[Bug 1209911] New: perl-Module-Signature: unsigned files interpreted as signed in some circumstances

bugzilla Wed, 08 Apr 2015 05:47:41 -0700

https://bugzilla.redhat.com/show_bug.cgi?id=1209911


            Bug ID: 1209911
           Summary: perl-Module-Signature: unsigned files interpreted as
                    signed in some circumstances
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: vkaig...@redhat.com
                CC: p...@city-fan.org, perl-devel@lists.fedoraproject.org,
                    perl-maint-l...@redhat.com, pertu...@free.fr



Module::Signature before version 0.75 could be tricked into interpreting the
unsigned portion of a SIGNATURE file as the signed portion due to faulty
parsing of the PGP signature boundaries.

Upstream fix:
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
CVE request: http://seclists.org/oss-sec/2015/q2/59

-- 
You are receiving this mail because:
You are on the CC list for the bug.
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-devel

[Bug 1209911] New: perl-Module-Signature: unsigned files interpreted as signed in some circumstances

Reply via email to