SSL validation in libwww-perl (CVE-2011-0633)

Debian Bug report logs - #669126
SSL validation in libwww-perl (CVE-2011-0633)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Moritz Muehlenhoff <jmm@debian.org>, submit@bugs.debian.org

Cc: pkg-perl-maintainers@lists.alioth.debian.org, team@security.debian.org

Subject: SSL validation in libwww-perl (CVE-2011-0633)

Date: Tue, 17 Apr 2012 17:29:45 +0200

[Message part 1 (text/plain, inline)]

Package: libwww-perl
Version: 5.836-1
Severity: minor
Tags: security

Hi Moritz

I'm forwarding this to the bugtracker to have it tracked there, I hope
this is okay.

On Mon, Apr 16, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote:
> I'd like to you notify of two minor security issues, one in Perl itself
> and the other in libwww-perl:
> 
> 1. CVE-2011-0663 has been assigned to this change from release 6.00:
> 
> For https://... default to verified connections with require IO::Socket::SSL
> and Mozilla::CA modules to be installed.  Old behaviour can be requested by
> setting the PERL_LWP_SSL_VERIFY_HOSTNAME environment variable to 0.  The
> LWP::UserAgent got new ssl_opts method to control this as well.
> 
> Petr Pisar from Red Hat made a backport to 5.837, which is close to what
> we have in stable: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0633
> 
> Maybe you want to backport this for one of the next point releases?

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #14 received at 669126-done@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 669126-done@bugs.debian.org

Subject: Re: Bug#669126: SSL validation in libwww-perl (CVE-2011-0633)

Date: Wed, 1 Aug 2012 01:18:03 +0200

[Message part 1 (text/plain, inline)]

Source: libwww-perl
Source-Version: 6.01-1

Proberly close the bugreport.

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.