Accepting request 181933 from home:computersalat:devel:perl

update to 0.73, fix for bnc#828010 (CVE-2013-2145) OBS-URL: https://build.opensuse.org/request/show/181933 OBS-URL: https://build.opensuse.org/package/show/devel:languages:perl/perl-Module-Signature?expand=0&rev=23
2013-07-03 20:02:35 +00:00
parent 9d392b2fdd
commit c19f19b4bb
4 changed files with 34 additions and 6 deletions
--- a/perl-Module-Signature.changes
+++ b/perl-Module-Signature.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed Jul  3 19:14:29 UTC 2013 - chris@computersalat.de
+
+- update to 0.73
+  * fix for bnc#828010 (CVE-2013-2145)
+    https://bugzilla.novell.com/process_bug.cgi
+    https://bugzilla.redhat.com/show_bug.cgi?id=971096
+  * Properly redo the previous fix using File::Spec->file_name_is_absolute.
+- [Changes for 0.72 - Wed Jun  5 23:19:02 CST 2013]
+  * Only allow loading Digest::* from absolute paths in @INC,
+    by ensuring they begin with \ or / characters.
+    Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.71 - Tue Jun  4 18:24:10 CST 2013]
+  * Constrain the user-specified digest name to /^\w+\d+$/.
+  * Avoid loading Digest::* from relative paths in @INC.
+    Contributed by: Florian Weimer (CVE-2013-2145)
+- [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012]
+  * Don't check gpg version if gpg does not exist.
+    This avoids unnecessary warnings during installation
+    when gpg executable is not installed.
+    Contributed by: Kenichi Ishigaki
+- [Changes for 0.69 - Fri Nov  2 23:04:19 CST 2012]
+  * Support for gpg under these alternate names:
+    gpg gpg2 gnupg gnupg2
+    Contributed by: Michael Schwern
+
 -------------------------------------------------------------------
 Mon Dec 19 08:35:22 UTC 2011 - cfarrell@suse.com