FEDORA-2018-ded377a782

security update in Fedora 28 for perl-Dancer2

Status: stable a year ago

Dancer2 0.206000 addresses several potential security issues.

There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE.

Parsing requests now uses HTTP::Entity::Parser which reduces the amount of code needed and does not require re-parsing the request body.

Comments 6

This update has been submitted for testing by eseyman.

a year ago

This update has been pushed to testing.

a year ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for batched by eseyman.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted a year ago
in testing a year ago
in stable a year ago

Related Bugs 1
00 #1569981 perl-Dancer2-0.206000 is available

Automated Test Results

Copyright © 2007-2019 Red Hat, Inc. and others.

Running bodhi-4.1.0 on bodhi-web-91-cdvdt.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Legal | Privacy policy