September 2021 - perl-devel - Fedora Mailing-Lists

[Bug 1877427] New: perl-dbi: Risk of memory corruption with many arguments in DBI method dispatch

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1877427 Bug ID: 1877427 Summary: perl-dbi: Risk of memory corruption with many arguments in DBI method dispatch Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: caillon+fedoraproject(a)gmail.com, hhorak(a)redhat.com, john.j5live(a)gmail.com, jorton(a)redhat.com, jplesnik(a)redhat.com, kasal(a)ucw.cz, perl-devel(a)lists.fedoraproject.org, perl-maint-list(a)redhat.com, ppisar(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com Target Milestone: --- Classification: Other A flaw was foundin perl-dbi before version 1.632. Using many arguments to methods for Callbacks may lead to memory corruption. Upstream patch: https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead5... -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 6 months

1
6
0 / 0

[Bug 1877421] New: perl-dbi: Old API functions vulnerable to overflow

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1877421 Bug ID: 1877421 Summary: perl-dbi: Old API functions vulnerable to overflow Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: caillon+fedoraproject(a)gmail.com, hhorak(a)redhat.com, john.j5live(a)gmail.com, jorton(a)redhat.com, jplesnik(a)redhat.com, kasal(a)ucw.cz, perl-devel(a)lists.fedoraproject.org, perl-maint-list(a)redhat.com, ppisar(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi before version 1.643. Old API functions might be vulnerable to overflowing potentially causing memory corruption. References: https://github.com/perl5-dbi/dbi/commit/00e2ec459b55b72ee5703c1bd8e6cf57f... -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 6 months

1
8
0 / 0

[Bug 1877409] New: perl-dbi: Buffer overlfow on an overlong DBD class name

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1877409 Bug ID: 1877409 Summary: perl-dbi: Buffer overlfow on an overlong DBD class name Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: caillon+fedoraproject(a)gmail.com, hhorak(a)redhat.com, john.j5live(a)gmail.com, jorton(a)redhat.com, jplesnik(a)redhat.com, kasal(a)ucw.cz, perl-devel(a)lists.fedoraproject.org, perl-maint-list(a)redhat.com, ppisar(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi before version 1.643. A buffer overflow on via an overlong DBD class name in dbih_setup_handle function may lead to data be written past the intended limit. Upstream patch: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643... -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 6 months

1
12
0 / 0

[Bug 1877405] New: perl-dbi: NULL profile dereference in dbi_profile()

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1877405 Bug ID: 1877405 Summary: perl-dbi: NULL profile dereference in dbi_profile() Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: caillon+fedoraproject(a)gmail.com, hhorak(a)redhat.com, john.j5live(a)gmail.com, jorton(a)redhat.com, jplesnik(a)redhat.com, kasal(a)ucw.cz, perl-devel(a)lists.fedoraproject.org, perl-maint-list(a)redhat.com, ppisar(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi. hv_fetch() documentation requires checking for NULL and the code does that. But then calls SvOK(profile) uncoditionally two lines later lead to a null profile dereference. Upstream patch: https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb... -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 6 months

1
8
0 / 0

[Bug 1877402] New: perl-dbi: Memory corruption in XS functions when Perl stack is reallocated

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1877402 Bug ID: 1877402 Summary: perl-dbi: Memory corruption in XS functions when Perl stack is reallocated Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: caillon+fedoraproject(a)gmail.com, hhorak(a)redhat.com, john.j5live(a)gmail.com, jorton(a)redhat.com, jplesnik(a)redhat.com, kasal(a)ucw.cz, perl-devel(a)lists.fedoraproject.org, perl-maint-list(a)redhat.com, ppisar(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com Target Milestone: --- Classification: Other A flaw was found in perl-dbi. Macro ST(*) returns pointer to Perl stack. Other Perl functions which use Perl stack (e.g. eval) may reallocate Perl stack and therefore pointer returned by ST(*) macro is invalid which may lead to memory corruption. Upstream patch: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe11... -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 6 months

1
11
0 / 0

[Bug 1980682] New: Upgrade perl-Data-GUID to 0.050

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1980682 Bug ID: 1980682 Summary: Upgrade perl-Data-GUID to 0.050 Product: Fedora Version: rawhide Status: NEW Component: perl-Data-GUID Assignee: rc040203(a)freenet.de Reporter: jplesnik(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: jplesnik(a)redhat.com, paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org, rc040203(a)freenet.de Target Milestone: --- Classification: Fedora Latest Fedora delivers 0.049 version. Upstream released 0.050. When you have free time, please upgrade it. -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 6 months

1
6
0 / 0

[Bug 1917521] New: Upgrade perl-Calendar-Simple to 2.0.1

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1917521 Bug ID: 1917521 Summary: Upgrade perl-Calendar-Simple to 2.0.1 Product: Fedora Version: rawhide Status: NEW Component: perl-Calendar-Simple Assignee: rc040203(a)freenet.de Reporter: jplesnik(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: lxtnow(a)gmail.com, perl-devel(a)lists.fedoraproject.org, rc040203(a)freenet.de Target Milestone: --- Classification: Fedora Latest Fedora delivers 2.0.0 version. Upstream released 2.0.1. When you have free time, please upgrade it. -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 6 months

1
6
0 / 0

[Bug 1829902] New: Upgrade perl-Algorithm-Dependency to 1.112

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1829902 Bug ID: 1829902 Summary: Upgrade perl-Algorithm-Dependency to 1.112 Product: Fedora Version: rawhide Status: NEW Component: perl-Algorithm-Dependency Assignee: rc040203(a)freenet.de Reporter: jplesnik(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: lkundrak(a)v3.sk, lxtnow(a)gmail.com, perl-devel(a)lists.fedoraproject.org, rc040203(a)freenet.de Target Milestone: --- Classification: Fedora Latest Fedora delivers 1.111 version. Upstream released 1.112. When you have free time, please upgrade it. -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 6 months

1
6
0 / 0

[Bug 2009211] New: perl-Cache-FastMmap-1.57 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2009211 Bug ID: 2009211 Summary: perl-Cache-FastMmap-1.57 is available Product: Fedora Version: rawhide Status: NEW Component: perl-Cache-FastMmap Keywords: FutureFeature, Triaged Assignee: jpazdziora(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: iarnell(a)gmail.com, jpazdziora(a)redhat.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Latest upstream release: 1.57 Current version/release in rawhide: 1.56-4.fc35 URL: http://search.cpan.org/dist/Cache-FastMmap/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/6745/ -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2009211

2 years, 6 months

1
3
0 / 0

[Bug 2008958] New: CVE-2021-38562 rt: User enumeration through a timing side-channel attack [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2008958 Bug ID: 2008958 Summary: CVE-2021-38562 rt: User enumeration through a timing side-channel attack [fedora-all] Product: Fedora Version: 34 Status: NEW Component: rt Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: rc040203(a)freenet.de Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: j(a)tib.bs, perl-devel(a)lists.fedoraproject.org, rc040203(a)freenet.de Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2008958

2 years, 6 months

1
17
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

perl-devel September 2021