https://bugzilla.redhat.com/show_bug.cgi?id=1877626
Bug ID: 1877626
Summary: perl-HTTP-Message-6.26 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-HTTP-Message
Keywords: FutureFeature, Triaged
https://bugzilla.redhat.com/show_bug.cgi?id=1877437
Product Security DevOps Team changed:
What|Removed |Added
Status|NEW |CLOSED
https://bugzilla.redhat.com/show_bug.cgi?id=1877437
--- Comment #2 from Todd Cullum ---
Statement:
Versions of perl-DBI shipped with Red Hat Enterprise Linux 7 and 8 are not
affected by this flaw because the vulnerable code was not yet committed in
v1.627 shipped with Red Hat Enterprise Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1877437
--- Comment #1 from Todd Cullum ---
Upstream commit:
https://github.com/perl5-dbi/dbi/pull/44/commits/c6d410d1bafa6876e6a346a2727217fa2c3feb30
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1877409
Tomas Hoger changed:
What|Removed |Added
Summary|CVE-2020-14393 perl-dbi:|CVE-2020-14393 perl-dbi:
https://bugzilla.redhat.com/show_bug.cgi?id=1877427
--- Comment #1 from Todd Cullum ---
This may be related to BZ#1877402 per the upstream bug tracker [1] but I see
there was a separate patch issued in 1.632 listed in above comment.
1.
https://bugzilla.redhat.com/show_bug.cgi?id=1877421
Todd Cullum changed:
What|Removed |Added
Depends On||1877540, 1877541
--
You are
https://bugzilla.redhat.com/show_bug.cgi?id=1877409
Guilherme de Almeida Suckevicz changed:
What|Removed |Added
Summary|perl-dbi: Buffer overlfow |CVE-2020-14393
https://bugzilla.redhat.com/show_bug.cgi?id=1877446
Product Security DevOps Team changed:
What|Removed |Added
Status|NEW |CLOSED
https://bugzilla.redhat.com/show_bug.cgi?id=1877421
Todd Cullum changed:
What|Removed |Added
Comment|2 |updated
--- Comment #2 has been edited
https://bugzilla.redhat.com/show_bug.cgi?id=1877410
Guilherme de Almeida Suckevicz changed:
What|Removed |Added
Summary|perl-DBI: Buffer overlfow |CVE-2020-14393
https://bugzilla.redhat.com/show_bug.cgi?id=1877421
Todd Cullum changed:
What|Removed |Added
Priority|medium |low
Severity|medium
https://bugzilla.redhat.com/show_bug.cgi?id=1877423
Todd Cullum changed:
What|Removed |Added
Severity|medium |low
--
You are receiving this mail
https://bugzilla.redhat.com/show_bug.cgi?id=1877403
Guilherme de Almeida Suckevicz changed:
What|Removed |Added
Summary|perl-DBI: Memory corruption |CVE-2020-14392
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
Guilherme de Almeida Suckevicz changed:
What|Removed |Added
Summary|perl-dbi: Memory corruption |CVE-2020-14392
https://bugzilla.redhat.com/show_bug.cgi?id=1877405
Todd Cullum changed:
What|Removed |Added
Depends On||1877512, 1877511, 1877514,
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
Todd Cullum changed:
What|Removed |Added
Depends On||1877497, 1877498, 1877499,
https://bugzilla.redhat.com/show_bug.cgi?id=1877446
--- Comment #1 from Todd Cullum ---
Looks like this fix/warning was backported to 1.627 already back in 2013 and
thus RHEL and RHSCL are notaffected.
Changelog:
* Tue Nov 26 2013 Petr Pisar - 1.627-2
- Add a security warning about use of
https://bugzilla.redhat.com/show_bug.cgi?id=1877447
Pedro Sampaio changed:
What|Removed |Added
Blocks||1857388
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1877446
Pedro Sampaio changed:
What|Removed |Added
Blocks||1857388
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
Pedro Sampaio changed:
What|Removed |Added
Blocks||1857388
A flaw was foundin perl-dbi
https://bugzilla.redhat.com/show_bug.cgi?id=1877405
Pedro Sampaio changed:
What|Removed |Added
Blocks||1857388
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1877437
Pedro Sampaio changed:
What|Removed |Added
Blocks||1857388
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1877409
Pedro Sampaio changed:
What|Removed |Added
Blocks||1857388
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
Pedro Sampaio changed:
What|Removed |Added
Blocks||1857388
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1877427
Pedro Sampaio changed:
What|Removed |Added
Blocks||1857388
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1877421
Pedro Sampaio changed:
What|Removed |Added
Blocks||1857388
--
You are receiving this
https://bugzilla.redhat.com/show_bug.cgi?id=1877447
Bug ID: 1877447
Summary: perl-dbi: Stack corruption on callbacks
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1877446
Bug ID: 1877446
Summary: perl-dbi: Proxy driver and server use PlRPC which is
not secure due to Storable
Product: Security Response
Hardware: All
OS: Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1877444
Bug ID: 1877444
Summary: perl-dbi: DBD::File drivers open files from folders
other than specifically passed
Product: Security Response
Hardware: All
OS: Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1877423
Pedro Sampaio changed:
What|Removed |Added
Blocks||1877421
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1877437
Bug ID: 1877437
Summary: perl-dbi: Externally controlled format string in
Perl_croak function
Product: Security Response
Hardware: All
OS: Linux
Status:
https://bugzilla.redhat.com/show_bug.cgi?id=1877403
Petr Pisar changed:
What|Removed |Added
CC||ppi...@redhat.com
Version|32
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
--- Comment #2 from Petr Pisar ---
The fix is included in DBI-1.643 upstream release.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list --
https://bugzilla.redhat.com/show_bug.cgi?id=1877427
Bug ID: 1877427
Summary: perl-dbi: Risk of memory corruption with many
arguments in DBI method dispatch
Product: Security Response
Hardware: All
OS: Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1877423
Bug ID: 1877423
Summary: perl-DBI: Old API functions vulnerable to overflow
[fedora-all]
Product: Fedora
Version: 32
Status: NEW
Component: perl-DBI
https://bugzilla.redhat.com/show_bug.cgi?id=1877421
Pedro Sampaio changed:
What|Removed |Added
Depends On||1877423
--- Comment #1 from Pedro
https://bugzilla.redhat.com/show_bug.cgi?id=1877423
--- Comment #1 from Pedro Sampaio ---
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all
https://bugzilla.redhat.com/show_bug.cgi?id=1877421
Bug ID: 1877421
Summary: perl-dbi: Old API functions vulnerable to overflow
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1871053
--- Comment #14 from Fedora Update System ---
FEDORA-MODULAR-2020-131bafc061 has been pushed to the Fedora 31 Modular stable
repository.
