https://bugzilla.redhat.com/show_bug.cgi?id=2230255 Jitka Plesnikova <jplesnik@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Doc Type|--- |If docs needed, set a value Resolution|--- |NOTABUG Status|NEW |CLOSED Last Closed| |2023-08-09 08:52:46 --- Comment #3 from Jitka Plesnikova <jplesnik@xxxxxxxxxx> --- The new dependencies were added for fix of CVE-2023-31486 in version 0.083. 0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE) [!!! SECURITY !!!] - Changes the `verify_SSL` default parameter from `0` to `1`. Fixes CVE-2023-31486. - `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to restore the old default if required. perl(IO::Socket::SSL), perl(Mozilla::CA) and perl(Net::SSLeay) was changed from recommends to requires to have SSL support available since `verify_SSL` is true. I should update the dependencies when I updated perl-HTTP-Tiny to 0.084 but I forgot. So, that is the reason, why I did it now. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2230255 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202230255%23c3 _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/perl-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
