29242 – perl-Mojolicious new security issues fixed upstream in 9.19

Bug 29242 - perl-Mojolicious new security issues fixed upstream in 9.19

Summary: perl-Mojolicious new security issues fixed upstream in 9.19

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-07-09 18:06 CEST by David Walser
Modified:	2021-07-27 22:23 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	perl-Mojolicious-8.700.0-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-07-09 18:06:11 CEST

Fedora has issued an advisory today (July 9):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LLJACE25ITC4DPORQVHAWJ7E7EOYEQEV/

The issues are fixed upstream in 9.19.

David Walser 2021-07-09 18:06:24 CEST

Status comment: (none) => Patches available from Fedora

David Walser 2021-07-09 18:06:52 CEST

CC: (none) => mageia

Comment 1 Nicolas Lécureuil 2021-07-20 15:00:41 CEST

patches added to fix this issue.

src:
    - perl-Mojolicious-8.700.0-1.1.mga8

Assignee: thierry.vignaud => qa-bugs
Status comment: Patches available from Fedora => (none)

Comment 2 Aurelien Oudelet 2021-07-20 22:51:17 CEST

Advisory:
========================

Updated perl-Mojolicious package fix security vulnerabilities

This update backports some significant security fixes relating to session
security from the upstream 9.19 release.

See upstream references for more informations.

References:
 - https://bugs.mageia.org/show_bug.cgi?id=29242
 - https://github.com/mojolicious/mojo/pull/1791
 - https://github.com/mojolicious/mojo/commit/3f10b6af0271c4b5b589d2d9c31ea43c8e9087d6
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LLJACE25ITC4DPORQVHAWJ7E7EOYEQEV/
========================

Updated packages in core/updates_testing:
========================
perl-Mojolicious-8.700.0-1.1.mga8

from SRPM
perl-Mojolicious-8.700.0-1.1.mga8.src.rpm

CC: (none) => ouaurelien

Comment 3 Herman Viaene 2021-07-26 15:19:34 CEST

MGA8-64 Plasma on Lenovo B50
No installation issues.
This is a developers tool, so OK'ing on cclean install and no immediate malicious side affects on the system.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 4 Thomas Andrews 2021-07-27 03:59:25 CEST

Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Aurelien Oudelet 2021-07-27 20:53:05 CEST

Keywords: (none) => advisory

Comment 5 Mageia Robot 2021-07-27 22:23:41 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0383.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.