stable

perltidy-20170521-1.fc25

FEDORA-2017-a3c7d077c7 created by pghmcfc 6 years ago for Fedora 25

Cumulative bug-fix, enhancement and security update, including fix for CVE-2016-10374: perltidy relies on the current working directory for certain output files and did not have a symlink-attack protection mechanism, which allowed local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim could not delete.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-a3c7d077c7

This update has been submitted for testing by pghmcfc.

6 years ago

This update has been pushed to testing.

6 years ago
User Icon briangribble commented & provided feedback 6 years ago
karma

Working for me. Tested against #1452050 and ran through perltidy tutorial.

User Icon filiperosset commented & provided feedback 6 years ago
karma

no regressions noted

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

6 years ago

This update has been submitted for stable by pghmcfc.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1452050 CVE-2016-10374 perltidy: Uses current working directory without symlink-attack protection
0
0
BZ#1452051 CVE-2016-10374 perltidy: Uses current working directory without symlink-attack protection [fedora-all]
0
0
BZ#1453029 perltidy-20170521 is available
0
0

Automated Test Results