[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201410-02.xml - gentoo-commits

From:	"Tobias Heinlein (keytoaster)" <keytoaster@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201410-02.xml
Date:	Mon, 29 Dec 2014 20:06:21
Message-Id:	`20141229200618.6BC22E718@oystercatcher.gentoo.org`

1

keytoaster    14/12/29 20:06:18

2

3

  Modified:             glsa-201410-02.xml

4

  Log:

5

  Fixed capitalization in resolution instructions, reported by Olaf Krause.

6

7

Revision  Changes    Path

8

1.2                  xml/htdocs/security/en/glsa/glsa-201410-02.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml?rev=1.2&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml?rev=1.2&content-type=text/plain

12

diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml?r1=1.1&r2=1.2

13

14

Index: glsa-201410-02.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml,v

17

retrieving revision 1.1

18

retrieving revision 1.2

19

diff -u -r1.1 -r1.2

20

--- glsa-201410-02.xml	12 Oct 2014 08:04:57 -0000	1.1

21

+++ glsa-201410-02.xml	29 Dec 2014 20:06:18 -0000	1.2

22

@@ -4,13 +4,13 @@

23

 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

24

 <glsa id="201410-02">

25

   <title>Perl, Perl Locale-Maketext module: Multiple vulnerabilities</title>

26

-  <synopsis>Multiple vulnerabilities have been found in Perl Locale-Maketext

27

-    module, allowing remote attackers to inject and execute arbitrary Perl

28

-    code.

29

+  <synopsis>Multiple vulnerabilities have been found in the Perl

30

+    Locale-Maketext module, allowing remote attackers to inject and execute

31

+    arbitrary Perl code.

32

   </synopsis>

33

   <product type="ebuild">Locale-Maketext</product>

34

   <announced>October 12, 2014</announced>

35

-  <revised>October 12, 2014: 1</revised>

36

+  <revised>December 29, 2014: 2</revised>

37

   <bug>446376</bug>

38

   <access>remote</access>

39

   <affected>

40

@@ -27,42 +27,40 @@

41

     <p>Locale-Maketext - Perl framework for localization</p>

42

   </background>

43

   <description>

44

-    <p>Two vulnerabilities have been reported in Locale-Maketext module for

45

-      Perl, which can be exploited 

46

-      by malicious users to compromise an application using the module.

47

+    <p>Two vulnerabilities have been reported in the Locale-Maketext module for

48

+      Perl, which can be exploited by malicious users to compromise an

49

+      application using the module.

50

     </p>

51

52

     <p>The vulnerabilities are caused due to the “_compile()” function not

53

-      properly sanitising input, 

54

-      which can be exploited to inject and execute arbitrary Perl code.

55

+      properly sanitising input, which can be exploited to inject and execute

56

+      arbitrary Perl code.

57

     </p>

58

   </description>

59

   <impact type="normal">

60

-    <p>A remote attacker could possibly execute

61

-      arbitrary code with the privileges of the process, or cause a Denial of

62

-      Service condition.

63

+    <p>A remote attacker could possibly execute arbitrary code with the

64

+      privileges of the process, or cause a Denial of Service condition.

65

     </p>

66

   </impact>

67

   <workaround>

68

     <p>There is no known workaround at this time.</p>

69

   </workaround>

70

   <resolution>

71

-    <p>All users of the Perl Locale-Maketext module should upgrade to the

72

-      latest version:

73

+    <p>All users of the Locale-Maketext module should upgrade to the latest

74

+      version:

75

     </p>

76

77

     <code>

78

       # emerge --sync

79

       # emerge --ask --oneshot --verbose

80

-      "&gt;=perl-core/locale-maketext-1.230.0"

81

+      "&gt;=perl-core/Locale-Maketext-1.230.0"

82

     </code>

83

-

84

   </resolution>

85

   <references>

86

     <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6329">CVE-2012-6329</uri>

87

   </references>

88

   <metadata tag="requester" timestamp="Tue, 01 Jan 2013 20:38:14 +0000">ackle</metadata>

89

-  <metadata tag="submitter" timestamp="Sun, 12 Oct 2014 08:04:05 +0000">

90

+  <metadata tag="submitter" timestamp="Mon, 29 Dec 2014 20:02:06 +0000">

91

     pinkbyte

92

   </metadata>

93

 </glsa>

1	keytoaster 14/12/29 20:06:18
2
3	Modified: glsa-201410-02.xml
4	Log:
5	Fixed capitalization in resolution instructions, reported by Olaf Krause.
6
7	Revision Changes Path
8	1.2 xml/htdocs/security/en/glsa/glsa-201410-02.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml?rev=1.2&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml?rev=1.2&content-type=text/plain
12	diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml?r1=1.1&r2=1.2
13
14	Index: glsa-201410-02.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/glsa/glsa-201410-02.xml,v
17	retrieving revision 1.1
18	retrieving revision 1.2
19	diff -u -r1.1 -r1.2
20	--- glsa-201410-02.xml 12 Oct 2014 08:04:57 -0000 1.1
21	+++ glsa-201410-02.xml 29 Dec 2014 20:06:18 -0000 1.2
22	@@ -4,13 +4,13 @@
23	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
24	<glsa id="201410-02">
25	<title>Perl, Perl Locale-Maketext module: Multiple vulnerabilities</title>
26	- <synopsis>Multiple vulnerabilities have been found in Perl Locale-Maketext
27	- module, allowing remote attackers to inject and execute arbitrary Perl
28	- code.
29	+ <synopsis>Multiple vulnerabilities have been found in the Perl
30	+ Locale-Maketext module, allowing remote attackers to inject and execute
31	+ arbitrary Perl code.
32	</synopsis>
33	<product type="ebuild">Locale-Maketext</product>
34	<announced>October 12, 2014</announced>
35	- <revised>October 12, 2014: 1</revised>
36	+ <revised>December 29, 2014: 2</revised>
37	<bug>446376</bug>
38	<access>remote</access>
39	<affected>
40	@@ -27,42 +27,40 @@
41	<p>Locale-Maketext - Perl framework for localization</p>
42	</background>
43	<description>
44	- <p>Two vulnerabilities have been reported in Locale-Maketext module for
45	- Perl, which can be exploited
46	- by malicious users to compromise an application using the module.
47	+ <p>Two vulnerabilities have been reported in the Locale-Maketext module for
48	+ Perl, which can be exploited by malicious users to compromise an
49	+ application using the module.
50	</p>
51
52	<p>The vulnerabilities are caused due to the “_compile()” function not
53	- properly sanitising input,
54	- which can be exploited to inject and execute arbitrary Perl code.
55	+ properly sanitising input, which can be exploited to inject and execute
56	+ arbitrary Perl code.
57	</p>
58	</description>
59	<impact type="normal">
60	- <p>A remote attacker could possibly execute
61	- arbitrary code with the privileges of the process, or cause a Denial of
62	- Service condition.
63	+ <p>A remote attacker could possibly execute arbitrary code with the
64	+ privileges of the process, or cause a Denial of Service condition.
65	</p>
66	</impact>
67	<workaround>
68	<p>There is no known workaround at this time.</p>
69	</workaround>
70	<resolution>
71	- <p>All users of the Perl Locale-Maketext module should upgrade to the
72	- latest version:
73	+ <p>All users of the Locale-Maketext module should upgrade to the latest
74	+ version:
75	</p>
76
77	<code>
78	# emerge --sync
79	# emerge --ask --oneshot --verbose
80	- ">=perl-core/locale-maketext-1.230.0"
81	+ ">=perl-core/Locale-Maketext-1.230.0"
82	</code>
83	-
84	</resolution>
85	<references>
86	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6329">CVE-2012-6329</uri>
87	</references>
88	<metadata tag="requester" timestamp="Tue, 01 Jan 2013 20:38:14 +0000">ackle</metadata>
89	- <metadata tag="submitter" timestamp="Sun, 12 Oct 2014 08:04:05 +0000">
90	+ <metadata tag="submitter" timestamp="Mon, 29 Dec 2014 20:02:06 +0000">
91	pinkbyte
92	</metadata>
93	</glsa>

Gentoo Archives: gentoo-commits