date:20200909

[Bug 1877626] New: perl-HTTP-Message-6.26 is available

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877626

Bug ID: 1877626
   Summary: perl-HTTP-Message-6.26 is available
   Product: Fedora
   Version: rawhide
Status: NEW
 Component: perl-HTTP-Message
  Keywords: FutureFeature, Triaged
  Assignee: ppi...@redhat.com
  Reporter: upstream-release-monitor...@fedoraproject.org
QA Contact: extras...@fedoraproject.org
CC: perl-devel@lists.fedoraproject.org, ppi...@redhat.com
  Target Milestone: ---
Classification: Fedora



Latest upstream release: 6.26
Current version/release in rawhide: 6.25-4.fc33
URL: http://search.cpan.org/dist/HTTP-Message/

Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/


More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring


Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.


Based on the information from anitya:
https://release-monitoring.org/project/2977/


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877437] perl-dbi: Externally controlled format string in Perl_croak function

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877437

Product Security DevOps Team  changed:

   What|Removed |Added

 Status|NEW |CLOSED
 Resolution|--- |WONTFIX
Last Closed||2020-09-10 01:17:48




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877437] perl-dbi: Externally controlled format string in Perl_croak function

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877437



--- Comment #2 from Todd Cullum  ---
Statement:

Versions of perl-DBI shipped with Red Hat Enterprise Linux 7 and 8 are not
affected by this flaw because the vulnerable code was not yet committed in
v1.627 shipped with Red Hat Enterprise Linux 7, and already patched in version
1.642 shipped with Red Hat Enterprise Linux 8. This also applies to perl-DBI as
part of Red Hat Software Collections 3. Thus, none of these products are
affected.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877437] perl-dbi: Externally controlled format string in Perl_croak function

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877437



--- Comment #1 from Todd Cullum  ---
Upstream commit:
https://github.com/perl5-dbi/dbi/pull/44/commits/c6d410d1bafa6876e6a346a2727217fa2c3feb30


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877409] CVE-2020-14393 perl-dbi: Buffer overflow on an overlong DBD class name

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877409

Tomas Hoger  changed:

   What|Removed |Added

Summary|CVE-2020-14393 perl-dbi:|CVE-2020-14393 perl-dbi:
   |Buffer overlfow on an   |Buffer overflow on an
   |overlong DBD class name |overlong DBD class name




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877427] perl-dbi: Risk of memory corruption with many arguments in DBI method dispatch

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877427



--- Comment #1 from Todd Cullum  ---
This may be related to BZ#1877402 per the upstream bug tracker [1] but I see
there was a separate patch issued in 1.632 listed in above comment.

1. https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877421

Todd Cullum  changed:

   What|Removed |Added

 Depends On||1877540, 1877541




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877409] CVE-2020-14393 perl-dbi: Buffer overlfow on an overlong DBD class name

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877409

Guilherme de Almeida Suckevicz  changed:

   What|Removed |Added

Summary|perl-dbi: Buffer overlfow   |CVE-2020-14393 perl-dbi:
   |on an overlong DBD class|Buffer overlfow on an
   |name|overlong DBD class name
  Alias||CVE-2020-14393




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877446] perl-dbi: Proxy driver and server use PlRPC which is not secure due to Storable

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877446

Product Security DevOps Team  changed:

   What|Removed |Added

 Status|NEW |CLOSED
 Resolution|--- |WONTFIX
Last Closed||2020-09-09 19:17:46




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877421

Todd Cullum  changed:

   What|Removed |Added

Comment|2   |updated



--- Comment #2 has been edited ---

I marked this as a Low since it could be considered part of the software
lifecycle or hardening, and the "fix" merely labels some functions as
deprecated with comments. However, it may be worthwhile to note.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877410] CVE-2020-14393 perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877410

Guilherme de Almeida Suckevicz  changed:

