Hi Catalyst-Authentication-Store-LDAP version 1.013 (only) contains a major security hole.
If you are using this module (at this version) then you MUST upgrade. To see if you have a vulnerable version installed, run the following command: perl -MCatalyst::Authentication::Store::LDAP\ 999 Catalyst::Authentication::Store::LDAP version 999 required--this is only version 1.014, <DATA> line 741. BEGIN failed--compilation aborted, <DATA> line 741. If the version number in the error message is <= 1.012, then you are NOT vulnerable If the version number in the error message is = 1.013, then you are ARE vulnerable - you MUST upgrade. If the version number in the error message is >= 1.014, then you are NOT vulnerable If you are not using the LDAP store in any of your applications (but just have it installed), then you are not vulnerable, although I strongly recommend upgrading anyway in case you do start using this module at a later time. The fixed version has only been uploaded in the last few mins. If you want to upgrade before this hits a mirror site near you, then you can install the tar ball directly by saying: cpanm http://pause.perl.org/incoming/Catalyst-Authentication-Store-LDAP-1.014.tar.gz Or, if you don't have cpanm installed, you can say: curl -L cpanmin.us | perl - -- http://pause.perl.org/incoming/Catalyst-Authentication-Store-LDAP-1.014.tar.gz or, of course, download the file manually and install with the usual perl Makefile.PL && make install Cheers t0m _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
