Bug 178989
| Summary: | CAN-2005-0077 perl-DBI insecure temporary file usage | ||
|---|---|---|---|
| Product: | [Retired] Fedora Legacy | Reporter: | David Eisenstein <deisenst> |
| Component: | perl-DBI | Assignee: | Fedora Legacy Bugs <bugs> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | donjr, jpdalbec, pekkas, tseaver |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | impact=low, LEGACY, rh73, rh90, 1, 2 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-03-02 01:15:54 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
David Eisenstein
2006-01-26 02:52:12 UTC
On 2005-02-01, Red Hat issued RHSA-2005-069 for this issue: http://rhn.redhat.com/errata/RHSA-2005-069.html On 2005-02-15, Red Hat issued RHSA-2005-072 for this issue: http://rhn.redhat.com/errata/RHSA-2005-072.html -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA: 861e7b17a5c9f830fb6444ffc061bc8b34caacd8 7.3/perl-DBI-1.21-1.1.legacy.i386.rpm 4bc8000341291476c209653ee8f51125b2074d72 7.3/perl-DBI-1.21-1.1.legacy.src.rpm 0a456f49dbf0a48fcb8c11584067fa9e04a7f655 9/perl-DBI-1.32-5.1.legacy.i386.rpm 6de844ee989ff0ba939eb21137b1d912da16c43b 9/perl-DBI-1.32-5.1.legacy.src.rpm ba1769d36dbe33895455a03381afbd1cb1631f89 1/perl-DBI-1.37-1.1.legacy.i386.rpm 4ee3113def0de25f700a6b39c9f1069afe8bd7c5 1/perl-DBI-1.37-1.1.legacy.src.rpm 3b5267c54a9e08192fdabcf5b018c697b3a2f641 2/perl-DBI-1.40-4.1.legacy.i386.rpm cb4ad3208bbf3317278ca16025a59465c939fb44 2/perl-DBI-1.40-4.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/perl-DBI-1.21-1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/perl-DBI-1.32-5.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/perl-DBI-1.37-1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/2/perl-DBI-1.40-4.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFD98vpLMAs/0C4zNoRAnuHAJ0fuQxXLbwqYyPWSpWUeWGMD3EiMwCgoLp1 b6P2oX0H+8g6+kXubw+qa5s= =tKno -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare-.sh: - source integrity good - spec file changes minimal - patches verified to come from RHEL +PUBLISH RHL73, RHL9, FC1, FC2 4bc8000341291476c209653ee8f51125b2074d72 perl-DBI-1.21-1.1.legacy.src.rpm 6de844ee989ff0ba939eb21137b1d912da16c43b perl-DBI-1.32-5.1.legacy.src.rpm 4ee3113def0de25f700a6b39c9f1069afe8bd7c5 perl-DBI-1.37-1.1.legacy.src.rpm cb4ad3208bbf3317278ca16025a59465c939fb44 perl-DBI-1.40-4.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFD+Cv3GHbTkzxSL7QRAi93AJ9gK8hE5NaLdgBAJfoH7BzR9rsHGwCfb8xV N+66LZ58CyR7wc0s52JEtlE= =S9+S -----END PGP SIGNATURE----- Packages were pushed to updates-testing -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I performed QA on the following packages: fc1: 50a02fd2d68f47d35f76bc690281253bbdf9a486 perl-DBI-1.37-1.1.legacy.i386.rpm fc2: 69a623c7db409341705bfc125b5fd6f0c056af7b perl-DBI-1.40-4.1.legacy.i386.rpm Packages installed fine. Performed QA using ikonboard 3.1.1 forums. MySQL database on fc4 box. Forum testing worked fine, was able to post, read and search successfully. +VERIFY fc1,fc2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFD/o3/pxMPKJzn2lIRAsu6AJ0TvW0/I3Rd38O7OGf6ARs4gWfPfgCguzWT OumdZ39XLxueEFhLSTAf9J4= =QWnF -----END PGP SIGNATURE----- Thanks! -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Packages tested:
3267a9d83ac3cadcfa650b1625cf5c458adb5540 perl-5.8.3-17.5.legacy.i386.rpm
50a02fd2d68f47d35f76bc690281253bbdf9a486 perl-DBI-1.37-1.1.legacy.i386.rpm
- SHA1 checksums and GPG signatures verified.
- Both packages installed cleanly.
- Webmin ran fine after the update (I was able to log in, browse MySQL
databases, etc.)
+VERIFY FC1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD/04p+gerLs4ltQ4RAn+vAKC3igyTHtvW8Wo35L6bAh1V1neKjgCgpJRF
Tx5iOTu8q8ic43G1Z466ZC0=
=1+Cq
-----END PGP SIGNATURE-----
Thanks! Timeout over. Packages were released. |