keytoaster 14/12/29 20:06:18 Modified: glsa-201410-02.xml Log: Fixed capitalization in resolution instructions, reported by Olaf Krause.
Revision Changes Path 1.2 xml/htdocs/security/en/glsa/glsa-201410-02.xml file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml?r1=1.1&r2=1.2 Index: glsa-201410-02.xml =================================================================== RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- glsa-201410-02.xml 12 Oct 2014 08:04:57 -0000 1.1 +++ glsa-201410-02.xml 29 Dec 2014 20:06:18 -0000 1.2 @@ -4,13 +4,13 @@ <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd";> <glsa id="201410-02"> <title>Perl, Perl Locale-Maketext module: Multiple vulnerabilities</title> - <synopsis>Multiple vulnerabilities have been found in Perl Locale-Maketext - module, allowing remote attackers to inject and execute arbitrary Perl - code. + <synopsis>Multiple vulnerabilities have been found in the Perl + Locale-Maketext module, allowing remote attackers to inject and execute + arbitrary Perl code. </synopsis> <product type="ebuild">Locale-Maketext</product> <announced>October 12, 2014</announced> - <revised>October 12, 2014: 1</revised> + <revised>December 29, 2014: 2</revised> <bug>446376</bug> <access>remote</access> <affected> @@ -27,42 +27,40 @@ <p>Locale-Maketext - Perl framework for localization</p> </background> <description> - <p>Two vulnerabilities have been reported in Locale-Maketext module for - Perl, which can be exploited - by malicious users to compromise an application using the module. + <p>Two vulnerabilities have been reported in the Locale-Maketext module for + Perl, which can be exploited by malicious users to compromise an + application using the module. </p> <p>The vulnerabilities are caused due to the “_compile()” function not - properly sanitising input, - which can be exploited to inject and execute arbitrary Perl code. + properly sanitising input, which can be exploited to inject and execute + arbitrary Perl code. </p> </description> <impact type="normal"> - <p>A remote attacker could possibly execute - arbitrary code with the privileges of the process, or cause a Denial of - Service condition. + <p>A remote attacker could possibly execute arbitrary code with the + privileges of the process, or cause a Denial of Service condition. </p> </impact> <workaround> <p>There is no known workaround at this time.</p> </workaround> <resolution> - <p>All users of the Perl Locale-Maketext module should upgrade to the - latest version: + <p>All users of the Locale-Maketext module should upgrade to the latest + version: </p> <code> # emerge --sync # emerge --ask --oneshot --verbose - ">=perl-core/locale-maketext-1.230.0" + ">=perl-core/Locale-Maketext-1.230.0" </code> - </resolution> <references> <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6329";>CVE-2012-6329</uri> </references> <metadata tag="requester" timestamp="Tue, 01 Jan 2013 20:38:14 +0000">ackle</metadata> - <metadata tag="submitter" timestamp="Sun, 12 Oct 2014 08:04:05 +0000"> + <metadata tag="submitter" timestamp="Mon, 29 Dec 2014 20:02:06 +0000"> pinkbyte </metadata> </glsa>
