UbuntuUpdates.org

Package "libmodule-signature-perl"

Name: libmodule-signature-perl

Description:

module to manipulate CPAN SIGNATURE files
Latest version: 0.68-1ubuntu0.12.04.2
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://search.cpan.org/dist/Module-Signature/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libmodule-signature-perl"

All arch deb package
APT INSTALL

Other versions of "libmodule-signature-perl" in Precise

Repository Area Version
base main 0.68-1
security main 0.68-1ubuntu0.12.04.2

Changelog

Version: 0.68-1ubuntu0.12.04.2 2015-05-12 14:06:32 UTC

  libmodule-signature-perl (0.68-1ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution and incorrect signature
    verification
    - debian/patches/CVE-2015-340x.patch: properly handle temp files and
      headers in lib/Module/Signature.pm, Makefile.PL.
    - debian/patches/CVE-2015-3409.patch: don't load modules from relative
      paths in lib/Module/Signature.pm.
    - CVE-2015-3406
    - CVE-2015-3407
    - CVE-2015-3408
    - CVE-2015-3409
 -- Marc Deslauriers <email address hidden> Fri, 24 Apr 2015 12:02:12 -0400
Source diff to previous version
CVE-2015-3409 arbitrary modules loading in some circumstances
CVE-2015-3406 unsigned files interpreted as signed in some circumstances
CVE-2015-3407 arbitrary code execution during test phase
CVE-2015-3408 arbitrary code execution when verifying module signatures

Version: 0.68-1ubuntu0.12.04.1 2013-07-03 14:07:07 UTC

  libmodule-signature-perl (0.68-1ubuntu0.12.04.1) precise-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution during signature verification
    - debian/patches/CVE-2013-2145.patch: validate paths and algorithm
      names in lib/Module/Signature.pm.
    - CVE-2013-2145
 -- Marc Deslauriers <email address hidden> Fri, 07 Jun 2013 10:42:35 -0400
CVE-2013-2145 arbitrary code execution when verifying SIGNATURE


About   -   Send Feedback to @ubuntu_updates