commit b3932dae9785b9d18efb09f0636bedb23470c5fa Author: Tom Callaway <spot@xxxxxxxxxxxxxxxxx> Date: Fri May 11 16:52:15 2012 -0400 2.72, fix CVE-2012-2451 perl-Config-IniFiles.spec | 13 +++++++++++-- sources | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) --- diff --git a/perl-Config-IniFiles.spec b/perl-Config-IniFiles.spec index 3356b29..2301d9a 100644 --- a/perl-Config-IniFiles.spec +++ b/perl-Config-IniFiles.spec @@ -1,6 +1,6 @@ Name: perl-Config-IniFiles -Version: 2.68 -Release: 3%{?dist} +Version: 2.72 +Release: 1%{?dist} Summary: A module for reading .ini-style configuration files Group: Development/Libraries @@ -12,6 +12,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: perl(Module::Build::Compat) BuildRequires: perl(ExtUtils::MakeMaker) BuildRequires: perl(Test::More) +BuildRequires: perl(List::MoreUtils) BuildArch: noarch Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) # Not autodetected. Found in lib/Config/IniFiles.pm:2265 @@ -56,6 +57,14 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri May 11 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.72-1 +- update to 2.72 +- notable fix: SECURITY BUG FIX: Config::IniFiles used to write + to a temporary filename with a predictable name + ("${filename}-new") which opens the door for potential + exploits. + Fixes CVE-2012-2451 + * Tue Feb 21 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.68-3 - add missing Requires: perl(IO::Scalar) >= 2.109 (bz 791078) diff --git a/sources b/sources index 7d20be9..5a15349 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c860f04b2d7d3cb0cc462ed896112c62 Config-IniFiles-2.68.tar.gz +513d01cf4945e9b1faccc80e153bd27e Config-IniFiles-2.72.tar.gz -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel