[Bug 1877626] New: perl-HTTP-Message-6.26 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1877626 Bug ID: 1877626 Summary: perl-HTTP-Message-6.26 is available Product: Fedora Version: rawhide Status: NEW Component: perl-HTTP-Message Keywords: FutureFeature, Triaged Assignee: ppi...@redhat.com Reporter: upstream-release-monitor...@fedoraproject.org QA Contact: extras...@fedoraproject.org CC: perl-devel@lists.fedoraproject.org, ppi...@redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 6.26 Current version/release in rawhide: 6.25-4.fc33 URL: http://search.cpan.org/dist/HTTP-Message/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/2977/ -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877437] perl-dbi: Externally controlled format string in Perl_croak function
https://bugzilla.redhat.com/show_bug.cgi?id=1877437 Product Security DevOps Team changed: What|Removed |Added Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed||2020-09-10 01:17:48 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877437] perl-dbi: Externally controlled format string in Perl_croak function
https://bugzilla.redhat.com/show_bug.cgi?id=1877437 --- Comment #2 from Todd Cullum --- Statement: Versions of perl-DBI shipped with Red Hat Enterprise Linux 7 and 8 are not affected by this flaw because the vulnerable code was not yet committed in v1.627 shipped with Red Hat Enterprise Linux 7, and already patched in version 1.642 shipped with Red Hat Enterprise Linux 8. This also applies to perl-DBI as part of Red Hat Software Collections 3. Thus, none of these products are affected. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877437] perl-dbi: Externally controlled format string in Perl_croak function
https://bugzilla.redhat.com/show_bug.cgi?id=1877437 --- Comment #1 from Todd Cullum --- Upstream commit: https://github.com/perl5-dbi/dbi/pull/44/commits/c6d410d1bafa6876e6a346a2727217fa2c3feb30 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877409] CVE-2020-14393 perl-dbi: Buffer overflow on an overlong DBD class name
https://bugzilla.redhat.com/show_bug.cgi?id=1877409 Tomas Hoger changed: What|Removed |Added Summary|CVE-2020-14393 perl-dbi:|CVE-2020-14393 perl-dbi: |Buffer overlfow on an |Buffer overflow on an |overlong DBD class name |overlong DBD class name -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877427] perl-dbi: Risk of memory corruption with many arguments in DBI method dispatch
https://bugzilla.redhat.com/show_bug.cgi?id=1877427 --- Comment #1 from Todd Cullum --- This may be related to BZ#1877402 per the upstream bug tracker [1] but I see there was a separate patch issued in 1.632 listed in above comment. 1. https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1877421 Todd Cullum changed: What|Removed |Added Depends On||1877540, 1877541 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877409] CVE-2020-14393 perl-dbi: Buffer overlfow on an overlong DBD class name
https://bugzilla.redhat.com/show_bug.cgi?id=1877409 Guilherme de Almeida Suckevicz changed: What|Removed |Added Summary|perl-dbi: Buffer overlfow |CVE-2020-14393 perl-dbi: |on an overlong DBD class|Buffer overlfow on an |name|overlong DBD class name Alias||CVE-2020-14393 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877446] perl-dbi: Proxy driver and server use PlRPC which is not secure due to Storable
https://bugzilla.redhat.com/show_bug.cgi?id=1877446 Product Security DevOps Team changed: What|Removed |Added Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed||2020-09-09 19:17:46 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1877421 Todd Cullum changed: What|Removed |Added Comment|2 |updated --- Comment #2 has been edited --- I marked this as a Low since it could be considered part of the software lifecycle or hardening, and the "fix" merely labels some functions as deprecated with comments. However, it may be worthwhile to note. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877410] CVE-2020-14393 perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877410 Guilherme de Almeida Suckevicz changed: What|Removed |Added Summary|perl-DBI: Buffer overlfow |CVE-2020-14393 perl-DBI: |on an overlong DBD class|Buffer overlfow on an |name [fedora-all] |overlong DBD class name ||[fedora-all] -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1877421 Todd Cullum changed: What|Removed |Added Priority|medium |low Severity|medium |low --- Comment #2 from Todd Cullum --- I marked this as a Low since it could be considered part of the software lifecycle or hardening, and the "fix" merely labels some functions as deprecated with comments. However, it may be worthwhile to note. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877423] perl-DBI: Old API functions vulnerable to overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877423 Todd Cullum changed: What|Removed |Added Severity|medium |low -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877403] CVE-2020-14392 perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877403 Guilherme de Almeida Suckevicz changed: What|Removed |Added Summary|perl-DBI: Memory corruption |CVE-2020-14392 perl-DBI: |in XS functions when Perl |Memory corruption in XS |stack is reallocated|functions when Perl stack |[fedora-all]|is reallocated [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877402] CVE-2020-14392 perl-dbi: Memory corruption in XS functions when Perl stack is reallocated
