[Bug 1821882] CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input [epel-8]

2020-05-15 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1821882



--- Comment #6 from Philipp Trulson  ---
Thanks for this info Paul! The same thing already happened with zstd, it's a
pity that this breaks so many dependent programs on CentOS.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1821882] CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input [epel-8]

2020-05-15 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1821882

Paul Howarth  changed:

   What|Removed |Added

 CC||p...@city-fan.org



--- Comment #5 from Paul Howarth  ---
Whilst you wait for CentOS 8.2 to be released, you can find the old EPEL
package here:

https://archives.fedoraproject.org/pub/archive/epel/8.1/Everything/x86_64/Packages/p/perl-Convert-ASN1-0.27-16.el8.noarch.rpm


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1821882] CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input [epel-8]

2020-05-14 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1821882

Petr Pisar  changed:

   What|Removed |Added

 Status|ASSIGNED|CLOSED
 Resolution|--- |EOL
Last Closed||2020-05-14 13:21:54



--- Comment #4 from Petr Pisar  ---
This package was removed from EPEL. But for a different reason. This package
was added into RHEL 8.2 and thus removed from EPEL because EPEL cannot provide
the same packages (bug #1833568).


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1821882] CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input [epel-8]

2020-05-14 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1821882

Philipp Trulson  changed:

   What|Removed |Added

 CC||phil...@trulson.de



--- Comment #3 from Philipp Trulson  ---
Did this package get removed because of the vulnerability? 
This is blocking the installation of nagios-plugins-all-2.3.3-1.el8.x86_64
which depends on nagios-plugins-ssl_validity-2.3.3-1.el8.x86_64 which depends
on perl-Crypt-X509-0.51-19.el8.noarch which depends on perl(Convert::ASN1) >=
0.19. We really need this package back ASAP.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1821882] CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input [epel-8]

2020-04-09 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1821882

Petr Pisar  changed:

   What|Removed |Added

 Status|NEW |ASSIGNED
 CC||ppi...@redhat.com



--- Comment #2 from Petr Pisar  ---
I confirm that perl-Convert-ASN1-0.27-16.el8.noarch is vulnerable.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1821882] CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input [epel-8]

2020-04-07 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1821882



--- Comment #1 from Guilherme de Almeida Suckevicz  ---
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug.  This will ensure that all associated bugs get updated
when new packages are pushed to stable.

=

# bugfix, security, enhancement, newpackage (required)
type=security

# low, medium, high, urgent (required)
severity=medium

# testing, stable
request=testing

# Bug numbers: 1234,9876
bugs=1821879,1821882

# Description of your update
notes=Security fix for [PUT CVEs HERE]

# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3

# Automatically close bugs when this marked as stable
close_bugs=True

# Suggest that users restart after update
suggest_reboot=False

==

Additionally, you may opt to use the bodhi web interface to submit updates:

https://bodhi.fedoraproject.org/updates/new


-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org

[Bug 1821882] CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause an infinite loop via unexpected input [epel-8]

2020-04-07 Thread bugzilla 
https://bugzilla.redhat.com/show_bug.cgi?id=1821882

Guilherme de Almeida Suckevicz  changed:

   What|Removed |Added

 Blocks||1821879 (CVE-2013-7488)





Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1821879
[Bug 1821879] CVE-2013-7488 perl-Convert-ASN1: allows remote attackers to cause
an infinite loop via unexpected input
-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org