[Secure-testing-team] Bug#711239: libmodule-signature-perl: CVE-2013-2145: arbitrary code execution when verifying SIGNATURE
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 5 19:30:25 UTC 2013
Package: libmodule-signature-perl
Version: 0.63-1
Severity: grave
Tags: security patch upstream fixed-upstream
Justification: user security hole
Hi,
the following vulnerability was published for libmodule-signature-perl.
CVE-2013-2145[0]:
arbitrary code execution when verifying SIGNATURE
Upstream patches are at [1] and further corrected at [2], and fixed
upstream 0.72[3].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2145
http://security-tracker.debian.org/tracker/CVE-2013-2145
[1] https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2
[2] https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896
[3] https://metacpan.org/source/AUDREYT/Module-Signature-0.72/Changes
Regards,
Salvatore
More information about the Secure-testing-team
mailing list