Fedora 15 Update: perl-5.12.4-163.fc15

Fri Nov 25 02:01:48 UTC 2011

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15484
2011-11-05 23:37:54
--------------------------------------------------------------------------------

Name        : perl
Product     : Fedora 15
Version     : 5.12.4
Release     : 163.fc15
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk and shell
scripting.  Perl is good at handling processes and files, and is especially
good at handling text.  Perl's hallmarks are practicality and efficiency.
While it is used to do a lot of different things, Perl's most common
applications are system administration utilities and web programming.  A large
proportion of the CGI scripts on the web are written in Perl.  You need the
perl package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your system to
handle Perl scripts.

--------------------------------------------------------------------------------
Update Information:

Allow installation with read-only /usr/local, fixes segfault with certain glob flag and with string repeated above 2^31.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov  4 2011 Petr Pisar <ppisar at redhat.com> - 4:5.12.4-163
- Change Perl_repeatcpy() prototype to allow repeat count above 2^31
  (bug #720610)
- Do not own site directories located in /usr/local (bug #732799)
- Fixes CVE-2011-2728 (File::Glob bsd_glob() crash with certain glob flags)
  (bug #742987)
* Wed Oct  5 2011 Petr Pisar <ppisar at redhat.com> - 4:5.12.4-162
- Fix CVE-2011-3597 (code injection in Digest) (bug #743010)
- Fix CVE-2011-2939 (heap overflow while decoding Unicode string) (bug #731246)
* Sun Aug 14 2011 Iain Arnell <iarnell at gmail.com> 4:5.12.4-161
- perl needs to own vendorarch/auto directory (bug #709466)
- fix version number in last two changelog entries
* Fri Aug  5 2011 Petr Sabata <contyk at redhat.com> - 4:5.12.4-160
- Move xsubpp to ExtUtils::ParseXS (#728393)
* Tue Jun 21 2011 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.12.4-159
- update to minor update release 5.12.4
- Upstream changes: remove patch for lc tainting RT #87336,
-          updated Module-CoreList v2.50 in tarball
* Wed Jun  1 2011 Marcela Mašláňová <mmaslano at redhat.com> - 4:5.12.3-158
- arm can't do parallel build
- add require EE::MM into IPC::Cmd 711486
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #720610 - [PATCH] large string repeat count causes heap corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=720610
  [ 2 ] Bug #732799 - perl rpm attempts writing to /usr/local
        https://bugzilla.redhat.com/show_bug.cgi?id=732799
  [ 3 ] Bug #742987 - CVE-2011-2728 perl: File::Glob bsd_glob() crash with certain glob flags
        https://bugzilla.redhat.com/show_bug.cgi?id=742987
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------