[Bug 1209915] New: perl-Module-Signature: arbitrary code execution during test phase

bugzilla Wed, 08 Apr 2015 05:49:52 -0700

https://bugzilla.redhat.com/show_bug.cgi?id=1209915


            Bug ID: 1209915
           Summary: perl-Module-Signature: arbitrary code execution during
                    test phase
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected],
                    [email protected], [email protected]



When verifying the contents of a CPAN module, Module::Signature before version
0.75 ignored some files in the extracted tarball that were not listed in the
signature file. This included some files in the t/ directory that would execute
automatically during "make test".

Upstream fix:
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
CVE request: http://seclists.org/oss-sec/2015/q2/59

-- 
You are receiving this mail because:
You are on the CC list for the bug.
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/perl-devel

[Bug 1209915] New: perl-Module-Signature: arbitrary code execution during test phase

Reply via email to