https://bugzilla.redhat.com/show_bug.cgi?id=1209911
Bug ID: 1209911 Summary: perl-Module-Signature: unsigned files interpreted as signed in some circumstances Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-t...@redhat.com Reporter: vkaig...@redhat.com CC: p...@city-fan.org, perl-devel@lists.fedoraproject.org, perl-maint-l...@redhat.com, pertu...@free.fr Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f CVE request: http://seclists.org/oss-sec/2015/q2/59 -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel