[SECURITY] Fedora 13 Update: perl-POE-Component-IRC-6.14-2.fc13.1

updates at fedoraproject.org updates at fedoraproject.org
Fri May 28 18:08:36 UTC 2010


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-8911
2010-05-22 00:44:37
--------------------------------------------------------------------------------

Name        : perl-POE-Component-IRC
Product     : Fedora 13
Version     : 6.14
Release     : 2.fc13.1
URL         : http://search.cpan.org/dist/POE-Component-IRC
Summary     : A POE component for building IRC clients
Description :
POE::Component::IRC is a POE component (who'd have guessed?) which acts as an
easily controllable IRC client for your other POE components and sessions. You
create an IRC component and tell it what events your session cares about and
where to connect to, and it sends back interesting IRC events when they
happen. You make the client do things by sending it events. That's all there
is to it. Cool, no?

--------------------------------------------------------------------------------
Update Information:

Plugs a security hole by simplifying privmsg handler:    Removed the
undocumented behavior of concatenating multiple arguments.    It only accepts
one argument now, and newlines/CR in a message (and  everything following them)
will be stripped as with other commands.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 20 2010 Iain Arnell <iarnell at gmail.com> 6.14-2.1
- apply patch for rhbz#591215
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #591215 - perl-POE-Component-IRC: arbitrary IRC command execution due to insufficient stripping of CR/LF
        https://bugzilla.redhat.com/show_bug.cgi?id=591215
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl-POE-Component-IRC' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list