openSUSE-SU-2023:0222-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0222-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2023:0222-1
Related
Published
2023-08-15T12:01:47Z
Modified
2023-08-15T12:01:47Z
Summary
Security update for perl-HTTP-Tiny
Details

This update for perl-HTTP-Tiny fixes the following issues:

perl-HTTP-Tiny was updated to 0.086:

see /usr/share/doc/packages/perl-HTTP-Tiny/Changes

0.086 2023-06-22 10:06:37-04:00 America/New_York

- Fix code to use `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` as documented.

0.084 2023-06-14 06:35:01-04:00 America/New_York

- No changes from 0.083-TRIAL.

0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE)

[!!! SECURITY !!!]
- Changes the `verify_SSL` default parameter from `0` to `1`.
  Fixes CVE-2023-31486 (boo#1211002)
- `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to restore the
  old default if required.

0.081 2022-07-17 09:01:51-04:00 America/New_York (TRIAL RELEASE)

  [FIXED]
  - No longer deletes the 'headers' key from post_form arguments hashref.
  [DOCS]
  - Noted that request/response content are handled as raw bytes.

0.079 2021-11-04 12:33:43-04:00 America/New_York (TRIAL RELEASE)

  [FIXED]
  - Fixed uninitialized value warnings on older Perls when the REQUEST_METHOD
    environment variable is set and CGI_HTTP_PROXY is not.

0.077 2021-07-22 13:07:14-04:00 America/New_York (TRIAL RELEASE)

  [ADDED]

  - Added a `patch` helper method for the HTTP `PATCH` verb.
  - If the REQUEST_METHOD environment variable is set, then CGI_HTTP_PROXY
    replaces HTTP_PROXY.

  [FIXED]

  - Unsupported scheme errors early without giving an uninitialized value
    warning first.
  - Sends Content-Length: 0 on empty body PUT/POST.  This is not in the spec,
    but some servers require this.
  - Allows optional status line reason, as clarified in RFC 7230.
  - Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says that
    SSL reads can also send writes as a side effect.
  - Check if a server has closed a connection before preserving it for reuse.

  [DOCS]

  - Clarified that exceptions/errors result in 599 status codes.

  [PREREQS]

  - Optional IO::Socket::IP prereq must be at least version 0.32 to be used.
    This ensures correct timeout support.

0.076 2018-08-05 21:07:38-04:00 America/New_York

  - No changes from 0.075-TRIAL.

0.075 2018-08-01 07:03:36-04:00 America/New_York (TRIAL RELEASE)

  [CHANGED] - The 'peer' option now also can take a code reference

0.073 2018-07-24 11:33:53-04:00 America/New_York (TRIAL RELEASE)

  [DOCS] - Documented 'protocol' field in response hash.

0.071 2018-04-22 14:45:43+02:00 Europe/Oslo (TRIAL RELEASE)

  [DOCS] - Documented that method argument to request() is case-sensitive.
References

Affected packages

SUSE:Package Hub 15 SP4 / perl-HTTP-Tiny

Package

Name
perl-HTTP-Tiny
Purl
pkg:rpm/suse/perl-HTTP-Tiny&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.086-bp154.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "perl-HTTP-Tiny": "0.086-bp154.2.3.1"
        }
    ]
}

openSUSE:Leap 15.4 / perl-HTTP-Tiny

Package

Name
perl-HTTP-Tiny
Purl
pkg:rpm/opensuse/perl-HTTP-Tiny&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.086-bp154.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "perl-HTTP-Tiny": "0.086-bp154.2.3.1"
        }
    ]
}