[Bug 1209911] New: perl-Module-Signature: unsigned files interpreted as signed in some circumstances

bugzilla at redhat.com bugzilla at redhat.com
Wed Apr 8 12:47:11 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1209911

            Bug ID: 1209911
           Summary: perl-Module-Signature: unsigned files interpreted as
                    signed in some circumstances
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team at redhat.com
          Reporter: vkaigoro at redhat.com
                CC: paul at city-fan.org, perl-devel at lists.fedoraproject.org,
                    perl-maint-list at redhat.com, pertusus at free.fr



Module::Signature before version 0.75 could be tricked into interpreting the
unsigned portion of a SIGNATURE file as the signed portion due to faulty
parsing of the PGP signature boundaries.

Upstream fix:
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
CVE request: http://seclists.org/oss-sec/2015/q2/59

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the perl-devel mailing list