- SECURITY UPDATE of p5-libwww to 5.835

CVE-2010-2253: lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files and possibly execute arbitrary code. from ian mcwilliam, ok sthen@
2010-09-08 07:44:03 +00:00 · 2010-09-08 07:44:03 +00:00 · ed7577625a
commit ed7577625a
parent e2c7559dec
2 changed files with 8 additions and 8 deletions
--- a/www/p5-libwww/Makefile
+++ b/www/p5-libwww/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.31 2010/04/15 14:29:18 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.32 2010/09/08 07:44:03 jasper Exp $

 COMMENT=	library for WWW access in Perl

 MODULES=	cpan
-DISTNAME=	libwww-perl-5.834
-PKGNAME=	p5-${DISTNAME:S/-perl-/-/}p0
+DISTNAME=	libwww-perl-5.835
+PKGNAME=	p5-${DISTNAME:S/-perl-/-/}
 CATEGORIES=	www

 # Perl
--- a/www/p5-libwww/distinfo
+++ b/www/p5-libwww/distinfo
@ -1,5 +1,5 @@
-MD5 (libwww-perl-5.834.tar.gz) = 8u2KRh92VWycrtkIf0fIbA==
-RMD160 (libwww-perl-5.834.tar.gz) = KAEV0qfJJtBBi59Uyr7ke16V1NI=
-SHA1 (libwww-perl-5.834.tar.gz) = YqMZW42oox6s0atj5nFF/2lKFbM=
-SHA256 (libwww-perl-5.834.tar.gz) = GlDrkdHe7KO+EJguEp54aAmtbw+ASbFW6R6InlpyiP8=
-SIZE (libwww-perl-5.834.tar.gz) = 267775
+MD5 (libwww-perl-5.835.tar.gz) = WTIFOw1WboiDjLiscR0t+A==
+RMD160 (libwww-perl-5.835.tar.gz) = Mb+d7cspwNtPDWe6unYLCB2eIqI=
+SHA1 (libwww-perl-5.835.tar.gz) = OfuF8JgSF8Kuc9gwUwL+Ll56PMk=
+SHA256 (libwww-perl-5.835.tar.gz) = fQdXVvYqOt69fC71Sjjz9lNhcebuF/sapSTAS4oR8BQ=
+SIZE (libwww-perl-5.835.tar.gz) = 270118