Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 723792 (CVE-2020-10543, CVE-2020-10878, CVE-2020-12723) - <dev-lang/perl-5.30.3: multiple vulnerabilities
Summary: <dev-lang/perl-5.30.3: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-18 17:30 UTC by Thomas Deutschmann (RETIRED)
Modified: 2020-07-27 16:54 UTC (History)
1 user (show)

See Also:
Package list:
dev-lang/perl-5.30.3 virtual/perl-Module-CoreList-5.202.6.13.0_rc virtual/perl-Compress-Raw-Bzip2-2.89.0-r1
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2020-05-18 17:30:12 UTC
Incoming details.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2020-06-01 20:04:41 UTC
Bumping 5.30.3 in a moment. Note:

Test Summary Report
-------------------
run/locale.t                                                     (Wstat: 0 Tests: 39 Failed: 3)
  Failed tests:  35-37
Files=2656, Tests=1218540, 149 wallclock secs (87.94 usr 10.61 sys + 644.28 cusr 53.16 csys = 795.99 CPU)
Result: FAIL
make: *** [makefile:837: test_harness] Error 3

^ This is not a regression, but happens the same in 5.30.1 and 5.30.2. Cause unclear.
Comment 2 Larry the Git Cow gentoo-dev 2020-06-01 20:14:31 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8386f1b3c029c477bb7f565d3089ad578688c6a

commit d8386f1b3c029c477bb7f565d3089ad578688c6a
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2020-06-01 20:12:41 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2020-06-01 20:14:17 +0000

    virtual/perl-Module-CoreList: Add virtual for 5.30.3
    
    Bug: https://bugs.gentoo.org/723792
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 .../perl-Module-CoreList-5.202.6.13.0_rc.ebuild         | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3274b1455b180a8d4078545cebb3c3008de2f2f

commit c3274b1455b180a8d4078545cebb3c3008de2f2f
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2020-06-01 20:08:20 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2020-06-01 20:14:13 +0000

    dev-lang/perl: Version bump
    
    Bug: https://bugs.gentoo.org/723792
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 dev-lang/perl/Manifest           |   1 +
 dev-lang/perl/perl-5.30.3.ebuild | 653 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 654 insertions(+)
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2020-06-01 20:17:00 UTC
OK let's wait and see for a moderate amount of time if anything explodes, and then stabilize 

dev-lang/perl-5.30.3
virtual/perl-Module-CoreList-5.202.6.13.0_rc
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2020-06-01 21:32:07 UTC
(In reply to Andreas K. Hüttel from comment #3)
> OK let's wait and see for a moderate amount of time if anything explodes,
> and then stabilize 

dev-lang/perl-5.30.3
virtual/perl-Module-CoreList-5.202.6.13.0_rc
virtual/perl-Compress-Raw-Bzip2-2.89.0-r1
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2020-06-04 14:34:03 UTC
@arches, go for it

dev-lang/perl-5.30.3
virtual/perl-Module-CoreList-5.202.6.13.0_rc
virtual/perl-Compress-Raw-Bzip2-2.89.0-r1
Comment 6 Larry the Git Cow gentoo-dev 2020-06-05 11:11:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6119987948fe399e337acdb7b2e30db6be9b4fcc

commit 6119987948fe399e337acdb7b2e30db6be9b4fcc
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2020-06-05 11:10:35 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2020-06-05 11:10:35 +0000

    virtual/perl-Compress-Raw-Bzip2: Stable for amd64
    
    Bug: https://bugs.gentoo.org/723792
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 .../perl-Compress-Raw-Bzip2/perl-Compress-Raw-Bzip2-2.89.0-r1.ebuild    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6424bfaeb1af0a2627813f5c93d7e365b2a011e

commit f6424bfaeb1af0a2627813f5c93d7e365b2a011e
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2020-06-05 11:09:52 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2020-06-05 11:09:52 +0000

    virtual/perl-Module-CoreList: Stable for amd64
    
    Bug: https://bugs.gentoo.org/723792
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 .../perl-Module-CoreList/perl-Module-CoreList-5.202.6.13.0_rc.ebuild    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ca327be2985c11f1a82d0552ae6a59f171ccb3bd

commit ca327be2985c11f1a82d0552ae6a59f171ccb3bd
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2020-06-05 11:09:02 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2020-06-05 11:09:02 +0000

    dev-lang/perl: Stable for amd64
    
    Bug: https://bugs.gentoo.org/723792
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 dev-lang/perl/perl-5.30.3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 Rolf Eike Beer archtester 2020-06-05 20:52:32 UTC
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-06-06 17:30:44 UTC
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-06-06 17:33:28 UTC
ppc stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-06-06 17:35:18 UTC
ppc64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2020-06-06 17:36:45 UTC
s390 stable
Comment 12 Agostino Sarubbo gentoo-dev 2020-06-06 20:15:19 UTC
x86 stable
Comment 13 Rolf Eike Beer archtester 2020-06-08 16:08:06 UTC
hppa stable
Comment 14 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-09 02:23:25 UTC
@maintainer(s), please cleanup
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2020-06-12 04:20:56 UTC
This issue was resolved and addressed in
 GLSA 202006-03 at https://security.gentoo.org/glsa/202006-03
by GLSA coordinator Aaron Bauman (b-man).
Comment 16 Aaron Bauman (RETIRED) gentoo-dev 2020-06-12 04:23:21 UTC
re-opened for cleanup
Comment 17 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-18 02:32:32 UTC
@maintainer(s), ping, please cleanup