Bug 528608 - current perl-Net-OAuth does not support OAuth 1.0a
Summary: current perl-Net-OAuth does not support OAuth 1.0a
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: perl-Net-OAuth
Version: 11
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL: http://oauth.net/advisories/2009-1
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-10-13 04:03 UTC by Ken Dreyer
Modified: 2009-10-16 19:35 UTC (History)
1 user (show)

Fixed In Version: 0.19-1.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-15 22:35:24 UTC
Type: ---


Attachments (Terms of Use)

Description Ken Dreyer 2009-10-13 04:03:50 UTC
Fedora 11 has version 0.14 of perl-Net-OAuth. This version only supports OAuth 1.0, which is vulnerable to a session fixation attack (details at the URL above). Upstream Net::OAuth implemented OAuth 1.0A in 0.16; the latest Net::OAuth is 0.19.

Comment 1 Fedora Update System 2009-10-13 14:00:43 UTC
perl-Net-OAuth-0.19-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/perl-Net-OAuth-0.19-1.fc10

Comment 2 Fedora Update System 2009-10-13 14:00:45 UTC
perl-Net-OAuth-0.19-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/perl-Net-OAuth-0.19-1.el5

Comment 3 Fedora Update System 2009-10-13 14:00:54 UTC
perl-Net-OAuth-0.19-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/perl-Net-OAuth-0.19-1.fc12

Comment 4 Ken Dreyer 2009-10-13 19:50:52 UTC
Weird, looks like the Fedora updates system didn't post the fc11 package link here...

At any rate, I've tested both the fc11 and fc12 packages from koji on my Fedora 11 box, and they both work well.

Comment 5 Fedora Update System 2009-10-15 22:35:20 UTC
perl-Net-OAuth-0.19-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2009-10-15 22:40:39 UTC
perl-Net-OAuth-0.19-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2009-10-16 19:35:49 UTC
perl-Net-OAuth-0.19-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.