Summary: | =dev-perl/LWP-Protocol-https-6.60.0: incorrect handling of SSL certificate verification (CVE-2014-3230) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1094440 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-05-06 07:36:17 UTC
This is in a different package, namely dev-perl/LWP-Protocol-https Stable dev-perl/LWP-Protocol-https-6.3.0-r1 is (according to RH bug) not affected. Upstream has released several new versions since 6.40.0, but they do not contain the RH patches; this code section is unmodified. Version bump dev-perl/LWP-Protocol-https-6.60.0 added with a patch addressing this issue. Affected version dev-perl/LWP-Protocol-https-6.40.0 removed. Stable is not affected. Closing as noglsa. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ac7abfe1692a264f7fbb2446fdc161eb50d766d commit 0ac7abfe1692a264f7fbb2446fdc161eb50d766d Author: Sam James <sam@gentoo.org> AuthorDate: 2023-07-09 22:58:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-07-09 23:01:51 +0000 dev-perl/LWP-Protocol-https: add 6.110.0 Bug: https://bugs.gentoo.org/358081 Bug: https://bugs.gentoo.org/509666 Signed-off-by: Sam James <sam@gentoo.org> .../LWP-Protocol-https-6.110.0.ebuild | 28 ++++++++++++++++++++++ dev-perl/LWP-Protocol-https/Manifest | 1 + 2 files changed, 29 insertions(+) |