   What|Removed |Added

Summary|perl-DBI: Buffer overlfow   |CVE-2020-14393 perl-DBI:
   |on an overlong DBD class|Buffer overlfow on an
   |name [fedora-all]   |overlong DBD class name
   ||[fedora-all]




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877421

Todd Cullum  changed:

   What|Removed |Added

   Priority|medium  |low
   Severity|medium  |low



--- Comment #2 from Todd Cullum  ---
I marked this as a Low since it could be considered part of the software
lifecycle or hardening, and the "fix" merely labels some functions as
deprecated with comments. However, it may be worthwhile to note.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877423] perl-DBI: Old API functions vulnerable to overflow [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877423

Todd Cullum  changed:

   What|Removed |Added

   Severity|medium  |low




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877403] CVE-2020-14392 perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877403

Guilherme de Almeida Suckevicz  changed:

   What|Removed |Added

Summary|perl-DBI: Memory corruption |CVE-2020-14392 perl-DBI:
   |in XS functions when Perl   |Memory corruption in XS
   |stack is reallocated|functions when Perl stack
   |[fedora-all]|is reallocated [fedora-all]




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877402] CVE-2020-14392 perl-dbi: Memory corruption in XS functions when Perl stack is reallocated

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877402

Guilherme de Almeida Suckevicz  changed:

   What|Removed |Added

Summary|perl-dbi: Memory corruption |CVE-2020-14392 perl-dbi:
   |in XS functions when Perl   |Memory corruption in XS
   |stack is reallocated|functions when Perl stack
   ||is reallocated
  Alias||CVE-2020-14392




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877405

Todd Cullum  changed:

   What|Removed |Added

 Depends On||1877512, 1877511, 1877514,
   ||1877513




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877402

Todd Cullum  changed:

   What|Removed |Added

 Depends On||1877497, 1877498, 1877499,
   ||1877496




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877446] perl-dbi: Proxy driver and server use PlRPC which is not secure due to Storable

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877446



--- Comment #1 from Todd Cullum  ---
Looks like this fix/warning was backported to 1.627 already back in 2013 and
thus RHEL and RHSCL are notaffected.

Changelog:
* Tue Nov 26 2013 Petr Pisar  - 1.627-2
- Add a security warning about use of RPC::PlClient (bug #1030578)


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877447] perl-dbi: Stack corruption on callbacks

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877447

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1857388




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877446] perl-dbi: Proxy driver and server use PlRPC which is not secure due to Storable

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877446

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1857388




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877444] perl-dbi: DBD::File drivers open files from folders other than specifically passed

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877444

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1857388



A flaw was foundin perl-dbi before version. DBD::File drivers would open files
from folders other than specifically passed using the f_dir attribute.

Upstream patch:

https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877405

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1857388




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877437] perl-dbi: Externally controlled format string in Perl_croak function

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877437

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1857388




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877409] perl-dbi: Buffer overlfow on an overlong DBD class name

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877409

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1857388




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877402

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1857388




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877427] perl-dbi: Risk of memory corruption with many arguments in DBI method dispatch

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877427

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1857388




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877421

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1857388




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877447] New: perl-dbi: Stack corruption on callbacks

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877447

Bug ID: 1877447
   Summary: perl-dbi: Stack corruption on callbacks
   Product: Security Response
  Hardware: All
OS: Linux
Status: NEW
 Component: vulnerability
  Keywords: Security
  Severity: medium
  Priority: medium
  Assignee: security-response-t...@redhat.com
  Reporter: psamp...@redhat.com
CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com,
john.j5l...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Other



A flaw was found in perl-dbi before version 1.628. A problem occurs when a
user-defined function requires a non-trivial amount of memory and the perl
stack gets reallocated.

