Bug 89501 - dev-perl/Convert-UUlib New version fix security issue
Bug#: 89501 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: All Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL: 
Summary: dev-perl/Convert-UUlib New version fix security issue
Keywords:  
Status Whiteboard: B2? [glsa] jaervosz
Opened: 2005-04-18 03:16 0000
Description:   Opened: 2005-04-18 03:16 0000 
Snippet from Changelog:

1.05 Fri Feb 25 22:50:27 CET 2005
        - fix a (likely exploitable) segfault problem, (tracked down
          and/or reported by Mark Martinec and Robert Lewis).

------- Comment #1 From Michael Cummings (RETIRED) 2005-04-18 10:25:41 0000 ------- 
1.051 in the tree and ready for arch's to test.

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-04-18 10:29:42 0000 ------- 
Arches please test and mark stable.

------- Comment #3 From Jan Brinkmann (RETIRED) 2005-04-18 10:34:32 0000 ------- 
any hints for testing?

------- Comment #4 From Gustavo Zacarias (RETIRED) 2005-04-18 10:38:23 0000 ------- 
FEATURES="maketest" emerge ... :)
Most perl stuff has autotests, specially when the ebuild has SRC_TEST="do".

------- Comment #5 From Jan Brinkmann (RETIRED) 2005-04-18 11:10:33 0000 ------- 
stable on amd64

------- Comment #6 From Michael Hanselmann (hansmi) (RETIRED) 2005-04-18 11:32:38 0000 ------- 
Stable on ppc.

------- Comment #7 From Michael Cummings (RETIRED) 2005-04-18 12:36:24 0000 ------- 
SRC_TEST="do" is enabled by default - I can provide additional tests if you
have some functionality in mind you want to test :)

Unless rep's from x86 or sparc mind, I can test and bump for these platforms.

------- Comment #8 From Michael Cummings (RETIRED) 2005-04-18 13:46:38 0000 ------- 
Stable for x86 and sparc.

------- Comment #9 From Bryan Østergaard (RETIRED) 2005-04-19 11:14:40 0000 ------- 
Stable on alpha.

------- Comment #10 From Sune Kloppenborg Jeppesen 2005-04-19 12:30:32 0000 ------- 
tigger/taviso could you look into this and perhaps provide a bit more detail
for a GLSA?

------- Comment #11 From Michael Cummings (RETIRED) 2005-04-19 13:25:58 0000 ------- 
Shouldn't we get the amavis && amavisd-new maintainers on this bug? They should
bump their ebuilds to specifically reflect the new version

------- Comment #12 From Sune Kloppenborg Jeppesen 2005-04-19 13:39:24 0000 ------- 
net-mail please bump dependencies.

------- Comment #13 From Markus Rothe 2005-04-19 23:24:13 0000 ------- 
stable on ppc64

------- Comment #14 From Andrej Kacian (RETIRED) 2005-04-20 00:18:25 0000 ------- 
Both amavis and amavisd-new bumped to use >=dev-perl/Convert-UUlib-1.051

------- Comment #15 From Sune Kloppenborg Jeppesen 2005-04-21 01:27:45 0000 ------- 
Upstream contacted by taviso.

------- Comment #16 From Sune Kloppenborg Jeppesen 2005-04-26 22:52:21 0000 ------- 
GLSA 200504-26