Bug 528608

Summary: current perl-Net-OAuth does not support OAuth 1.0a
Product: [Fedora] Fedora Reporter: Ken Dreyer <ktdreyer>
Component: perl-Net-OAuthAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 11CC: lkundrak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://oauth.net/advisories/2009-1
Whiteboard:
Fixed In Version: 0.19-1.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-15 22:35:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ken Dreyer 2009-10-13 04:03:50 UTC 
Fedora 11 has version 0.14 of perl-Net-OAuth. This version only supports OAuth 1.0, which is vulnerable to a session fixation attack (details at the URL above). Upstream Net::OAuth implemented OAuth 1.0A in 0.16; the latest Net::OAuth is 0.19.
Comment 1 Fedora Update System 2009-10-13 14:00:43 UTC 
perl-Net-OAuth-0.19-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/perl-Net-OAuth-0.19-1.fc10
Comment 2 Fedora Update System 2009-10-13 14:00:45 UTC 
perl-Net-OAuth-0.19-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/perl-Net-OAuth-0.19-1.el5
Comment 3 Fedora Update System 2009-10-13 14:00:54 UTC 
perl-Net-OAuth-0.19-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/perl-Net-OAuth-0.19-1.fc12
Comment 4 Ken Dreyer 2009-10-13 19:50:52 UTC 
Weird, looks like the Fedora updates system didn't post the fc11 package link here...

At any rate, I've tested both the fc11 and fc12 packages from koji on my Fedora 11 box, and they both work well.
Comment 5 Fedora Update System 2009-10-15 22:35:20 UTC 
perl-Net-OAuth-0.19-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2009-10-15 22:40:39 UTC 
perl-Net-OAuth-0.19-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2009-10-16 19:35:49 UTC 
perl-Net-OAuth-0.19-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.