Advisories » MGASA-2020-0255

Updated perl packages fix security vulnerability

Publication date: 10 Jun 2020
Modification date: 10 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10543 , CVE-2020-10878 , CVE-2020-12723

Description

This update from 5.28.2 to 5.28.3 fixes bugs several bugs the RPM package
manager.
- Update to 5.23.3
  (See https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod 
  for release notes)
- Security release fixes CVE-2020-10543, CVE-2020-10878 and CVE-2020-12723
- Work around a glibc bug in caching LC_MESSAGES (GH#17081)
- Fix POSIX:setlocale() documentation
- Prevent from an integer overflow in POSIX::SigSet()
- Fix thread-safety of IO::Handle (GH#14816)
- Close :unix PerlIO layers properly (bug #987118)
- Fix counting a recursion limit when matching in a postponed eval
  (GH#17490)
- Fix sorting tied arrays (GH#17496)
- Fix a spurious warning about a multidimensional syntax (GH#16535)
- Normalize "#!/perl" shebangs in the tests
- Fix a warning about an uninitialized value in B::Deparse (GH#17537)
- Fix Time-Local tests to pass after year 2019 (CPAN RT#124787)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26715
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12723

SRPMS

7/core

• perl-5.28.3-2.mga7