If problem still persists, please make note of it in this bug report.
--
You are receiving this mail
https://bugzilla.redhat.com/show_bug.cgi?id=1877409
--- Comment #1 from Pedro Sampaio ---
Created perl-DBI tracking bugs for this issue:
Affects: fedora-all [bug 1877410]
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
Pedro Sampaio changed:
What|Removed |Added
Comment|0 |updated
--- Comment #1 from Pedro
https://bugzilla.redhat.com/show_bug.cgi?id=1877405
Pedro Sampaio changed:
What|Removed |Added
Comment|0 |updated
--- Comment #0 has been
https://bugzilla.redhat.com/show_bug.cgi?id=1877410
Pedro Sampaio changed:
What|Removed |Added
Blocks||1877409
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1877410
Bug ID: 1877410
Summary: perl-DBI: Buffer overlfow on an overlong DBD class
name [fedora-all]
Product: Fedora
Version: 32
Status: NEW
Component: perl-DBI
https://bugzilla.redhat.com/show_bug.cgi?id=1877409
Pedro Sampaio changed:
What|Removed |Added
Depends On||1877410
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1877410
--- Comment #1 from Pedro Sampaio ---
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all
https://bugzilla.redhat.com/show_bug.cgi?id=1877409
Bug ID: 1877409
Summary: perl-dbi: Buffer overlfow on an overlong DBD class
name
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
https://bugzilla.redhat.com/show_bug.cgi?id=1877405
Bug ID: 1877405
Summary: perl-dbi: NULL profile dereference in dbi_profile()
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1877406
Bug ID: 1877406
Summary: perl-DBI: NULL profile dereference in dbi_profile()
[fedora-all]
Product: Fedora
Version: 32
Status: NEW
Component: perl-DBI
https://bugzilla.redhat.com/show_bug.cgi?id=1877405
--- Comment #1 from Pedro Sampaio ---
Created perl-DBI tracking bugs for this issue:
Affects: fedora-all [bug 1877406]
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1877405
Pedro Sampaio changed:
What|Removed |Added
Depends On||1877406
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1877406
Pedro Sampaio changed:
What|Removed |Added
Blocks||1877405
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1877406
--- Comment #1 from Pedro Sampaio ---
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all
https://bugzilla.redhat.com/show_bug.cgi?id=1877403
Pedro Sampaio changed:
What|Removed |Added
Blocks||1877402
--- Comment #1 from Pedro
https://bugzilla.redhat.com/show_bug.cgi?id=1877403
Bug ID: 1877403
Summary: perl-DBI: Memory corruption in XS functions when Perl
stack is reallocated [fedora-all]
Product: Fedora
Version: 32
Status: NEW
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
Pedro Sampaio changed:
What|Removed |Added
Depends On||1877403
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1877402
Bug ID: 1877402
Summary: perl-dbi: Memory corruption in XS functions when Perl
stack is reallocated
Product: Security Response
Hardware: All
OS: Linux
https://bugzilla.redhat.com/show_bug.cgi?id=1870878
--- Comment #12 from Fedora Update System ---
FEDORA-MODULAR-2020-755b4f2613 has been pushed to the Fedora 32 Modular stable
repository.
If problem still persists, please make note of it in this bug report.
--- Comment #13 from Fedora Update
https://bugzilla.redhat.com/show_bug.cgi?id=1871053
--- Comment #13 from Fedora Update System ---
FEDORA-MODULAR-2020-755b4f2613 has been pushed to the Fedora 32 Modular stable
repository.
If problem still persists, please make note of it in this bug report.
--
You are receiving this mail
https://bugzilla.redhat.com/show_bug.cgi?id=1876925
Petr Pisar changed:
What|Removed |Added
Status|ASSIGNED|CLOSED
Fixed In Version|
https://bugzilla.redhat.com/show_bug.cgi?id=1876925
--- Comment #1 from Petr Pisar ---
This release removes PPIx::Regexp::StringTokenizer. Suitable for Rawhide only.
--
You are receiving this mail because:
You are on the CC list for the bug.
___
62 matches
Mail list logo