11:31 a.m.
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
Bug ID: 1051110
Summary: perl-PlRPC: weak crypto [fedora-all]
Product: Fedora
Version: 20
Component: perl-PlRPC
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: ppisar(a)redhat.com
Reporter: ratulg(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com
Blocks: 1051106
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks"
field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1051106
[Bug 1051106] perl-PlRPC: weak crypto
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=ezmRo1eO9S&a=cc_unsubscribe
11:31 a.m.
New subject: [Bug 1051110] perl-PlRPC: weak crypto [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
--- Comment #1 from Ratul Gupta <ratulg(a)redhat.com> ---
Please use the following update submission link to create the Bodhi
request for this issue as it contains the top-level parent bug(s) as well
as this tracking bug. This will ensure that all associated bugs get
updated when new packages are pushed to stable.
Please also ensure that the "Close bugs when update is stable" option
remains checked.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1051...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=pOAEX0P6in&a=cc_unsubscribe
11:32 a.m.
New subject: [Bug 1051110] perl-PlRPC: weak crypto [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
Ratul Gupta <ratulg(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1051108
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1051108
[Bug 1051108] perl-PlRPC: pre-auth remote code execution
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=1fwTDF8IfO&a=cc_unsubscribe
11:32 a.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
Ratul Gupta <ratulg(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|perl-PlRPC: weak crypto |perl-PlRPC: various flaws
|[fedora-all] |[fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=MDGu4JleYH&a=cc_unsubscribe
11:32 a.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
--- Comment #2 from Ratul Gupta <ratulg(a)redhat.com> ---
Adding parent bug 1051108. Please use this new bodhi update url when
correcting these flaws:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1051...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=TF07VcLCes&a=cc_unsubscribe
6:37 a.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
Petr Pisar <ppisar(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #4 from Petr Pisar <ppisar(a)redhat.com> ---
Because there is no way how to fix this vulnerability, the modules requiring
perl-PlRPC's modules will be removed from perl-DBI in rawhide and the
perl-PlRPC package will be removed from the rawhide.
The code will be kept as is in already released Fedoras (Fedora 20 and older)
to preserve compatibility.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=h9OrbvCfCN&a=cc_unsubscribe
7:33 a.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
Petr Pisar <ppisar(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |MODIFIED
Fixed In Version| |perl-DBI-1.631-3.fc21
--- Comment #5 from Petr Pisar <ppisar(a)redhat.com> ---
The dependency on perl-PlRPC has been removed in perl-DBI-1.631-3.fc21. The
perl-PlRPC package has been retired and blocked in Fedora 21.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=xlqw0cESJ6&a=cc_unsubscribe
12:25 p.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
pjp <pj.pandit(a)yahoo.co.in> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard| |fst_ping=1
--- Comment #6 from pjp <pj.pandit(a)yahoo.co.in> ---
Hello ppisar,
Could you please fix this soon?
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=GDCbcH9Q93&a=cc_unsubscribe
12:25 p.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
pjp <pj.pandit(a)yahoo.co.in> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |needinfo?(ppisar(a)redhat.com
| |)
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=OeNJTKy374&a=cc_unsubscribe
2:48 a.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
Petr Pisar <ppisar(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(ppisar(a)redhat.com |
|) |
--- Comment #7 from Petr Pisar <ppisar(a)redhat.com> ---
(In reply to pjp from comment #6)
Hello ppisar,
Could you please fix this soon?
See comment #4.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=EndqocK7jl&a=cc_unsubscribe
8:06 a.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
pjp <pj.pandit(a)yahoo.co.in> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pj.pandit(a)yahoo.co.in
--- Comment #8 from pjp <pj.pandit(a)yahoo.co.in> ---
Hello Petr,
Since the package has been retired from rawhide and the issue won't be fixed in
earlier releases, it is good to close this bug as CLOSED WONTFIX with due
comment about it.
Thank you.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=HsvpxPC2K7&a=cc_unsubscribe
8:21 a.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
--- Comment #9 from Petr Pisar <ppisar(a)redhat.com> ---
(In reply to pjp from comment #8)
Since the package has been retired from rawhide and the issue
won't be fixed
in earlier releases, it is good to close this bug as CLOSED WONTFIX with due
comment about it.
Which would be utterly wrong. Because it is fixed in Fedora ≥ 21. So WONTFIX
does not apply here. Current state is more like NEXTRELEASE. which changes on
the December 9th when CURRENTRELEASE would appropriate.
Also because this is a security bug, you cannot close it as WONTFIX. You have
to keep it open until the latest supported Fedora release expires. This
practise is also supported by the previous paragraph demonstrating the
resolution is all but stable.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=HPmCpUldbB&a=cc_unsubscribe
9:40 a.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
--- Comment #10 from pjp <pj.pandit(a)yahoo.co.in> ---
Hello Petr,
(In reply to Petr Pisar from comment #9)
Which would be utterly wrong. Because it is fixed in Fedora ≥ 21.
How is it fixed in >= F21?
Comment #c5 above says 'perl-PlRPC' package has been retired from F21
onwards; And perl-DBI has been fixed to not depend on it.
-> http://pkgs.fedoraproject.org/cgit/perl-PlRPC.git/
-> https://admin.fedoraproject.org/pkgdb/package/perl-PlRPC/
There are no >= F21 branches for perl-PlRPC.
So WONTFIX does not apply here. Current state is more like
NEXTRELEASE.
which changes on the December 9th when CURRENTRELEASE would appropriate.
There is no 'perl-PlRPC' package in NEXTRELEASE.
Also because this is a security bug, you cannot close it as WONTFIX.
You
have to keep it open until the latest supported Fedora release expires.
That makes no sense. IMO, keeping a bug open knowing that it is not going to
be fixed at all is wrong. Comment #4 above says
... there is no way how to fix this vulnerability,
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=Pd3JW4upHc&a=cc_unsubscribe
9:44 a.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
--- Comment #11 from pjp <pj.pandit(a)yahoo.co.in> ---
Both its parent bugs too are closed as WONTFIX.
-> https://bugzilla.redhat.com/show_bug.cgi?id=1051106#c5
-> https://bugzilla.redhat.com/show_bug.cgi?id=1051108#c10
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=mB9ieVnqh7&a=cc_unsubscribe
10:07 p.m.
New subject: [Bug 1051110] perl-PlRPC: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1051110
pjp <pj.pandit(a)yahoo.co.in> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|MODIFIED |CLOSED
Resolution|--- |WONTFIX
Last Closed| |2014-12-08 23:07:40
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=Dg4I8rwyZ9&a=cc_unsubscribe
3423
days inactive
3757
days old
perl-devel@lists.fedoraproject.org
14 comments
1 participants
participants (1)
-
Red Hat Bugzilla