Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Dateien in perl-Capture-Tiny
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in perl-Capture-Tiny
ID: FEDORA-2014-2321
Distribution: Fedora
Plattformen: Fedora 20
Datum: So, 23. Februar 2014, 10:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1875
Applikationen: perl-Capture-Tiny

Originalnachricht

Name        : perl-Capture-Tiny
Product : Fedora 20
Version : 0.24
Release : 1.fc20
URL : http://search.cpan.org/dist/Capture-Tiny/
Summary : Capture STDOUT and STDERR from Perl, XS or external programs
Description :
Capture::Tiny provides a simple, portable way to capture anything sent to
STDOUT or STDERR, regardless of whether it comes from Perl, from XS code or
from an external program. Optionally, output can be teed so that it is
captured while being passed through to the original handles. Yes, it even
works on Windows. Stop guessing which of a dozen capturing modules to use
in any particular situation and just use this one.

-------------------------------------------------------------------------------
-
Update Information:

This release fixes CVE-2014-1875 -- insecure temporary file usage.
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Feb 10 2014 Petr Šabata <contyk@redhat.com> - 0.24-1
- 0.24 bump, fix CVE-2014-1875
* Thu Oct 24 2013 Petr Šabata <contyk@redhat.com> - 0.23-1
- 0.23 bump
* Thu Sep 5 2013 Petr Šabata <contyk@redhat.com> - 0.22-4
- Avoid circular dependencies when bootstrapping (#1004376)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1062424 - CVE-2014-1875 perl-Capture-Tiny: insecure temporary file
usage
https://bugzilla.redhat.com/show_bug.cgi?id=1062424
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Capture-Tiny' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung