[ubuntu/kinetic-security] perl 5.34.0-5ubuntu1.1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Mon Nov 28 16:51:43 UTC 2022
perl (5.34.0-5ubuntu1.1) kinetic-security; urgency=medium
* SECURITY UPDATE: Signature verification bypass
- debian/patches/CVE-2020-16156-1.patch: signature
verification type CANNOT_VERIFY was not recognized
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debia/patches/CVE-2020-16156-2.patch: add two new failure modes
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-3.patch: use gpg
to disentangle data and signature in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-4.patch: replacing die with mydie in
three spots in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-5.patch: disambiguate the call
to gpg --output by adding --verify in
cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-6.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- debian/patches/CVE-2020-16156-7.patch: corrects typo
in cpan/CPAN/lib/CPAN/Distribution.pm.
- CVE-2020-16156
Date: 2022-11-24 16:45:09.705837+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/perl/5.34.0-5ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list