[perl-Config-IniFiles] 2.72, fix CVE-2012-2451
Tom Callaway
spot at fedoraproject.org
Fri May 11 20:14:45 UTC 2012
commit 58924f92b96ac9488bfea9bddae6d20ec4e7f698
Author: Tom Callaway <spot at fedoraproject.org>
Date: Fri May 11 16:14:40 2012 -0400
2.72, fix CVE-2012-2451
.gitignore | 1 +
perl-Config-IniFiles.spec | 12 ++++++++++--
sources | 2 +-
3 files changed, 12 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index b34848f..a1215c0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
Config-IniFiles-2.58.tar.gz
/Config-IniFiles-2.68.tar.gz
+/Config-IniFiles-2.72.tar.gz
diff --git a/perl-Config-IniFiles.spec b/perl-Config-IniFiles.spec
index 3356b29..d04292c 100644
--- a/perl-Config-IniFiles.spec
+++ b/perl-Config-IniFiles.spec
@@ -1,6 +1,6 @@
Name: perl-Config-IniFiles
-Version: 2.68
-Release: 3%{?dist}
+Version: 2.72
+Release: 1%{?dist}
Summary: A module for reading .ini-style configuration files
Group: Development/Libraries
@@ -56,6 +56,14 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri May 11 2012 Tom Callaway <spot at fedoraproject.org> - 2.72-1
+- update to 2.72
+- notable fix: SECURITY BUG FIX: Config::IniFiles used to write
+ to a temporary filename with a predictable name
+ ("${filename}-new") which opens the door for potential
+ exploits.
+ Fixes CVE-2012-2451
+
* Tue Feb 21 2012 Tom Callaway <spot at fedoraproject.org> - 2.68-3
- add missing Requires: perl(IO::Scalar) >= 2.109 (bz 791078)
diff --git a/sources b/sources
index 7d20be9..5a15349 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-c860f04b2d7d3cb0cc462ed896112c62 Config-IniFiles-2.68.tar.gz
+513d01cf4945e9b1faccc80e153bd27e Config-IniFiles-2.72.tar.gz
More information about the scm-commits
mailing list