https://bugzilla.redhat.com/show_bug.cgi?id=857802
Bug ID: 857802
QA Contact: extras-qa(a)fedoraproject.org
Severity: medium
Version: el6
Priority: unspecified
CC: perl-devel(a)lists.fedoraproject.org,
tremble(a)tremble.org.uk, xavier(a)bachelot.org
Assignee: xavier(a)bachelot.org
Summary: perl-Tk missing /usr/bin/widget
Regression: ---
Story Points: ---
Classification: Fedora
OS: Linux
Reporter: wuz73(a)hotmail.com
Type: Bug
Documentation: ---
Hardware: x86_64
Mount Type: ---
Status: NEW
Component: perl-Tk
Product: Fedora EPEL
Description of problem:
/usr/bin/widget is a very useful program to demo Perl-Tk widgets. However, it
has been missing in perl-Tk-804.028-xxx
Version-Release number of selected component (if applicable):
perl-Tk-804.028-12.el6.x86_64
How reproducible:
always
Steps to Reproduce:
1. yum install perl-Tk
2. widget
Actual results:
bash: widget: command not found
Expected results:
start widget
Additional info:
I found /usr/bin/widget in perl-Tk-804.028-2.el6.rf.x86_64.rpm, but it's not on
6.3.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1262772
Bug ID: 1262772
Summary: perl-SOAP-Lite-1.10-1.el7.noarch requires
perl(Class::Inspector)
Product: Fedora EPEL
Version: epel7
Component: perl-SOAP-Lite
Severity: low
Assignee: andrea.veri(a)gmail.com
Reporter: steffen.hau(a)rz.uni-mannheim.de
QA Contact: extras-qa(a)fedoraproject.org
CC: andrea.veri(a)gmail.com, emmanuel(a)seyman.fr,
janfrode(a)tanso.net, perl-devel(a)lists.fedoraproject.org
Description of problem:
I'm running RHELS7.1 and yum update fails, as there is no package for
perl(Class::Inspector).
yum list updates
Loaded plugins: product-id, subscription-manager
Updated Packages
perl-Crypt-Rijndael.x86_64 1.12-1.el7 epel
perl-Expect.noarch 1.21-14.el7 epel
perl-SOAP-Lite.noarch 1.10-1.el7 epel
yum update
Loaded plugins: product-id, subscription-manager
Resolving Dependencies
--> Running transaction check
[snip]
Error: Package: perl-SOAP-Lite-1.10-1.el7.noarch (epel)
Requires: perl(Class::Inspector)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
Please let me know if you need further information.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1224731
Bug ID: 1224731
Summary: perl-XML-LibXML-2.0121-1.fc23 FTBFS: 90threads.t test
locks up randomly
Product: Fedora
Version: rawhide
Component: perl-XML-LibXML
Assignee: jplesnik(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com, mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
perl-XML-LibXML-2.0121-1.fc23 fails to build sometimes in F23 because
t/90threads.t test does not halt:
t/90stack.t ............................... ok
EXCEPTION: Timeout(86400) expired for command:
# bash --login -c /usr/bin/rpmbuild -bb --target x86_64 --nodeps
/builddir/build/SPECS/perl-XML-LibXML.spec
See Koschei build log
<http://koschei.cloud.fedoraproject.org/package/perl-XML-LibXML> for the
frequency.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1456771
Bug ID: 1456771
Summary: CVE-2017-0374 perl-Config-Model: Local privilege
escalation via crafted model
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: david.hannequin(a)gmail.com,
perl-devel(a)lists.fedoraproject.org
lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102
allows local users to gain privileges via a crafted model in the current
working directory, related to use of . with the INC array.
Debian patch:
https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1456770
Bug ID: 1456770
Summary: CVE-2017-0373 perl-Config-Model: gen_class_pod
implementation has dangerous "use lib" line
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: david.hannequin(a)gmail.com,
perl-devel(a)lists.fedoraproject.org
The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in
Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib"
line, which allows remote attackers to have an unspecified impact via a crafted
Debian package file.