References:

https://rt.cpan.org/Public/Bug/Display.html?id=85562

Upstream patch:

https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877446] New: perl-dbi: Proxy driver and server use PlRPC which is not secure due to Storable

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877446

Bug ID: 1877446
   Summary: perl-dbi: Proxy driver and server use PlRPC which is
not secure due to Storable
   Product: Security Response
  Hardware: All
OS: Linux
Status: NEW
 Component: vulnerability
  Keywords: Security
  Severity: medium
  Priority: medium
  Assignee: security-response-t...@redhat.com
  Reporter: psamp...@redhat.com
CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com,
john.j5l...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Other



A flaw was found in perl-dbi before version 1.632. The proxy driver and server
use PlRPC which is not secure due to Storable.

References:

https://rt.cpan.org/Public/Bug/Display.html?id=90475

Upstream patch:

https://github.com/perl5-dbi/dbi/commit/3cef14e68a01cd593cd19540c7b91d59d2d47c99


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877444] New: perl-dbi: DBD::File drivers open files from folders other than specifically passed

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877444

Bug ID: 1877444
   Summary: perl-dbi: DBD::File drivers open files from folders
other than specifically passed
   Product: Security Response
  Hardware: All
OS: Linux
Status: NEW
 Component: vulnerability
  Keywords: Security
  Severity: medium
  Priority: medium
  Assignee: security-response-t...@redhat.com
  Reporter: psamp...@redhat.com
CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com,
john.j5l...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Other




-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877423] perl-DBI: Old API functions vulnerable to overflow [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877423

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1877421





Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1877421
[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow
-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877437] New: perl-dbi: Externally controlled format string in Perl_croak function

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877437

Bug ID: 1877437
   Summary: perl-dbi: Externally controlled format string in
Perl_croak function
   Product: Security Response
  Hardware: All
OS: Linux
Status: NEW
 Component: vulnerability
  Keywords: Security
  Severity: medium
  Priority: medium
  Assignee: security-response-t...@redhat.com
  Reporter: psamp...@redhat.com
CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com,
john.j5l...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Other



A flaw was found in perl-dbi before version 1.637. Arbitrary string supplied by
caller can be passed into Perl_croak function which expects
printf-style arguments. Malicious remote systems via specially crafted error
messages can cause problems like buffer overflow or overwriting other part of
process memory.

References:

https://www.mail-archive.com/dbi-users@perl.org/msg35486.html
https://rt-archive.perl.org/perl5/Ticket/Display.html?id=131878
https://github.com/perl/perl5/issues/16108


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877403] perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877403

Petr Pisar  changed:

   What|Removed |Added

 CC||ppi...@redhat.com
Version|32  |31



--- Comment #2 from Petr Pisar  ---
Only Fedora 31 is affected (Fedora ≥ 32 delivers unaffacted perl-DBI-1.643).


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877402



--- Comment #2 from Petr Pisar  ---
The fix is included in DBI-1.643 upstream release.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877427] New: perl-dbi: Risk of memory corruption with many arguments in DBI method dispatch

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877427

Bug ID: 1877427
   Summary: perl-dbi: Risk of memory corruption with many
arguments in DBI method dispatch
   Product: Security Response
  Hardware: All
OS: Linux
Status: NEW
 Component: vulnerability
  Keywords: Security
  Severity: medium
  Priority: medium
  Assignee: security-response-t...@redhat.com
  Reporter: psamp...@redhat.com
CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com,
john.j5l...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Other



A flaw was foundin perl-dbi before version 1.632. Using many arguments to
methods for Callbacks may lead to memory corruption.

Upstream patch:

https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877423] New: perl-DBI: Old API functions vulnerable to overflow [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877423

Bug ID: 1877423
   Summary: perl-DBI: Old API functions vulnerable to overflow
[fedora-all]
   Product: Fedora
   Version: 32
Status: NEW
 Component: perl-DBI
  Keywords: Security, SecurityTracking
  Severity: medium
  Priority: medium
  Assignee: jples...@redhat.com
  Reporter: psamp...@redhat.com
QA Contact: extras...@fedoraproject.org
CC: caillon+fedoraproj...@gmail.com,
john.j5l...@gmail.com, jples...@redhat.com,
ka...@ucw.cz, perl-devel@lists.fedoraproject.org,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Fedora




This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When submitting as an update, use the fedpkg template provided in the next
comment(s).  This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.

Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.

NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time.  If you need to fix the versions independent of each other,
you may clone this bug as appropriate.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877421] perl-dbi: Old API functions vulnerable to overflow

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877421

Pedro Sampaio  changed:

   What|Removed |Added

 Depends On||1877423



--- Comment #1 from Pedro Sampaio  ---
Created perl-DBI tracking bugs for this issue:

Affects: fedora-all [bug 1877423]



Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1877423
[Bug 1877423] perl-DBI: Old API functions vulnerable to overflow [fedora-all]
-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877423] perl-DBI: Old API functions vulnerable to overflow [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877423



--- Comment #1 from Pedro Sampaio  ---
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=

# bugfix, security, enhancement, newpackage (required)
type=security

# low, medium, high, urgent (required)
severity=medium

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1877421,1877423

# Description of your update
notes=Security fix for [PUT CVEs HERE]

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

==

Additionally, you may opt to use the bodhi web interface to submit updates:

https://bodhi.fedoraproject.org/updates/new


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877421] New: perl-dbi: Old API functions vulnerable to overflow

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877421

Bug ID: 1877421
   Summary: perl-dbi: Old API functions vulnerable to overflow
   Product: Security Response
  Hardware: All
OS: Linux
Status: NEW
 Component: vulnerability
  Keywords: Security
  Severity: medium
  Priority: medium
  Assignee: security-response-t...@redhat.com
  Reporter: psamp...@redhat.com
CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com,
john.j5l...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Other



A flaw was found in perl-dbi before version 1.643. Old API functions might be
vulnerable to overflowing potentially causing memory corruption.

References:

https://github.com/perl5-dbi/dbi/commit/00e2ec459b55b72ee5703c1bd8e6cf57f1986c05


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1871053] perl-Module-Load-Conditional-0.74 is available

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1871053



--- Comment #14 from Fedora Update System  ---
FEDORA-MODULAR-2020-131bafc061 has been pushed to the Fedora 31 Modular stable
repository.
If problem still persists, please make note of it in this bug report.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877409] perl-dbi: Buffer overlfow on an overlong DBD class name

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877409



--- Comment #1 from Pedro Sampaio  ---
Created perl-DBI tracking bugs for this issue:

Affects: fedora-all [bug 1877410]


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877402

Pedro Sampaio  changed:

   What|Removed |Added

Comment|0   |updated



--- Comment #1 from Pedro Sampaio  ---
Created perl-DBI tracking bugs for this issue:

Affects: fedora-all [bug 1877403]

--- Comment #0 has been edited ---

A flaw was found in perl-dbi. Macro ST(*) returns pointer to Perl stack. Other
Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and
therefore pointer returned by ST(*) macro is invalid which may lead to memory
corruption.

Upstream patch:

https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877405

Pedro Sampaio  changed:

   What|Removed |Added

Comment|0   |updated



--- Comment #0 has been edited ---

A flaw was found in perl-dbi. hv_fetch() documentation requires checking for
NULL and the code does that. But then calls SvOK(profile) uncoditionally two
lines later lead to a null profile dereference.

Upstream patch:

https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877410] perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877410

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1877409





Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1877409
[Bug 1877409] perl-dbi: Buffer overlfow on an overlong DBD class name
-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877410] New: perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877410

Bug ID: 1877410
   Summary: perl-DBI: Buffer overlfow on an overlong DBD class
name [fedora-all]
   Product: Fedora
   Version: 32
Status: NEW
 Component: perl-DBI
  Keywords: Security, SecurityTracking
  Severity: low
  Priority: low
  Assignee: jples...@redhat.com
  Reporter: psamp...@redhat.com
QA Contact: extras...@fedoraproject.org
CC: caillon+fedoraproj...@gmail.com,
john.j5l...@gmail.com, jples...@redhat.com,
ka...@ucw.cz, perl-devel@lists.fedoraproject.org,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Fedora




This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When submitting as an update, use the fedpkg template provided in the next
comment(s).  This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.

Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.

NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time.  If you need to fix the versions independent of each other,
you may clone this bug as appropriate.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877409] perl-dbi: Buffer overlfow on an overlong DBD class name

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877409

Pedro Sampaio  changed:

   What|Removed |Added

 Depends On||1877410





Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1877410
[Bug 1877410] perl-DBI: Buffer overlfow on an overlong DBD class name
[fedora-all]
-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877410] perl-DBI: Buffer overlfow on an overlong DBD class name [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877410



--- Comment #1 from Pedro Sampaio  ---
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=

# bugfix, security, enhancement, newpackage (required)
type=security

# low, medium, high, urgent (required)
severity=low

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1877409,1877410

# Description of your update
notes=Security fix for [PUT CVEs HERE]

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

==

Additionally, you may opt to use the bodhi web interface to submit updates:

https://bodhi.fedoraproject.org/updates/new


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877409] New: perl-dbi: Buffer overlfow on an overlong DBD class name

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877409

Bug ID: 1877409
   Summary: perl-dbi: Buffer overlfow on an overlong DBD class
name
   Product: Security Response
  Hardware: All
OS: Linux
Status: NEW
 Component: vulnerability
  Keywords: Security
  Severity: low
  Priority: low
  Assignee: security-response-t...@redhat.com
  Reporter: psamp...@redhat.com
CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com,
john.j5l...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Other



A flaw was found in perl-dbi before version 1.643. A buffer overflow on via an
overlong DBD class name in dbih_setup_handle function may lead to data be
written past the intended limit.

Upstream patch:

https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877405] New: perl-dbi: NULL profile dereference in dbi_profile()

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877405

Bug ID: 1877405
   Summary: perl-dbi: NULL profile dereference in dbi_profile()
   Product: Security Response
  Hardware: All
OS: Linux
Status: NEW
 Component: vulnerability
  Keywords: Security
  Severity: low
  Priority: low
  Assignee: security-response-t...@redhat.com
  Reporter: psamp...@redhat.com
CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com,
john.j5l...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Other



A flaw was found in perl-dbi. hv_fetch() documentation requires checking for
NULL and the code does that. But then calls SvOK(profile) uncoditionally two
lines later lead to a null profile dereference.

Upstream patch:

https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877406] New: perl-DBI: NULL profile dereference in dbi_profile() [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877406

Bug ID: 1877406
   Summary: perl-DBI: NULL profile dereference in dbi_profile()
[fedora-all]
   Product: Fedora
   Version: 32
Status: NEW
 Component: perl-DBI
  Keywords: Security, SecurityTracking
  Severity: low
  Priority: low
  Assignee: jples...@redhat.com
  Reporter: psamp...@redhat.com
QA Contact: extras...@fedoraproject.org
CC: caillon+fedoraproj...@gmail.com,
john.j5l...@gmail.com, jples...@redhat.com,
ka...@ucw.cz, perl-devel@lists.fedoraproject.org,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Fedora




This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When submitting as an update, use the fedpkg template provided in the next
comment(s).  This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.

Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.

NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time.  If you need to fix the versions independent of each other,
you may clone this bug as appropriate.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877405



--- Comment #1 from Pedro Sampaio  ---
Created perl-DBI tracking bugs for this issue:

Affects: fedora-all [bug 1877406]


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877405

Pedro Sampaio  changed:

   What|Removed |Added

 Depends On||1877406





Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1877406
[Bug 1877406] perl-DBI: NULL profile dereference in dbi_profile() [fedora-all]
-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877406] perl-DBI: NULL profile dereference in dbi_profile() [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877406

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1877405





Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1877405
[Bug 1877405] perl-dbi: NULL profile dereference in dbi_profile()
-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877406] perl-DBI: NULL profile dereference in dbi_profile() [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877406



--- Comment #1 from Pedro Sampaio  ---
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=

