Fedora alert FEDORA-2010-8911 (perl-POE-Component-IRC)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 13 Update: perl-POE-Component-IRC-6.14-2.fc13.1 | |
| Date: | Fri, 28 May 2010 18:08:36 +0000 | |
| Message-ID: | <20100528180836.EEE1B1114EE@bastion02.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-8911 2010-05-22 00:44:37 -------------------------------------------------------------------------------- Name : perl-POE-Component-IRC Product : Fedora 13 Version : 6.14 Release : 2.fc13.1 URL : http://search.cpan.org/dist/POE-Component-IRC Summary : A POE component for building IRC clients Description : POE::Component::IRC is a POE component (who'd have guessed?) which acts as an easily controllable IRC client for your other POE components and sessions. You create an IRC component and tell it what events your session cares about and where to connect to, and it sends back interesting IRC events when they happen. You make the client do things by sending it events. That's all there is to it. Cool, no? -------------------------------------------------------------------------------- Update Information: Plugs a security hole by simplifying privmsg handler: Removed the undocumented behavior of concatenating multiple arguments. It only accepts one argument now, and newlines/CR in a message (and everything following them) will be stripped as with other commands. -------------------------------------------------------------------------------- ChangeLog: * Thu May 20 2010 Iain Arnell <iarnell@gmail.com> 6.14-2.1 - apply patch for rhbz#591215 -------------------------------------------------------------------------------- References: [ 1 ] Bug #591215 - perl-POE-Component-IRC: arbitrary IRC command execution due to insufficient stripping of CR/LF https://bugzilla.redhat.com/show_bug.cgi?id=591215 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update perl-POE-Component-IRC' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...