Fedora has issued an advisory today (February 9): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/ The issue is fixed upstream in 1.7045. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 1.7045
'cpanminus' has no maintainer, so having to assign this update globally.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated package fixes a security vulnerability: The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. (CVE-2020-16154) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16154 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/ ======================== Updated package in core/updates_testing: ======================== cpanminus-1.704.500-1.mga8 from SRPM: cpanminus-1.704.500-1.mga8.src.rpm
Status comment: Fixed upstream in 1.7045 => (none)Status: NEW => ASSIGNEDCVE: (none) => CVE-2020-16154Version: Cauldron => 8Assignee: pkg-bugs => qa-bugsWhiteboard: MGA8TOO => (none)CC: (none) => nicolas.salguero
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. No wiki, no previous updates. Googling I found https://mvp.kablamo.org/dependencies/cpanm/ (and noticed in the mean time, I've been fiddling around with cpan some tile before in other updates). So tried $ cpanm --help Usage: cpanm [options] Module [...] Options: -v,--verbose Turns on chatty output -q,--quiet Turns off the most output --interactive Turns on interactive configure (required for Task:: modules) -f,--force force install -n,--notest Do not run unit tests --test-only Run tests only, do not install -S,--sudo sudo to run install commands and more ..... from the site i took the example: $ cpanm URI ! ! Can't write to /usr/local/share/perl5/5.32 and /usr/local/bin: Installing modules to /home/tester8/perl5 ! To turn off this warning, you have to do one of the following: ! - run me as a root or with --sudo option (to install to /usr/local/share/perl5/5.32 and /usr/local/bin) ! - Configure local::lib in your existing shell to set PERL_MM_OPT etc. ! - Install local::lib by running the following commands ! ! cpanm --local-lib=~/perl5 local::lib && eval $(perl -I ~/perl5/lib/perl5/ -Mlocal::lib) ! --> Working on URI Fetching http://www.cpan.org/authors/id/O/OA/OALDERS/URI-5.10.tar.gz ... OK Configuring URI-5.10 ... OK ==> Found dependencies: Test::Needs --> Working on Test::Needs Fetching http://www.cpan.org/authors/id/H/HA/HAARG/Test-Needs-0.002009.tar.gz ... OK Configuring Test-Needs-0.002009 ... OK Building and testing Test-Needs-0.002009 ... OK Successfully installed Test-Needs-0.002009 Building and testing URI-5.10 ... OK Successfully installed URI-5.10 (upgraded from 5.05) 2 distributions installed And to me it looks as it works OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0078.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED