FEDORA-2018-ded377a782 created by eseyman 2 years ago for Fedora 28
stable

Dancer2 0.206000 addresses several potential security issues.

There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE.

Parsing requests now uses HTTP::Entity::Parser which reduces the amount of code needed and does not require re-parsing the request body.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-ded377a782

This update has been submitted for testing by eseyman.

2 years ago

This update has been pushed to testing.

2 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for batched by eseyman.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1569981 perl-Dancer2-0.206000 is available
0
0

Automated Test Results