[SECURITY] Fedora 18 Update: perl-Module-Metadata-1.000015-1.fc18
updates at fedoraproject.org
updates at fedoraproject.org
Fri Aug 30 22:57:49 UTC 2013
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-15157
2013-08-22 22:35:29
--------------------------------------------------------------------------------
Name : perl-Module-Metadata
Product : Fedora 18
Version : 1.000015
Release : 1.fc18
URL : http://search.cpan.org/dist/Module-Metadata/
Summary : Gather package and POD information from perl module files
Description :
This module provides a standard way to gather metadata about a .pm file
without executing unsafe code.
--------------------------------------------------------------------------------
Update Information:
This update clarifies the module's documentation about the code it executes, i.e. it does "eval" a module to determine its version number. Previously it said that it did not execute unsafe code.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 21 2013 Paul Howarth <paul at city-fan.org> - 1.000015-1
- Update to 1.000015
- Change wording about safety/security to satisfy CVE-2013-1437
* Wed Aug 14 2013 Jitka Plesnikova <jplesnik at redhat.com> - 1.000014-4
- Perl 5.18 re-rebuild of bootstrapped packages
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.000014-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jul 12 2013 Petr Pisar <ppisar at redhat.com> - 1.000014-2
- Perl 5.18 rebuild
* Thu May 9 2013 Paul Howarth <paul at city-fan.org> - 1.000014-1
- Update to 1.000014
- Fix reliance on recent Test::Builder
- Make tests perl 5.6 compatible
- This release by BOBTFISH -> update source URL
* Sun May 5 2013 Paul Howarth <paul at city-fan.org> - 1.000012-1
- Update to 1.000012
- Improved package detection heuristics
- Fix ->contains_pod (CPAN RT#84932)
- Fix detection of pod after __END__ (CPAN RT#79656)
- This release by ETHER -> update source URL
- Package new upstream README file
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.000011-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #996281 - CVE-2013-1437 perl-Module-Metadata: incorrectly documents that it does not execute unsafe code
https://bugzilla.redhat.com/show_bug.cgi?id=996281
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Module-Metadata' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list