# bugfix, security, enhancement, newpackage (required)
type=security

# low, medium, high, urgent (required)
severity=low

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1877405,1877406

# Description of your update
notes=Security fix for [PUT CVEs HERE]

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

==

Additionally, you may opt to use the bodhi web interface to submit updates:

https://bodhi.fedoraproject.org/updates/new


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877403] perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877403

Pedro Sampaio  changed:

   What|Removed |Added

 Blocks||1877402



--- Comment #1 from Pedro Sampaio  ---
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=

# bugfix, security, enhancement, newpackage (required)
type=security

# low, medium, high, urgent (required)
severity=medium

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1877402,1877403

# Description of your update
notes=Security fix for [PUT CVEs HERE]

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

==

Additionally, you may opt to use the bodhi web interface to submit updates:

https://bodhi.fedoraproject.org/updates/new



Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1877402
[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is
reallocated
-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877403] New: perl-DBI: Memory corruption in XS functions when Perl stack is reallocated [fedora-all]

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877403

Bug ID: 1877403
   Summary: perl-DBI: Memory corruption in XS functions when Perl
stack is reallocated [fedora-all]
   Product: Fedora
   Version: 32
Status: NEW
 Component: perl-DBI
  Keywords: Security, SecurityTracking
  Severity: medium
  Priority: medium
  Assignee: jples...@redhat.com
  Reporter: psamp...@redhat.com
QA Contact: extras...@fedoraproject.org
CC: caillon+fedoraproj...@gmail.com,
john.j5l...@gmail.com, jples...@redhat.com,
ka...@ucw.cz, perl-devel@lists.fedoraproject.org,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Fedora




This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.

For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When submitting as an update, use the fedpkg template provided in the next
comment(s).  This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.

Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.

NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time.  If you need to fix the versions independent of each other,
you may clone this bug as appropriate.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877402] perl-dbi: Memory corruption in XS functions when Perl stack is reallocated

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877402

Pedro Sampaio  changed:

   What|Removed |Added

 Depends On||1877403





Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1877403
[Bug 1877403] perl-DBI: Memory corruption in XS functions when Perl stack is
reallocated [fedora-all]
-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1877402] New: perl-dbi: Memory corruption in XS functions when Perl stack is reallocated

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1877402

Bug ID: 1877402
   Summary: perl-dbi: Memory corruption in XS functions when Perl
stack is reallocated
   Product: Security Response
  Hardware: All
OS: Linux
Status: NEW
 Component: vulnerability
  Keywords: Security
  Severity: medium
  Priority: medium
  Assignee: security-response-t...@redhat.com
  Reporter: psamp...@redhat.com
CC: caillon+fedoraproj...@gmail.com, hho...@redhat.com,
john.j5l...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
rhug...@redhat.com, rstr...@redhat.com,
sandm...@redhat.com
  Target Milestone: ---
Classification: Other



A flaw was found in perl-dbi. Macro ST(*) returns pointer to Perl stack. Other
Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and
therefore pointer returned by ST(*) macro is invalid which may lead to memory
corruption.

Upstream patch:

https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1870878] perl-Module-CoreList-5.20200820 is available

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1870878



--- Comment #12 from Fedora Update System  ---
FEDORA-MODULAR-2020-755b4f2613 has been pushed to the Fedora 32 Modular stable
repository.
If problem still persists, please make note of it in this bug report.

--- Comment #13 from Fedora Update System  ---
FEDORA-MODULAR-2020-131bafc061 has been pushed to the Fedora 31 Modular stable
repository.
If problem still persists, please make note of it in this bug report.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1871053] perl-Module-Load-Conditional-0.74 is available

2020-09-09 Thread bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1871053



--- Comment #13 from Fedora Update System  ---
FEDORA-MODULAR-2020-755b4f2613 has been pushed to the Fedora 32 Modular stable
repository.
If problem still persists, please make note of it in this bug report.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

60 matches

Mail list logo