[SECURITY] Fedora 10 Update: perl-IO-Socket-SSL-1.26-1.fc10

updates at fedoraproject.org updates at fedoraproject.org
Sun Jul 19 10:38:35 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-7544
2009-07-11 02:42:24
--------------------------------------------------------------------------------

Name        : perl-IO-Socket-SSL
Product     : Fedora 10
Version     : 1.26
Release     : 1.fc10
URL         : http://search.cpan.org/dist/IO-Socket-SSL/
Summary     : Perl library for transparent SSL
Description :
This module is a true drop-in replacement for IO::Socket::INET that
uses SSL to encrypt data before it is transferred to a remote server
or client. IO::Socket::SSL supports all the extra features that one
needs to write a full-featured SSL client or server application:
multiple SSL contexts, cipher selection, certificate verification, and
SSL version selection. As an extra bonus, it works perfectly with
mod_perl.

--------------------------------------------------------------------------------
Update Information:

This update to version 1.26 fixes an issue where only the prefix of the hostname
was checked if there was no wildcard present, so for example www.example.org
would match a certificate starting with www.exam.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul  4 2009 Paul Howarth <paul at city-fan.org> - 1.26-1
- Update to 1.26 (verify_hostname_of_cert matched only the prefix for the
  hostname when no wildcard was given, e.g. www.example.org matched against a
  certificate with name www.exam in it)
* Fri Jul  3 2009 Paul Howarth <paul at city-fan.org> - 1.25-1
- Update to 1.25 (fix t/nonblock.t for OS X 10.5 - CPAN RT#47240)
* Thu Apr  2 2009 Paul Howarth <paul at city-fan.org> - 1.24-1
- Update to 1.24 (add verify hostname scheme ftp, same as http)
* Wed Feb 25 2009 Paul Howarth <paul at city-fan.org> - 1.23-1
- Update to 1.23 (complain when no certificates are provided)
* Sat Jan 24 2009 Paul Howarth <paul at city-fan.org> - 1.22-1
- Update to latest upstream version: 1.22
* Thu Jan 22 2009 Paul Howarth <paul at city-fan.org> - 1.20-1
- Update to latest upstream version: 1.20
* Tue Nov 18 2008 Paul Howarth <paul at city-fan.org> - 1.18-1
- Update to latest upstream version: 1.18
- BR: perl(IO::Socket::INET6) for extra test coverage
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #509819 - perl-IO-Socket-SSL: incorrect checking of certificate hostnames
        https://bugzilla.redhat.com/show_bug.cgi?id=509819
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl-IO-Socket-SSL' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the package-announce mailing list