13340 – perl-libwww-perl new security issue CVE-2014-3230

Bug 13340 - perl-libwww-perl new security issue CVE-2014-3230

Summary: perl-libwww-perl new security issue CVE-2014-3230

Status:	RESOLVED DUPLICATE of bug 13425

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Jerome Quelin
QA Contact:	Sec team

URL:
Whiteboard:	MGA4TOO, MGA3TOO
Keywords:

Depends on:
Blocks:

Reported:	2014-05-07 21:20 CEST by David Walser
Modified:	2014-06-02 15:34 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	perl-libwww-perl-6.60.0-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2014-05-07 21:20:41 CEST

A CVE has been assigned for a security issue in libwww-perl:
http://openwall.com/lists/oss-security/2014/05/06/8

Apparently it's still under investigation upstream, and more CVEs may be allocated in the future in relation to this.

Mageia 3 and Mageia 4 are also affected (issues present since 6.04).

Reproducible: 

Steps to Reproduce:

David Walser 2014-05-07 21:20:48 CEST

Whiteboard: (none) => MGA4TOO, MGA3TOO

Comment 1 Jerome Quelin 2014-06-02 15:34:14 CEST

It seems to be the same as 13425 (pointing to same upstream commit message)

*** This bug has been marked as a duplicate of bug 13425 ***

Status: NEW => RESOLVED
CC: (none) => jquelin
Resolution: (none) => DUPLICATE

Note You need to log in before you can comment on or make changes to this bug.