https://bugzilla.redhat.com/show_bug.cgi?id=1646730
Paul Harvey <pharvey(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|81129,reported=20181105,sou |81129,reported=20181105,sou
|rce=upstream,cvss3=8.1/CVSS |rce=upstream,cvss3=8.1/CVSS
|:3.0/AV:N/AC:H/PR:N/UI:N/S: |:3.0/AV:N/AC:H/PR:N/UI:N/S:
|U/C:H/I:H/A:H,cwe=CWE-190-> |U/C:H/I:H/A:H,cwe=CWE-190->
|CWE-120,rhel-6/perl=wontfix |CWE-120,rhel-6/perl=wontfix
|,openshift-enterprise-3/per |,openshift-enterprise-3/per
|l=new,fedora-all/perl=affec |l=notaffected,fedora-all/pe
|ted,rhel-5/perl=wontfix,rhe |rl=affected,rhel-5/perl=won
|l-7/perl=affected,openshift |tfix,rhel-7/perl=affected,o
|-online-3/perl=new,rhel-8/p |penshift-online-3/perl=nota
|erl=affected,rhscl-3/rh-per |ffected,rhel-8/perl=affecte
|l526-perl=affected,rhscl-3/ |d,rhscl-3/rh-perl526-perl=a
|rh-perl524-perl=affected,rh |ffected,rhscl-3/rh-perl524-
|ev-m-4/redhat-virtualizatio |perl=affected,rhev-m-4/redh
|n-host=defer/impact=low,rhe |at-virtualization-host=defe
|v-m-4/rhvm-appliance=defer/ |r/impact=low,rhev-m-4/rhvm-
|impact=low,rhel-8/perl:5.24 |appliance=defer/impact=low,
|/perl=affected |rhel-8/perl:5.24/perl=affec
| |ted
--- Comment #13 from Paul Harvey <pharvey(a)redhat.com> ---
openshift-enterprise-3: notaffected. I reviewed OpenShift containers for
applications with dependencies on perl and was unable to identify any where the
perl interpreter would be exposed to attacker-controlled environment variables
which could expose this flaw. I have not filed trackers as these images will
inherit the existing perl fixes next time they are respun. See also
https://access.redhat.com/articles/2803031
--
You are receiving this mail because:
You are on the CC list for the bug.