoraproject.org Upstream has issued an advisory today (October 6): http://www.bugzilla.org/security/4.0.14/ Class: Unauthorized Account Creation Versions: 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group's regular expression setting. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812 CVE Number: CVE-2014-1572 Class: Cross-Site Scripting Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578 CVE Number: CVE-2014-1573 Class: Information Leak Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140 CVE Number: CVE-2014-1571 Class: Social Engineering Versions: 2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5 Fixed In: 4.0.15, 4.2.11, 4.4.6, 4.5.6 Description: Search results can be exported as a CSV file which can then be imported into external spreadsheet programs. Specially formatted field values can be interpreted as formulas which can be executed and used to attack a user's computer. References: https://bugzilla.mozilla.org/show_bug.cgi?id=1054702 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0XmWcvadmK&a=cc_unsubscribe

2 10

[Bug 1347302] New: Please build perl-Crypt-SMIME for EPEL 7
by Red Hat Bugzilla 01 Mar '18

01 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1347302 Bug ID: 1347302 Summary: Please build perl-Crypt-SMIME for EPEL 7 Product: Fedora EPEL Version: epel7 Component: perl-Crypt-SMIME Assignee: steve.traylen(a)cern.ch Reporter: xavier(a)bachelot.org QA Contact: extras-qa(a)fedoraproject.org CC: perl-devel(a)lists.fedoraproject.org, steve.traylen(a)cern.ch Hi, I would need perl-Crypt-SMIME in EPEL 7 for another package. Could you please branch and build ? I can (co-)maintain the branch if you wish. Regards, Xavier -- You are receiving this mail because: You are on the CC list for the bug.

2 10

[Bug 1331520] New: Please update perl-Crypt-SMIME to at least 0.15 in EPEL 6
by Red Hat Bugzilla 01 Mar '18

01 Mar '18

https://bugzilla.redhat.com/show_bug.cgi?id=1331520 Bug ID: 1331520 Summary: Please update perl-Crypt-SMIME to at least 0.15 in EPEL 6 Product: Fedora EPEL Version: el6 Component: perl-Crypt-SMIME Assignee: steve.traylen(a)cern.ch Reporter: xavier(a)bachelot.org QA Contact: extras-qa(a)fedoraproject.org CC: perl-devel(a)lists.fedoraproject.org, steve.traylen(a)cern.ch Hi, I'd like perl-Crypt-SMIME to be updated to at least version 0.15 in EPEL 6 in order to build another package. Thanks and regards, Xavier -- You are receiving this mail because: You are on the CC list for the bug.

2 14

[Bug 1380983] New: Package metadata for perl-Gtk2-Unique lists the wrong URL.
by Red Hat Bugzilla 23 Feb '18

23 Feb '18

https://bugzilla.redhat.com/show_bug.cgi?id=1380983 Bug ID: 1380983 Summary: Package metadata for perl-Gtk2-Unique lists the wrong URL. Product: Fedora Version: rawhide Component: perl-Gtk2-Unique Assignee: liangsuilong(a)gmail.com Reporter: andrew(a)tosk.in QA Contact: extras-qa(a)fedoraproject.org CC: liangsuilong(a)gmail.com, perl-devel(a)lists.fedoraproject.org Hello, liangsuilong This is a fairly minor problem, but the package metadata for perl-Gtk2-Unique is out-of-date. It currently lists the project's URL as https://live.gnome.org/LibUnique. but GNOME no longer uses the "live" subdomain; requests now get redirected to the wiki. The newer equivalent URL is https://wiki.gnome.org/Attic/LibUnique ...but that page says libunique is deprecated and offers a link to the GtkApplication porting guide. (I'm filing this same bug report for multiple packages, so I apologize if you see this issue twice.) -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 1198991] New: License tag should mention GPLv2+
by Red Hat Bugzilla 14 Feb '18

14 Feb '18

https://bugzilla.redhat.com/show_bug.cgi?id=1198991 Bug ID: 1198991 Summary: License tag should mention GPLv2+ Product: Fedora Version: rawhide Component: perl-Text-Template Assignee: tcallawa(a)redhat.com Reporter: ppisar(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: perl-devel(a)lists.fedoraproject.org, tcallawa(a)redhat.com External Bug ID: CPAN 102523 External Bug ID: CPAN 102523 Current package, perl-Text-Template-1.45-17.fc23, declares license as "GPL+ or Artistic", but the content states "GPLv2+ or Artistic" many times. See upstream bug report <https://rt.cpan.org/Public/Bug/Display.html?id=102523>. I believe the license tag should be changed to "GPLv2+ or Artistic" (or to "(GPL+ or Artistic) and (GPLv2+ or Artistic)" until upstream clarifies the report). -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Zq8a82s6bW&a=cc_unsubscribe

2 3

[Bug 1315525] New: perl-Net-DNS-1.05 is available
by Red Hat Bugzilla 13 Feb '18

13 Feb '18

https://bugzilla.redhat.com/show_bug.cgi?id=1315525 Bug ID: 1315525 Summary: perl-Net-DNS-1.05 is available Product: Fedora Version: rawhide Component: perl-Net-DNS Keywords: FutureFeature, Triaged Assignee: pwouters(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: perl-devel(a)lists.fedoraproject.org, psabata(a)redhat.com, pwouters(a)redhat.com Latest upstream release: 1.05 Current version/release in rawhide: 1.04-3.fc24 URL: http://search.cpan.org/dist/Net-DNS/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug.

2 14

← Newer
1
2
3
4
5
6
7
...
135
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

perl-devel December 2016