Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-21793

perl-HTTP-Tiny: man page not updated to reflect fix for CVE-2023-31486 [rhel-8.9.z]

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-8.9.0.z
    • rhel-8.9.0.z
    • perl-HTTP-Tiny
    • None
    • perl-HTTP-Tiny-0.074-2.el8_9.1
    • None
    • None
    • rhel-sst-cs-stacks
    • ssg_core_services
    • 20
    • 21
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • All
    • None

      To mitigate  CVE-2023-31486, the perl-HTTP-Tiny has been updated to perform SSL cert verification by default, ie verify_SSL=>true.

       

      However, the man page shipped with the package wasn't updated to reflect the change:

      $ man /usr/share/man/man3/HTTP::Tiny.3pm.gz
      ...

            -   "verify_SSL" — A boolean that indicates whether to validate the SSL certificate of an "https" — connection
                (default is false)
      ...

              jplesnik@redhat.com Jitka Plesnikova
              mkyral@redhat.com Martin Kyral
              Jitka Plesnikova Jitka Plesnikova
              Martin Kyral Martin Kyral
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: