[perl-PAR/f16] CVE-2011-4114 for PAR renamed to CVE-2011-5060

Petr Pisar ppisar at fedoraproject.org
Mon Jan 16 09:14:45 UTC 2012


commit 3065bf8e6ac90693bee483c870946aa4e3ddfeb4
Author: Petr Písař <ppisar at redhat.com>
Date:   Mon Jan 16 10:13:34 2012 +0100

    CVE-2011-4114 for PAR renamed to CVE-2011-5060

 ...114.patch => perl-PAR-1.002-CVE-2011-5060.patch |    2 +-
 perl-PAR.spec                                      |    6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/perl-PAR-1.002-CVE-2011-4114.patch b/perl-PAR-1.002-CVE-2011-5060.patch
similarity index 99%
rename from perl-PAR-1.002-CVE-2011-4114.patch
rename to perl-PAR-1.002-CVE-2011-5060.patch
index 4db8a94..2931223 100644
--- a/perl-PAR-1.002-CVE-2011-4114.patch
+++ b/perl-PAR-1.002-CVE-2011-5060.patch
@@ -1,4 +1,4 @@
-Fix CVE-2011-4114
+Fix CVE-2011-5060
 
 From: r1305 | rschupp | 2011-11-28 17:39:44 +0100 (Po, 28 lis 2011) | 7 lines
 RT #69560/CVE-2011-4114: PAR packed files are extracted to unsafe and
diff --git a/perl-PAR.spec b/perl-PAR.spec
index 23a6f2a..4df80ad 100644
--- a/perl-PAR.spec
+++ b/perl-PAR.spec
@@ -6,8 +6,8 @@ License:        GPL+ or Artistic
 Group:          Development/Libraries
 URL:            http://search.cpan.org/dist/PAR/
 Source0:        http://www.cpan.org/authors/id/S/SM/SMUELLER/PAR-%{version}.tar.gz
-# Fix CVE-2011-4114, bug #760132, included in upstream 1.004.
-Patch0:         perl-PAR-1.002-CVE-2011-4114.patch
+# Fix CVE-2011-5060, bug #760132, included in upstream 1.004.
+Patch0:         perl-PAR-1.002-CVE-2011-5060.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch:      noarch
 BuildRequires:  perl(Archive::Zip) >= 1
@@ -57,7 +57,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %changelog
 * Thu Dec 01 2011 Petr Pisar <ppisar at redhat.com> - 1.002-5
-- Fix CVE-2011-4114 (insecure temporary directory handling) (bug #760132)
+- Fix CVE-2011-5060 (insecure temporary directory handling) (bug #760132)
 
 * Tue Jul 19 2011 Petr Sabata <contyk at redhat.com> - 1.002-4
 - Perl mass rebuild



More information about the perl-devel mailing list