[SECURITY] Fedora 13 Update: perl-5.10.1-123.fc13

updates at fedoraproject.org updates at fedoraproject.org
Sat Apr 23 20:49:40 UTC 2011

Fedora Update Notification
2011-04-06 21:49:12

Name        : perl
Product     : Fedora 13
Version     : 5.10.1
Release     : 123.fc13
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting.  Perl is good at handling processes and files,
and is especially good at handling text.  Perl's hallmarks are
practicality and efficiency.  While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming.  A large proportion of
the CGI scripts on the web are written in Perl.  You need the perl
package installed on your system so that your system can handle Perl

Install this package if you want to program in Perl or enable your
system to handle Perl scripts.

Update Information:

Security bug: lc launder tainted data


* Mon Apr  4 2011 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.12.3-123
- 692900 - lc launders tainted flag, RT #87336
* Thu Mar 10 2011 Tom Callaway <spot at fedoraproject.org> - 4:5.12.3-122
- update ExtUtils::ParseXS to 2.2206 (current) to fix Wx build
* Wed Dec  1 2010 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.10.1-121
- create sub-package for CGI 3.43
- create sub-package for threads-shared
* Mon Oct 11 2010 Petr Pisar <ppisar at redhat.com> - 4:5.10.1-120
- Sub-package threads (bug #622190)
* Mon Sep  6 2010 Petr Pisar <ppisar at redhat.com> - 4:5.10.1-119
- Do not leak when destroying thread (RT #77352, RHBZ #630667)
* Thu Aug 19 2010 Petr Pisar <ppisar at redhat.com> - 4:5.10.1-118
- Add "-Wl,--enable-new-dtags" to linker to allow to override perl's rpath by
  LD_LIBRARY_PATH used in tests. Otherwise tested perl would link to old
  in-system libperl.so.
* Thu Aug 12 2010 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.10.1-117.1
- 622896 remove paths, which were in INC duplicated. The rest of duplicated
 must be here because it's always different macro: privlib/vendorlib.
* Mon Jul 26 2010 Petr Pisar <ppisar at redhat.com> - 4:5.10.1-117
- Enable parallel testing in IO module
- Run tests in C locale to pass t/op/stat.t test in localized environment
- Run tests in parallel
* Fri Jul 23 2010 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.10.1-116
- 575842 remove -DPERL_USE_SAFE_PUTENV from Configure. All related bugs were
 tested with perl compiled without this option.
* Wed Jul 21 2010 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.10.1-115 
- CVE-2010-1168 perl Safe: Intended restriction bypass via object references
- CVE-2010-1447 perl: Safe restriction bypass when reference to subroutine in
 compartment is called from outside
- Resolves: rhbz#588269, rhbz#576508
- 576824 backport unpack patch from upstream:
* Fri Jul  9 2010 Petr Pisar <ppisar at redhat.com> - 4:5.10.1-114
- Add Digest::SHA requirement to perl-CPAN and perl-CPANPLUS (bug #612563)
* Wed Jul  7 2010 Petr Pisar <ppisar at redhat.com> - 4:5.10.1-113
- fix incorrect return code on failed extraction by upgrading Archive::Tar
  to 1.62 (bug #607687)
- remove unused patches and renumber used ones

  [ 1 ] Bug #692898 - CVE-2011-1487 perl: lc(), uc() routines are laundering tainted data

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list