lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PIPdQ-0003uY-Pd@titan.mandriva.com>
Date: Tue, 16 Nov 2010 18:48:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2010:237 ] perl-CGI

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:237
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : perl-CGI
 Date    : November 16, 2010
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A new version of the CGI Perl module has been released to CPAN,
 which fixes several security bugs which directly affect Bugzilla
 (these two security bugs where first discovered as affecting Bugzilla,
 then identified as being bugs in CGI.pm itself).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been upgraded to perl-CGI 3.50 to solve
 these security issues.
 _______________________________________________________________________

 References:

 http://www.bugzilla.org/security/3.2.8/
 http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 54cece3ad5ca0d9a605acb06b4712dbe  2009.0/i586/perl-CGI-3.50-0.1mdv2009.0.noarch.rpm
 b1973045ea14cf9a8b1dc83ac8a4fde6  2009.0/i586/perl-CGI-Fast-3.50-0.1mdv2009.0.noarch.rpm 
 62127170b0a14878ce3abbe005cab32a  2009.0/SRPMS/perl-CGI-3.50-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 2037517b54e8d66f0723def93e517a98  2009.0/x86_64/perl-CGI-3.50-0.1mdv2009.0.noarch.rpm
 6d973b61b591423cc5a6cefc45e79246  2009.0/x86_64/perl-CGI-Fast-3.50-0.1mdv2009.0.noarch.rpm 
 62127170b0a14878ce3abbe005cab32a  2009.0/SRPMS/perl-CGI-3.50-0.1mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 9ce05f7633402cb6a4034c6904b2b1c8  2010.0/i586/perl-CGI-3.500.0-0.1mdv2010.0.noarch.rpm
 89d297ceeceaec673712990953d69c55  2010.0/i586/perl-CGI-Fast-3.500.0-0.1mdv2010.0.noarch.rpm 
 cf30d84a555bb43eec281632224fdebc  2010.0/SRPMS/perl-CGI-3.500.0-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 49ed79c77ef68d48764265f25e628720  2010.0/x86_64/perl-CGI-3.500.0-0.1mdv2010.0.noarch.rpm
 df6034c9f43698c09e2c39b7f74b97c7  2010.0/x86_64/perl-CGI-Fast-3.500.0-0.1mdv2010.0.noarch.rpm 
 cf30d84a555bb43eec281632224fdebc  2010.0/SRPMS/perl-CGI-3.500.0-0.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 aa106446efb83bb806133032ee27d8ed  2010.1/i586/perl-CGI-3.500.0-0.1mdv2010.1.noarch.rpm
 1cfde3769b9b04fc9c80eac20c8d52db  2010.1/i586/perl-CGI-Fast-3.500.0-0.1mdv2010.1.noarch.rpm 
 687a844f7fc927d1c00c963d4339b2fe  2010.1/SRPMS/perl-CGI-3.500.0-0.1mdv2010.1.src.rpm

 Mandriva Linux 2010.1/X86_64:
 b12af6b51121538c51243fd9dcd24262  2010.1/x86_64/perl-CGI-3.500.0-0.1mdv2010.1.noarch.rpm
 8638143729dea17fc546677d1e9ebae0  2010.1/x86_64/perl-CGI-Fast-3.500.0-0.1mdv2010.1.noarch.rpm 
 687a844f7fc927d1c00c963d4339b2fe  2010.1/SRPMS/perl-CGI-3.500.0-0.1mdv2010.1.src.rpm

 Corporate 4.0:
 56b0deb154ab35a724a8b7d3f6c95fac  corporate/4.0/i586/perl-CGI-3.50-0.1.20060mlcs4.noarch.rpm
 ff3f4ac61aa4586b956d328a923cc179  corporate/4.0/i586/perl-CGI-Fast-3.50-0.1.20060mlcs4.noarch.rpm 
 ba49f7da52a13223ac83910dd849f794  corporate/4.0/SRPMS/perl-CGI-3.50-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 50945ecb0af6e4a8c60a8440f75603ee  corporate/4.0/x86_64/perl-CGI-3.50-0.1.20060mlcs4.noarch.rpm
 0c778aebfef45e4387b43b83769e61a3  corporate/4.0/x86_64/perl-CGI-Fast-3.50-0.1.20060mlcs4.noarch.rpm 
 ba49f7da52a13223ac83910dd849f794  corporate/4.0/SRPMS/perl-CGI-3.50-0.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 a2a125c0033735e3ca343f2fae5fa963  mes5/i586/perl-CGI-3.50-0.1mdvmes5.1.noarch.rpm
 83befd3d04dbb1cbfe7f2cc80ac2ab68  mes5/i586/perl-CGI-Fast-3.50-0.1mdvmes5.1.noarch.rpm 
 68570870b628412f0c5597b5dca0dc7c  mes5/SRPMS/perl-CGI-3.50-0.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b3529e11d2034fc58fa661824d89bda0  mes5/x86_64/perl-CGI-3.50-0.1mdvmes5.1.noarch.rpm
 31b335a4ff312e234cf74775d0025826  mes5/x86_64/perl-CGI-Fast-3.50-0.1mdvmes5.1.noarch.rpm 
 68570870b628412f0c5597b5dca0dc7c  mes5/SRPMS/perl-CGI-3.50-0.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFM4pNpmqjQ0CJFipgRAmtrAKCTIC+iX+1dOrrpyEyhICQgIsUlSgCglsGg
+63HCTLteKPvspFlPbqx2Lk=
=RIbC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