Debian patch:
https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1329059
Bug ID: 1329059
Summary: Don't produce terminal control sequences in perldoc
Product: Fedora
Version: rawhide
Component: perl-Pod-Perldoc
Keywords: FutureFeature, Reopened
Assignee: ppisar(a)redhat.com
Reporter: praiskup(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org, hhorak(a)redhat.com,
jmlich83(a)gmail.com, mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
ToddAndMargo(a)zoho.com
Depends On: 1258741
+++ This bug was initially created as a clone of Bug #1258741 +++
Short summary, command 'PAGER=less perldoc perlreref' behaves oddly.
The issue is that perldoc *always* produces some terminal (color?) sequences,
and less (by default) is careful to escape terminal sequences rather then
printing them in a raw form.
This bug is here to ask whether it is possible (or makes sense) to not produce
terminal sequences in perldoc output. Or simply request for brainstorm.
See the original bug report for more info.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1258741
[Bug 1258741] "PAGER=less perldoc perlreref" escapes color sequences, drop
them or interpret them
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1376845
Bug ID: 1376845
Summary: The license tag should mention GPL+ or Artistic
Product: Fedora
Version: rawhide
Component: perl-Params-Validate
Assignee: rc040203(a)freenet.de
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: lxtnow(a)gmail.com, perl-devel(a)lists.fedoraproject.org,
rc040203(a)freenet.de
Params-Validate-1.24/c/ppport.h contains license declaration:
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
The file is included into compilation unit when compiling
lib/Params/Validate/XS.c into XS.so. Thus I think the spec file should mention
"GPL+ or Artistic" in the License tag. Now it declares "Artistic 2.0" only.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1406558
Bug ID: 1406558
Summary: build for EPEL7
Product: Fedora EPEL
Version: epel7
Component: perl-Coro
Assignee: emmanuel(a)seyman.fr
Reporter: carl.george(a)rackspace.com
QA Contact: extras-qa(a)fedoraproject.org
CC: emmanuel(a)seyman.fr, perl-devel(a)lists.fedoraproject.org
I'm a co-maintainer of uwsgi in Fedora and EPEL. Uwsgi has a subpackage for a
coroae plugin, but it is disabled on EPEL7 because it needs this package.
Please consider adding an EPEL7 branch for perl-Coro so that I can enable the
uwsgi-plugin-coroae subpackage for EPEL7.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1467606
Bug ID: 1467606
Summary: CVE-2017-10789 perl-DBD-MySQL: Possible MITM attack
when mysql_ssl=1
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: hhorak(a)redhat.com, jorton(a)redhat.com,
jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com, ppisar(a)redhat.com,
psabata(a)redhat.com
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to
mean that SSL is optional (even though this setting's documentation has a "your
communication with the server will be encrypted" statement), which allows
man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack,
a related issue to CVE-2015-3152.
Upstream bug:
https://github.com/perl5-dbi/DBD-mysql/issues/140
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1467600
Bug ID: 1467600
Summary: CVE-2017-10788 perl-DBD-MySQL: Use-after-free when
calling mysql_stmt_error() after mysql_stmt_close()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: hhorak(a)redhat.com, jorton(a)redhat.com,
jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com, ppisar(a)redhat.com,
psabata(a)redhat.com
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a
denial of service (use-after-free and application crash) or possibly have
unspecified other impact by triggering (1) certain error responses from a MySQL
server or (2) a loss of a network connection to a MySQL server. The
use-after-free defect was introduced by relying on incorrect Oracle
mysql_stmt_close documentation and code examples.
Upstream bug:
https://github.com/perl5-dbi/DBD-mysql/issues/120
References:
http://seclists.org/oss-sec/2017/q2/443
--
You are receiving this mail because:
You are on the CC list for the bug.