345845 – <perl-core/CGI-3.50: Security Updates Available

Bug 345845 - <perl-core/CGI-3.50: Security Updates Available

Summary: <perl-core/CGI-3.50: Security Updates Available

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://www.nntp.perl.org/group/perl.p...
Whiteboard:	B4 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2010-11-17 05:51 UTC by Tim Sammut (RETIRED)
Modified:	2011-10-08 21:50 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Sammut (RETIRED) gentoo-dev

2010-11-17 05:51:36 UTC

The upstream change log at $URL indicates two security fixes:

      [SECURITY]
      1. The MIME boundary in multipart_init is now random.
         Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and  Mark Stosberg
      2. Further improvements to handling of newlines embedded in header values.
         An exception is thrown if header values contain invalid newlines.
         Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux,
         Lincoln Stein, FrÃ¯Â¿Â½dÃ¯Â¿Â½ric Buclin and Mark Stosberg

Fixed version, =perl-core/CGI-3.50, is already in the tree.

Perl herd, can we begin stabilizing 3.50? Thanks!

Comment 1 Torsten Veller (RETIRED) gentoo-dev

2010-11-28 12:00:16 UTC

Please stabilize:

=dev-lang/perl-5.12.2-r4
=virtual/perl-CGI-3.50
=perl-core/CGI-3.50

alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86

Comment 2 Agostino Sarubbo gentoo-dev

2010-11-28 16:53:18 UTC

emerge perl ok, after this, when i launch perl-cleaner --all:

* package perl-core/File-Spec-3.31 NOT merged
 * 
 * Detected file collision(s):
 * 
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/Cwd.pm
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/auto/Cwd/Cwd.so
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/File/Spec.pm
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/File/Spec/Win32.pm
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/File/Spec/Unix.pm
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/File/Spec/Cygwin.pm
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/File/Spec/Functions.pm
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/File/Spec/Epoc.pm
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/File/Spec/VMS.pm
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/File/Spec/OS2.pm
 *      /usr/lib64/perl5/vendor_perl/5.12.2/x86_64-linux-thread-debug-multi/File/Spec/Mac.pm

Comment 3 Agostino Sarubbo gentoo-dev

2010-11-28 20:29:49 UTC

solved problem, amd64 ok

Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2010-11-29 09:23:48 UTC

x86 stable

Comment 5 Markos Chandras (RETIRED) gentoo-dev

2010-11-29 12:17:53 UTC

amd64 done. Thanks Agostino

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2010-11-29 22:21:40 UTC

Stable for PPC.

Comment 7 Jeroen Roovers (RETIRED) gentoo-dev

2010-11-29 23:16:20 UTC

Stable for HPPA.

Comment 8 Markus Meier gentoo-dev

2010-12-01 07:37:09 UTC

arm stable

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2010-12-04 16:05:20 UTC

alpha/ia64/m68k/s390/sh/sparc stable

Comment 10 Brent Baude (RETIRED) gentoo-dev

2010-12-10 20:13:26 UTC

ppc64 done

Comment 11 Tim Sammut (RETIRED) gentoo-dev

2010-12-10 20:34:31 UTC

GLSA Vote: No.

Comment 12 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 21:50:37 UTC

Vote: NO. Closing noglsa.