https://bugzilla.redhat.com/show_bug.cgi?id=1877402 Guilherme de Almeida Suckevicz changed: What|Removed |Added Summary|perl-dbi: Memory corruption |CVE-2020-14392 perl-dbi: |in XS functions when Perl |Memory corruption in XS |stack is reallocated|functions when Perl stack ||is reallocated Alias||CVE-2020-14392 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()
https://bugzilla.redhat.com/show_bug.cgi?id=1877405 Todd Cullum changed: What|Removed |Added Depends On||1877512, 1877511, 1877514, ||1877513 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated
https://bugzilla.redhat.com/show_bug.cgi?id=1877402 Todd Cullum changed: What|Removed |Added Depends On||1877497, 1877498, 1877499, ||1877496 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877446] perl-dbi: Proxy driver and server use PlRPC which is not secure due to Storable
https://bugzilla.redhat.com/show_bug.cgi?id=1877446 --- Comment #1 from Todd Cullum --- Looks like this fix/warning was backported to 1.627 already back in 2013 and thus RHEL and RHSCL are notaffected. Changelog: * Tue Nov 26 2013 Petr Pisar - 1.627-2 - Add a security warning about use of RPC::PlClient (bug #1030578) -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877447] perl-dbi: Stack corruption on callbacks
https://bugzilla.redhat.com/show_bug.cgi?id=1877447 Pedro Sampaio changed: What|Removed |Added Blocks||1857388 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877446] perl-dbi: Proxy driver and server use PlRPC which is not secure due to Storable
https://bugzilla.redhat.com/show_bug.cgi?id=1877446 Pedro Sampaio changed: What|Removed |Added Blocks||1857388 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877444] perl-dbi: DBD::File drivers open files from folders other than specifically passed
https://bugzilla.redhat.com/show_bug.cgi?id=1877444 Pedro Sampaio changed: What|Removed |Added Blocks||1857388 A flaw was foundin perl-dbi before version. DBD::File drivers would open files from folders other than specifically passed using the f_dir attribute. Upstream patch: https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()
https://bugzilla.redhat.com/show_bug.cgi?id=1877405 Pedro Sampaio changed: What|Removed |Added Blocks||1857388 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877437] perl-dbi: Externally controlled format string in Perl_croak function
https://bugzilla.redhat.com/show_bug.cgi?id=1877437 Pedro Sampaio changed: What|Removed |Added Blocks||1857388 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877409] perl-dbi: Buffer overlfow on an overlong DBD class name
https://bugzilla.redhat.com/show_bug.cgi?id=1877409 Pedro Sampaio changed: What|Removed |Added Blocks||1857388 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated
https://bugzilla.redhat.com/show_bug.cgi?id=1877402 Pedro Sampaio changed: What|Removed |Added Blocks||1857388 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877427] perl-dbi: Risk of memory corruption with many arguments in DBI method dispatch
https://bugzilla.redhat.com/show_bug.cgi?id=1877427 Pedro Sampaio changed: What|Removed |Added Blocks||1857388 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1877421 Pedro Sampaio changed: What|Removed |Added Blocks||1857388 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877447] New: perl-dbi: Stack corruption on callbacks
https://bugzilla.redhat.com/show_bug.cgi?id=1877447 Bug ID: 1877447 Summary: perl-dbi: Stack corruption on callbacks Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: psamp...@redhat.com CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com, john.j5l...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi before version 1.628. A problem occurs when a user-defined function requires a non-trivial amount of memory and the perl stack gets reallocated. References: https://rt.cpan.org/Public/Bug/Display.html?id=85562 Upstream patch: https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877446] New: perl-dbi: Proxy driver and server use PlRPC which is not secure due to Storable
