Sicherheit: Unsichere Verwendung temporärer Dateien in perl-Capture-Tiny
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in perl-Capture-Tiny
ID: FEDORA-2014-2261
Distribution: Fedora
Plattformen: Fedora 19
Datum: So, 23. Februar 2014, 10:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1875
Applikationen: perl-Capture-Tiny


Name        : perl-Capture-Tiny
Product : Fedora 19
Version : 0.24
Release : 1.fc19
URL : http://search.cpan.org/dist/Capture-Tiny/
Summary : Capture STDOUT and STDERR from Perl, XS or external programs
Description :
Capture::Tiny provides a simple, portable way to capture anything sent to
STDOUT or STDERR, regardless of whether it comes from Perl, from XS code or
from an external program. Optionally, output can be teed so that it is
captured while being passed through to the original handles. Yes, it even
works on Windows. Stop guessing which of a dozen capturing modules to use
in any particular situation and just use this one.

Update Information:

This release fixes CVE-2014-1875 -- insecure temporary file usage.

* Mon Feb 10 2014 Petr Šabata <contyk@redhat.com> - 0.24-1
- 0.24 bump, fix CVE-2014-1875
* Thu Oct 24 2013 Petr Šabata <contyk@redhat.com> - 0.23-1
- 0.23 bump
* Thu Sep 5 2013 Petr Šabata <contyk@redhat.com> - 0.22-4
- Avoid circular dependencies when bootstrapping (#1004376)
* Sat Aug 3 2013 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 0.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Jul 23 2013 Petr Pisar <ppisar@redhat.com> - 0.22-2
- Perl 5.18 rebuild

[ 1 ] Bug #1062424 - CVE-2014-1875 perl-Capture-Tiny: insecure temporary file

This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Capture-Tiny' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Unterstützer werden
Neue Nachrichten