https://bugzilla.redhat.com/show_bug.cgi?id=2035341 Tomas Hoger <thoger@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2020-16154 |CVE-2020-16154 |perl-App-cpanminus: |perl-App-cpanminus: Bypass |signature verification |of verification of |bypass |signatures in CHECKSUMS | |files --- Comment #2 from Tomas Hoger <thoger@xxxxxxxxxx> --- Refer to bug 2035273 comment 2 for additional details about this issue. Bug 2035273 covers these problems in perl-CPAN / CPAN.pm, and App::cpanminus is affected in a similar way and hence the description of issues applies to both modules. The App::cpanminus module has not yet been fixed for this issue. Fixes were only applied to Menlo / Menlo-Legacy, which is a development version of the future cpanm version 2.0. Commit that corrects checking of the Module::Signature::_verify() return value: https://github.com/miyagawa/cpanminus/commit/98f43b64165a54e05ce25f9de09284ccb34f4776 Commit that adds support for the cpan_path attributed in CHECKSUMS files: https://github.com/miyagawa/cpanminus/commit/3c93db75ccbc75c813c7f12ea0301af20a265f65 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2035341 _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
