Bug 657950
| Summary: | perl-5.12.2/CGI-3.50 security update | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Petr Pisar <ppisar> | |
| Component: | perl | Assignee: | Marcela Mašláňová <mmaslano> | |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
| Severity: | high | Docs Contact: | ||
| Priority: | low | |||
| Version: | 14 | CC: | cweyl, iarnell, kasal, lkundrak, mmaslano, ppisar, psabata, rc040203, tcallawa | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| URL: | http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html | |||
| Whiteboard: | ||||
| Fixed In Version: | perl-5.10.1-121.fc13 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 671352 (view as bug list) | Environment: | ||
| Last Closed: | 2010-12-05 00:35:52 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 658125 | |||
| Bug Blocks: | 658976, 671352 | |||
perl-CGI-3.50-1.fc14,perl-5.12.2-140.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/perl-CGI-3.50-1.fc14,perl-5.12.2-140.fc14 perl-5.10.1-121.fc13,perl-CGI-3.50-2.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/perl-5.10.1-121.fc13,perl-CGI-3.50-2.fc13 perl-5.10.1-121.fc13, perl-CGI-3.50-2.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update perl perl-CGI'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/perl-5.10.1-121.fc13,perl-CGI-3.50-2.fc13 perl-5.12.2-140.fc14, perl-CGI-3.50-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. perl-CGI-3.51-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/perl-CGI-3.51-1.fc14 perl-CGI-3.51-1.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/perl-CGI-3.51-1.fc13 perl-CGI-3.51-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. perl-CGI-3.51-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. perl-5.10.1-121.fc13, perl-CGI-3.50-2.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |
Current perl-5.12.2 contains CGI 3.49 version. Upstream released new bug-fixing version 3.50 concerning MIME part construction and HTTP headers parser with security impacts. Changelog quotation: Version 3.50 [SECURITY] 1. The MIME boundary in multipart_init is now random. Thanks to Byron Jones, Masahiro Yamada, Reed Loden, and Mark Stosberg 2. Further improvements to handling of newlines embedded in header values. An exception is thrown if header values contain invalid newlines. Thanks to Michal Zalewski, Max Kanat-Alexander, Yanick Champoux, Lincoln Stein, Frédéric Buclin and Mark Stosberg Affected: F15, F14 at least. Need to test Fedoras with older perl. Solution: CGI module will be forked into dual-lived package to allow isolated CGI module upgrade.