https://bugzilla.redhat.com/show_bug.cgi?id=1209917
Bug ID: 1209917
Summary: perl-Module-Signature: arbitrary code execution when
verifying module signatures
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com, pertusus(a)free.fr
Module::Signature before version 0.75 used two argument open() calls to read
the files when generating checksums from the signed manifest. This allowed
embedding arbitrary shell commands into the SIGNATURE file that would execute
during the signature verification process.
Upstream fix:
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5a…
CVE request: http://seclists.org/oss-sec/2015/q2/59
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1209911
Bug ID: 1209911
Summary: perl-Module-Signature: unsigned files interpreted as
signed in some circumstances
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org,
perl-maint-list(a)redhat.com, pertusus(a)free.fr
Module::Signature before version 0.75 could be tricked into interpreting the
unsigned portion of a SIGNATURE file as the signed portion due to faulty
parsing of the PGP signature boundaries.
Upstream fix:
https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5a…
CVE request: http://seclists.org/oss-sec/2015/q2/59
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=860445
Bug ID: 860445
QA Contact: extras-qa(a)fedoraproject.org
Severity: unspecified
Version: rawhide
Priority: unspecified
CC: david.hannequin(a)gmail.com,
perl-devel(a)lists.fedoraproject.org
Assignee: david.hannequin(a)gmail.com
Summary: RFE - please maintain perl-Curses-UI for EPEL
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: admiller(a)redhat.com
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: perl-Curses-UI
Product: Fedora
I would like to request perl-Curses-UI be maintained within EPEL, if you would
prefer not to then I would happily do so.
Thank you,
-AdamM
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1265702
Bug ID: 1265702
Summary: Upgrade perl-Encode-JISX0213 to 0.04
Product: Fedora
Version: rawhide
Component: perl-Encode-JISX0213
Keywords: FutureFeature
Assignee: ppisar(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com
Latest Fedora delivers 0.03 version. Upstream released 0.04. Please upgrade.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1222327
Bug ID: 1222327
Summary: bugzilla-4.2.13-1.fc20: invalid utf-8 emails
Product: Fedora
Version: 20
Component: bugzilla
Assignee: itamar(a)ispbrasil.com.br
Reporter: dushistov(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bazanluis20(a)gmail.com, emmanuel(a)seyman.fr,
itamar(a)ispbrasil.com.br,
perl-devel(a)lists.fedoraproject.org
Created attachment 1026475
--> https://bugzilla.redhat.com/attachment.cgi?id=1026475&action=edit
patch to fix problem
Description of problem:
I set preference of bugzilla to send email notifications in utf-8 encoding.
But in email that send bugzilla to me, was just:
"Content-Type: text/plain" and "Content-Type: text/html"
no note about encoding, so email client do not show message
at all.
Version-Release number of selected component (if applicable):
bugzilla-4.2.13-1.fc20.noarch
How reproducible:
Steps to Reproduce:
1. set utf-8 preference
2. create bug and submit update with not English letters
3.
Actual results:
email notification is useless in bugzilla
Expected results:
I can see content of emails that send bugzilla to me.
Additional info:
I fixed this problem by patch (see attachment),
part of it I borrow from trunk/master of bugzilla.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1265601
Bug ID: 1265601
Summary: Biber crashes on unicode characters
Product: Fedora
Version: 22
Component: biber
Assignee: cbm(a)m.fsf.org
Reporter: gregoire(a)fripost.org
QA Contact: extras-qa(a)fedoraproject.org
CC: cbm(a)m.fsf.org, mefoster(a)gmail.com,
novyjindrich(a)gmail.com,
perl-devel(a)lists.fedoraproject.org
Created attachment 1076155
--> https://bugzilla.redhat.com/attachment.cgi?id=1076155&action=edit
Bib file that shows the problem
Description of problem:
If some unicode characters are present in the .bib file, biber crashes without
explanation.
Version-Release number of selected component (if applicable):
biber 1.8
How reproducible:
Easy
Steps to Reproduce:
1. Save attached test.bib somewhere
2. run biber --tool bad.bib
Actual results:
biber stops with exitcode 25 after logging "INFO - Found BibTeX data source
'bad.bib'" and the generated bad_bibertool.bib is empty
Expected results:
Biber should finish without error and the output file should contain the entry.
Using the attached good.bib works, where only the unicode charaters have been
removed.
Additional info:
The same thing happens if biber is not run in --tool mode but in the process of
building a document with latex.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1271121
Bug ID: 1271121
Summary: Upgrade perl-Starlet to 0.26
Product: Fedora
Version: rawhide
Component: perl-Starlet
Keywords: FutureFeature
Assignee: rc040203(a)freenet.de
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
rc040203(a)freenet.de
Latest Fedora delivers 0.25 version. Upstream released 0.26. Please upgrade.
Also please enable release monitoring service to receive notification about
future releases.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1271117
Bug ID: 1271117
Summary: Upgrade perl-HTML-Format to 2.12
Product: Fedora
Version: rawhide
Component: perl-HTML-Format
Keywords: FutureFeature
Assignee: rc040203(a)freenet.de
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: lxtnow(a)gmail.com, perl-devel(a)lists.fedoraproject.org,
rc040203(a)freenet.de
Latest Fedora delivers 2.11 version. Upstream release 2.12. Please upgrade.
Also please enable release monitoring service to receive notifications about
future releases.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1265701
Bug ID: 1265701
Summary: Upgrade perl-Encode-JIS2K to 0.03
Product: Fedora
Version: rawhide
Component: perl-Encode-JIS2K
Keywords: FutureFeature
Assignee: xavier(a)bachelot.org
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
xavier(a)bachelot.org
Latest Fedora delivers 0.02 version. Upstream released 0.03. Please upgrade.
Also please enable release monitoring service to receive notifications about
future releases.
--
You are receiving this mail because:
You are on the CC list for the bug.