https://bugzilla.redhat.com/show_bug.cgi?id=2035341
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2020-16154 |CVE-2020-16154
|perl-App-cpanminus: |perl-App-cpanminus: Bypass
|signature verification |of verification of
|bypass |signatures in CHECKSUMS
| |files
--- Comment #2 from Tomas Hoger <thoger(a)redhat.com> ---
Refer to bug 2035273 comment 2 for additional details about this issue. Bug
2035273 covers these problems in perl-CPAN / CPAN.pm, and App::cpanminus is
affected in a similar way and hence the description of issues applies to both
modules.
The App::cpanminus module has not yet been fixed for this issue. Fixes were
only applied to Menlo / Menlo-Legacy, which is a development version of the
future cpanm version 2.0.
Commit that corrects checking of the Module::Signature::_verify() return value:
https://github.com/miyagawa/cpanminus/commit/98f43b64165a54e05ce25f9de092...
Commit that adds support for the cpan_path attributed in CHECKSUMS files:
https://github.com/miyagawa/cpanminus/commit/3c93db75ccbc75c813c7f12ea030...
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2035341