[Bug 1209915] New: perl-Module-Signature: arbitrary code execution during test phase
bugzilla at redhat.com
bugzilla at redhat.com
Wed Apr 8 12:49:11 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1209915
Bug ID: 1209915
Summary: perl-Module-Signature: arbitrary code execution during
test phase
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team at redhat.com
Reporter: vkaigoro at redhat.com
CC: paul at city-fan.org, perl-devel at lists.fedoraproject.org,
perl-maint-list at redhat.com, pertusus at free.fr
When verifying the contents of a CPAN module, Module::Signature before version
0.75 ignored some files in the extracted tarball that were not listed in the
signature file. This included some files in the t/ directory that would execute
automatically during "make test".
Upstream fix:
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
CVE request: http://seclists.org/oss-sec/2015/q2/59
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the perl-devel
mailing list