Opened 21 months ago

Closed 21 months ago

Last modified 20 months ago

#18283 closed enhancement (fixed)

LWP-Protocol-https-6.11 (Perl module)

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 12.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (5)

comment:1 by Douglas R. Reno, 21 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 21 months ago

Priority: normalelevated 
6.11      2023-07-09 15:10:30Z
    - Remove Authority section from dist.ini (GH#64) (Olaf Alders)
    - Add very basic diagnostic information via test (GH#73) (Olaf Alders)
    - CVE-2014-3230 - don't disable verification if only hostnames should not
      (GH#14) (Steffen Ullrich)
    - Make explicit requirement of Mozilla::CA obsolete (GH#72) (Steffen
      Ullrich and Olaf Alders)
    - Remove _in_san and _cn_match. Empty out the _check_sock hook (GH#71)
      (Chase Whitener)
    - Use warnings (GH#69) (Pete Houston)

What the... how do you not apply a patch for a CVE for 9 years? See https://github.com/libwww-perl/LWP-Protocol-https/pull/14 for details on that. Even though it is medium severity, it just feels odd.

comment:3 by Douglas R. Reno, 21 months ago

The patch is no longer required and has been applied upstream in GH#72

comment:4 by Douglas R. Reno, 21 months ago

Resolution: fixed
Status: assignedclosed

Fixed at 80a51925de69c3f9144e1641a45248af51c84cc5

SA-11.3-055 issued.

comment:5 by Bruce Dubbs, 20 months ago

Milestone: 11.412.0

Milestone renamed

Note: See TracTickets for help on using tickets.