Ubuntu Security Notice 2607-1 - John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. John Lightsey discovered that Module::Signature incorrectly handled files that were not listed in the SIGNATURE file. A remote attacker could use this flaw to execute arbitrary code when tests were run. Various other issues were also addressed. Continue reading...
