https://bugzilla.redhat.com/show_bug.cgi?id=1669573
Bug ID: 1669573
Summary: perl-Text-Table-Tiny-0.05 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-Text-Table-Tiny
Keywords: FutureFeature, Triaged
Assignee: ddick(a)cpan.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: ddick(a)cpan.org, perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 0.05
Current version/release in rawhide: 0.04-9.fc29
URL: http://search.cpan.org/dist/Text-Table-Tiny/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/3450/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1669765
Bug ID: 1669765
Summary: perl-Nmap-Parser-1.37 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-Nmap-Parser
Keywords: FutureFeature, Triaged
Assignee: jplesnik(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: iarnell(a)gmail.com, jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org,
sindrepb(a)fedoraproject.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.37
Current version/release in rawhide: 1.36-5.fc29
URL: http://search.cpan.org/dist/Nmap-Parser/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/12747/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1669732
Bug ID: 1669732
Summary: perl-Verilog-Perl-3.460 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-Verilog-Perl
Keywords: FutureFeature, Triaged
Assignee: jplesnik(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: chitlesh(a)gmail.com, jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 3.460
Current version/release in rawhide: 3.458-1.fc30
URL: http://search.cpan.org/dist/Verilog-Perl/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/3494/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1654923
Paul Harvey <pharvey(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2018-18314 perl: |CVE-2018-18314 perl:
|Heap-based buffer overflow |Heap-based buffer overflow
|[fedora-all] |in S_regatom() [fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1646751
Paul Harvey <pharvey(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|1129,reported=20181105,sour |1129,reported=20181105,sour
|ce=upstream,cvss3=7.0/CVSS: |ce=upstream,cvss3=7.0/CVSS:
|3.0/AV:N/AC:H/PR:N/UI:N/S:U |3.0/AV:N/AC:H/PR:N/UI:N/S:U
|/C:L/I:L/A:H,cwe=CWE-122,rh |/C:L/I:L/A:H,cwe=CWE-122,rh
|el-6/perl=notaffected,opens |el-6/perl=notaffected,opens
|hift-enterprise-3/perl=new, |hift-enterprise-3/perl=nota
|fedora-all/perl=affected,rh |ffected,fedora-all/perl=aff
|el-5/perl=notaffected,rhel- |ected,rhel-5/perl=notaffect
|7/perl=notaffected,openshif |ed,rhel-7/perl=notaffected,
|t-online-3/perl=new,rhel-8/ |openshift-online-3/perl=not
|perl=affected,rhscl-3/rh-pe |affected,rhel-8/perl=affect
|rl526-perl=affected,rhscl-3 |ed,rhscl-3/rh-perl526-perl=
|/rh-perl524-perl=affected,r |affected,rhscl-3/rh-perl524
|hel-8/perl:5.24/perl=affect |-perl=affected,rhel-8/perl:
|ed |5.24/perl=affected
--- Comment #11 from Paul Harvey <pharvey(a)redhat.com> ---
openshift-enterprise-3: notaffected. I reviewed OpenShift containers for
applications with dependencies on perl and was unable to identify any where the
perl interpreter would be exposed to attacker-controlled regular expressions
which could expose this flaw. There is a perl dependency in our MariaDB
packaging, however the only non-test related perl usage is in a backup script
(mysqlhotcopy) which is not exposed to attacker-controlled regular expressions.
I have not filed trackers as these images will inherit the existing perl fixes
next time they are respun. See also https://access.redhat.com/articles/2803031
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1654921
Paul Harvey <pharvey(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2018-18313 perl: |CVE-2018-18313 perl:
|Heap-buffer-overflow read |Heap-based buffer read
|in regcomp.c [fedora-all] |overflow in
| |S_grok_bslash_N()
| |[fedora-all]
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1646738
Paul Harvey <pharvey(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=low,public=20181129, |impact=low,public=20181129,
|reported=20181105,source=up |reported=20181105,source=up
|stream,cvss3=6.5/CVSS:3.0/A |stream,cvss3=6.5/CVSS:3.0/A
|V:N/AC:H/PR:N/UI:N/S:U/C:L/ |V:N/AC:H/PR:N/UI:N/S:U/C:L/
|I:N/A:H,cwe=CWE-125,rhel-6/ |I:N/A:H,cwe=CWE-125,rhel-6/
|perl=notaffected,openshift- |perl=notaffected,openshift-
|enterprise-3/perl=new,fedor |enterprise-3/perl=notaffect
|a-all/perl=affected,rhel-5/ |ed,fedora-all/perl=affected
|perl=notaffected,rhel-7/per |,rhel-5/perl=notaffected,rh
|l=notaffected,openshift-onl |el-7/perl=notaffected,opens
|ine-3/perl=new,rhel-8/perl= |hift-online-3/perl=notaffec
|affected,rhscl-3/rh-perl526 |ted,rhel-8/perl=affected,rh
|-perl=affected,rhscl-3/rh-p |scl-3/rh-perl526-perl=affec
|erl524-perl=affected,rhel-8 |ted,rhscl-3/rh-perl524-perl
|/perl:5.24/perl=affected |=affected,rhel-8/perl:5.24/
| |perl=affected
--- Comment #11 from Paul Harvey <pharvey(a)redhat.com> ---
openshift-enterprise-3: notaffected. I reviewed OpenShift containers for
applications with dependencies on perl and was unable to identify any where the
perl interpreter would be exposed to attacker-controlled regular expressions
which could expose this flaw. There is a perl dependency in our MariaDB
packaging, however the only non-test related perl usage is in a backup script
(mysqlhotcopy) which is not exposed to attacker-controlled regular expressions.
I have not filed trackers as these images will inherit the existing perl fixes
next time they are respun. See also https://access.redhat.com/articles/2803031
--
You are receiving this mail because:
You are on the CC list for the bug.