https://bugzilla.redhat.com/show_bug.cgi?id=1877446 Bug ID: 1877446 Summary: perl-dbi: Proxy driver and server use PlRPC which is not secure due to Storable Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: psamp...@redhat.com CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com, john.j5l...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi before version 1.632. The proxy driver and server use PlRPC which is not secure due to Storable. References: https://rt.cpan.org/Public/Bug/Display.html?id=90475 Upstream patch: https://github.com/perl5-dbi/dbi/commit/3cef14e68a01cd593cd19540c7b91d59d2d47c99 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877444] New: perl-dbi: DBD::File drivers open files from folders other than specifically passed
https://bugzilla.redhat.com/show_bug.cgi?id=1877444 Bug ID: 1877444 Summary: perl-dbi: DBD::File drivers open files from folders other than specifically passed Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: psamp...@redhat.com CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com, john.j5l...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Other -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877423] perl-DBI: Old API functions vulnerable to overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877423 Pedro Sampaio changed: What|Removed |Added Blocks||1877421 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1877421 [Bug 1877421] perl-dbi: Old API functions vulnerable to overflow -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877437] New: perl-dbi: Externally controlled format string in Perl_croak function
https://bugzilla.redhat.com/show_bug.cgi?id=1877437 Bug ID: 1877437 Summary: perl-dbi: Externally controlled format string in Perl_croak function Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: psamp...@redhat.com CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com, john.j5l...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi before version 1.637. Arbitrary string supplied by caller can be passed into Perl_croak function which expects printf-style arguments. Malicious remote systems via specially crafted error messages can cause problems like buffer overflow or overwriting other part of process memory. References: https://www.mail-archive.com/dbi-users@perl.org/msg35486.html https://rt-archive.perl.org/perl5/Ticket/Display.html?id=131878 https://github.com/perl/perl5/issues/16108 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877403] perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877403 Petr Pisar changed: What|Removed |Added CC||ppi...@redhat.com Version|32 |31 --- Comment #2 from Petr Pisar --- Only Fedora 31 is affected (Fedora ≥ 32 delivers unaffacted perl-DBI-1.643). -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated
https://bugzilla.redhat.com/show_bug.cgi?id=1877402 --- Comment #2 from Petr Pisar --- The fix is included in DBI-1.643 upstream release. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877427] New: perl-dbi: Risk of memory corruption with many arguments in DBI method dispatch
https://bugzilla.redhat.com/show_bug.cgi?id=1877427 Bug ID: 1877427 Summary: perl-dbi: Risk of memory corruption with many arguments in DBI method dispatch Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: psamp...@redhat.com CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com, john.j5l...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Other A flaw was foundin perl-dbi before version 1.632. Using many arguments to methods for Callbacks may lead to memory corruption. Upstream patch: https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877423] New: perl-DBI: Old API functions vulnerable to overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877423 Bug ID: 1877423 Summary: perl-DBI: Old API functions vulnerable to overflow [fedora-all] Product: Fedora Version: 32 Status: NEW Component: perl-DBI Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jples...@redhat.com Reporter: psamp...@redhat.com QA Contact: extras...@fedoraproject.org CC: caillon+fedoraproj...@gmail.com, john.j5l...@gmail.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1877421 Pedro Sampaio changed: What|Removed |Added Depends On||1877423 --- Comment #1 from Pedro Sampaio --- Created perl-DBI tracking bugs for this issue: Affects: fedora-all [bug 1877423] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1877423 [Bug 1877423] perl-DBI: Old API functions vulnerable to overflow [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877423] perl-DBI: Old API functions vulnerable to overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877423 --- Comment #1 from Pedro Sampaio --- Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. = # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=medium # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1877421,1877423 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False == Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877421] New: perl-dbi: Old API functions vulnerable to overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1877421 Bug ID: 1877421 Summary: perl-dbi: Old API functions vulnerable to overflow Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: psamp...@redhat.com CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com, john.j5l...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi before version 1.643. Old API functions might be vulnerable to overflowing potentially causing memory corruption. References: https://github.com/perl5-dbi/dbi/commit/00e2ec459b55b72ee5703c1bd8e6cf57f1986c05 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1871053] perl-Module-Load-Conditional-0.74 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1871053 --- Comment #14 from Fedora Update System --- FEDORA-MODULAR-2020-131bafc061 has been pushed to the Fedora 31 Modular stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877409] perl-dbi: Buffer overlfow on an overlong DBD class name
https://bugzilla.redhat.com/show_bug.cgi?id=1877409 --- Comment #1 from Pedro Sampaio --- Created perl-DBI tracking bugs for this issue: Affects: fedora-all [bug 1877410] -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated
https://bugzilla.redhat.com/show_bug.cgi?id=1877402 Pedro Sampaio changed: What|Removed |Added Comment|0 |updated --- Comment #1 from Pedro Sampaio --- Created perl-DBI tracking bugs for this issue: Affects: fedora-all [bug 1877403] --- Comment #0 has been edited --- A flaw was found in perl-dbi. Macro ST(*) returns pointer to Perl stack. Other Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer returned by ST(*) macro is invalid which may lead to memory corruption. Upstream patch: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()
https://bugzilla.redhat.com/show_bug.cgi?id=1877405 Pedro Sampaio changed: What|Removed |Added Comment|0 |updated --- Comment #0 has been edited --- A flaw was found in perl-dbi. hv_fetch() documentation requires checking for NULL and the code does that. But then calls SvOK(profile) uncoditionally two lines later lead to a null profile dereference. Upstream patch: https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877410] perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877410 Pedro Sampaio changed: What|Removed |Added Blocks||1877409 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1877409 [Bug 1877409] perl-dbi: Buffer overlfow on an overlong DBD class name -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877410] New: perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877410 Bug ID: 1877410 Summary: perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all] Product: Fedora Version: 32 Status: NEW Component: perl-DBI Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: jples...@redhat.com Reporter: psamp...@redhat.com QA Contact: extras...@fedoraproject.org CC: caillon+fedoraproj...@gmail.com, john.j5l...@gmail.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877409] perl-dbi: Buffer overlfow on an overlong DBD class name
https://bugzilla.redhat.com/show_bug.cgi?id=1877409 Pedro Sampaio changed: What|Removed |Added Depends On||1877410 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1877410 [Bug 1877410] perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877410] perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877410 --- Comment #1 from Pedro Sampaio --- Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. = # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=low # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1877409,1877410 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False == Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877409] New: perl-dbi: Buffer overlfow on an overlong DBD class name
https://bugzilla.redhat.com/show_bug.cgi?id=1877409 Bug ID: 1877409 Summary: perl-dbi: Buffer overlfow on an overlong DBD class name Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-t...@redhat.com Reporter: psamp...@redhat.com CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com, john.j5l...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi before version 1.643. A buffer overflow on via an overlong DBD class name in dbih_setup_handle function may lead to data be written past the intended limit. Upstream patch: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877405] New: perl-dbi: NULL profile dereference in dbi_profile()
https://bugzilla.redhat.com/show_bug.cgi?id=1877405 Bug ID: 1877405 Summary: perl-dbi: NULL profile dereference in dbi_profile() Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-t...@redhat.com Reporter: psamp...@redhat.com CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com, john.j5l...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi. hv_fetch() documentation requires checking for NULL and the code does that. But then calls SvOK(profile) uncoditionally two lines later lead to a null profile dereference. Upstream patch: https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877406] New: perl-DBI: NULL profile dereference in dbi_profile() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877406 Bug ID: 1877406 Summary: perl-DBI: NULL profile dereference in dbi_profile() [fedora-all] Product: Fedora Version: 32 Status: NEW Component: perl-DBI Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: jples...@redhat.com Reporter: psamp...@redhat.com QA Contact: extras...@fedoraproject.org CC: caillon+fedoraproj...@gmail.com, john.j5l...@gmail.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()
https://bugzilla.redhat.com/show_bug.cgi?id=1877405 --- Comment #1 from Pedro Sampaio --- Created perl-DBI tracking bugs for this issue: Affects: fedora-all [bug 1877406] -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()
https://bugzilla.redhat.com/show_bug.cgi?id=1877405 Pedro Sampaio changed: What|Removed |Added Depends On||1877406 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1877406 [Bug 1877406] perl-DBI: NULL profile dereference in dbi_profile() [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877406] perl-DBI: NULL profile dereference in dbi_profile() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877406 Pedro Sampaio changed: What|Removed |Added Blocks||1877405 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1877405 [Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile() -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877406] perl-DBI: NULL profile dereference in dbi_profile() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877406 --- Comment #1 from Pedro Sampaio --- Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. = # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=low # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1877405,1877406 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False == Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877403] perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877403 Pedro Sampaio changed: What|Removed |Added Blocks||1877402 --- Comment #1 from Pedro Sampaio --- Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. = # bugfix, security, enhancement, newpackage (required) type=security # low, medium, high, urgent (required) severity=medium # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1877402,1877403 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False == Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1877402 [Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877403] New: perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1877403 Bug ID: 1877403 Summary: perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all] Product: Fedora Version: 32 Status: NEW Component: perl-DBI Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jples...@redhat.com Reporter: psamp...@redhat.com QA Contact: extras...@fedoraproject.org CC: caillon+fedoraproj...@gmail.com, john.j5l...@gmail.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated
https://bugzilla.redhat.com/show_bug.cgi?id=1877402 Pedro Sampaio changed: What|Removed |Added Depends On||1877403 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1877403 [Bug 1877403] perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1877402] New: perl-dbi: Memory corruption in XS functions when Perl stack is reallocated
https://bugzilla.redhat.com/show_bug.cgi?id=1877402 Bug ID: 1877402 Summary: perl-dbi: Memory corruption in XS functions when Perl stack is reallocated Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: psamp...@redhat.com CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com, john.j5l...@gmail.com, jor...@redhat.com, jples...@redhat.com, ka...@ucw.cz, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, ppi...@redhat.com, rhug...@redhat.com, rstr...@redhat.com, sandm...@redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi. Macro ST(*) returns pointer to Perl stack. Other Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer returned by ST(*) macro is invalid which may lead to memory corruption. Upstream patch: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1870878] perl-Module-CoreList-5.20200820 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1870878 --- Comment #12 from Fedora Update System --- FEDORA-MODULAR-2020-755b4f2613 has been pushed to the Fedora 32 Modular stable repository. If problem still persists, please make note of it in this bug report. --- Comment #13 from Fedora Update System --- FEDORA-MODULAR-2020-131bafc061 has been pushed to the Fedora 31 Modular stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
[Bug 1871053] perl-Module-Load-Conditional-0.74 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1871053 --- Comment #13 from Fedora Update System --- FEDORA-MODULAR-2020-755b4f2613 has been pushed to the Fedora 32 Modular stable repository. If problem still persists, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org