Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-8.8.0.z
Affects Version/s: rhel-8.8.0.z
Component/s: perl-HTTP-Tiny
Labels:
None

Fixed in Build:
perl-HTTP-Tiny-0.074-1.el8_8.2
Regression:
None
Severity:
None

Pool Team:

rhel-sst-cs-stacks
Sub-System Group:

ssg_core_services

Dev Target Milestone:
20
Internal Target Milestone:
21
Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/125424
Test Coverage:
None

Experience:
Architecture:

All

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

To mitigate CVE-2023-31486, the perl-HTTP-Tiny has been updated to perform SSL cert verification by default, ie verify_SSL=>true.

However, the man page shipped with the package wasn't updated to reflect the change:

$ man /usr/share/man/man3/HTTP::Tiny.3pm.gz
...

- "verify_SSL" — A boolean that indicates whether to validate the SSL certificate of an "https" — connection
(default is false)
...

is cloned by

RHEL-21763 perl-HTTP-Tiny: man page not updated to reflect fix for CVE-2023-31486 [rhel-8]

Closed

RHEL-21793 perl-HTTP-Tiny: man page not updated to reflect fix for CVE-2023-31486 [rhel-8.9.z]

Closed

RHEL-21796 perl-HTTP-Tiny: man page not updated to reflect fix for CVE-2023-31486 [rhel-9]

Closed

links to

RHSA-2023:125424 perl-HTTP-Tiny security update

Assignee:: Jitka Plesnikova

Reporter:: Martin Kyral

Developer:: Jitka Plesnikova

QA Contact:: bot rhel-cs-apps-subsystem-qe

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/01/16 11:31 AM

Updated:: 2024/11/12 2:31 PM

Resolved:: 2024/01/30 1:24 PM

Release Date:: 2024/01/30