Bug 751889 - CVE-2011-4115 perl-Parallel-ForkManager: insecure temporary file usage [epel-6]
CVE-2011-4115 perl-Parallel-ForkManager: insecure temporary file usage [epel-6]
Status: NEW
Product: Fedora EPEL
Classification: Fedora
Component: perl-Parallel-ForkManager (Show other bugs)
el6
All Linux
low Severity low
: ---
: ---
Assigned To: marianne@tuxette.fr
Fedora Extras Quality Assurance
fst_owner=siddhesh
: Security, SecurityTracking
Depends On:
Blocks: CVE-2011-4115
  Show dependency treegraph
 
Reported: 2011-11-07 17:26 EST by Vincent Danen
Modified: 2016-03-31 19:17 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-11-07 17:26:22 EST
epel-6 tracking bug for perl-Parallel-ForkManager: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]
Comment 1 Siddhesh Poyarekar 2014-11-01 04:24:03 EDT
Upstream bug report indicates that this should be fixed in 1.0.0 and newer.  Is the fix going to be backported to epel6?
Comment 2 Jason Tibbitts 2016-03-31 19:17:37 EDT
I'm the Fedora maintainer of this module.  I didn't really want to get involved with the EPEL branches but I'm tired of looking at this security bug and it hapens to be assigned to someone who isn't involved with the package at all.

I'm going to reassign to jehane in the hopes that he has some interest in the el6 branch.  I'm not interested in doing backpports; the only thing I would do is to pull the current Fedora version down to the EPEL branches.  That isn't trivial because it now needs utf8::all which is in EPEL7 but not 6 or 5.

Note You need to log in before you can comment on or make changes to this bug.