[Bug 1596132] New: CVE-2018-10860 perl-Archive-Zip:
Directory traversal in Archive::Zip [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1596132
Bug ID: 1596132
Summary: CVE-2018-10860 perl-Archive-Zip: Directory traversal
in Archive::Zip [fedora-all]
Product: Fedora
Version: 28
Component: perl-Archive-Zip
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jplesnik(a)redhat.com
Reporter: cbuissar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alexl(a)redhat.com, caillon+fedoraproject(a)gmail.com,
john.j5live(a)gmail.com, jplesnik(a)redhat.com,
kasal(a)ucw.cz, mbarnes(a)fastmail.com,
perl-devel(a)lists.fedoraproject.org,
rhughes(a)redhat.com, rstrode(a)redhat.com,
sandmann(a)redhat.com, steve(a)silug.org
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 8 months
[Bug 1614884] New: Tests fail with OpenSSL 1.1.1
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1614884
Bug ID: 1614884
Summary: Tests fail with OpenSSL 1.1.1
Product: Fedora
Version: rawhide
Component: perl-Net-SSLeay
Assignee: paul(a)city-fan.org
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jose.p.oliveira.oss(a)gmail.com, kasal(a)ucw.cz,
paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org,
tmraz(a)redhat.com
External Bug ID: CPAN 125218
perl-Net-SSLeay-1.85-3.fc29 does not pass tests in Fedora 29 because of:
(1) Changes in OpenSSL 1.1.1. See
<https://rt.cpan.org/Ticket/Display.html?id=125218>. I've just finished a fix
the passes with openssl-1.1.1-0.pre8.fc29.
(2) Fedora changes added to openssl-1:1.1.1-0.pre8.2.fc29:
# Failed test 'TLS_method CTX has automatic minimum version'
# at t/local/09_ctx_new.t line 114.
# got: '769'
# expected: '0'
# Failed test 'SSL from TLS_method CTX has automatic minimum version'
# at t/local/09_ctx_new.t line 119.
# got: '769'
# expected: '0'
# Looks like you failed 2 tests of 40.
t/local/09_ctx_new.t ................... Dubious, test returned 2 (wstat 512,
0x200)
Failed 2/40 subtests
These can be adjusted or disabled because Fedora system-wide crypto policy sets
minimum version to 769 aka 0x0301 aka TLS1_VERSION. Thus
SSL_CTX_get_min_proto_version() from the library reports a non-default minimum
version (!= 0) is set.
t/local/64_ticket_sharing.t ............ failed to use cert file
t/data/cert.pem,t/data/key.pem at t/local/64_ticket_sharing.t line 184.
# Looks like your test exited with 255 before it could output anything.
t/local/64_ticket_sharing.t ............ Dubious, test returned 255 (wstat
65280, 0xff00)
Failed 15/15 subtests
The t/data/cert.pem certificate is 1024b RSA key with SHA1 hash. The test uses
the certificate together with SSL_CTX_set_cipher_list('AES128-SHA'). I don't
understand if it passes F29's crypto policy in
/etc/crypto-policies/back-ends/openssl*:
CipherString =
@SECLEVEL=1:kEECDH:kRSA:kEDH:-aDSS:!EXP:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:!SSLv2:!ADH
Ciphersuites =
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1
@SECLEVEL=1:kEECDH:kRSA:kEDH:-aDSS:!EXP:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:!SSLv2:!ADH
tmraz, could not enlighten us about the SSL_CTX_set_cipher_list('AES128-SHA')
and F29 DEFAULT policy?
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 8 months
[Bug 1613203] New: Upgrade perl-Math-Pari to 2.030503
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1613203
Bug ID: 1613203
Summary: Upgrade perl-Math-Pari to 2.030503
Product: Fedora
Version: rawhide
Component: perl-Math-Pari
Assignee: paul(a)city-fan.org
Reporter: jplesnik(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org
Latest Fedora delivers 2.010809 version. Upstream released 2.030503. When you
have free time, please upgrade it
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 8 months
[Bug 1616177] New: Upgrade perl-Coro to 6.52
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1616177
Bug ID: 1616177
Summary: Upgrade perl-Coro to 6.52
Product: Fedora
Version: rawhide
Component: perl-Coro
Assignee: ppisar(a)redhat.com
Reporter: jplesnik(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: carl(a)george.computer, emmanuel(a)seyman.fr,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com
Latest Fedora delivers 6.514 version. Upstream released 6.52. When you have
free time, please upgrade it
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 8 months