From f3338598835048ff2529ebd08e77007bbe704d1f Mon Sep 17 00:00:00 2001 From: Tom Hukins Date: Wed, 15 Jan 2020 11:14:58 +0000 Subject: [PATCH 1/2] Force a minimum version of Template::Toolkit Version 3.004 fixes the CVE-2019-19781 security vulnerability. https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/ describes the problem. https://www.tenable.com/blog/cve-2019-19781-exploit-scripts-for-remote-code-execution-vulnerability-in-citrix-adc-and summarises its impact in another product. --- Makefile.PL | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.PL b/Makefile.PL index 9b14c832f..900fbd239 100755 --- a/Makefile.PL +++ b/Makefile.PL @@ -52,6 +52,7 @@ our %prereq_pm = ( 'PDF::Table' => 0.11.0, 'Session::Token' => 0, 'String::CamelCase' => 0, + 'Template' => 3.004, 'Test::MockTime' => 0, 'Test::More' => 0, 'Text::Autoformat' => 0, From 190482e453b2562c9172eff7662997b493466a35 Mon Sep 17 00:00:00 2001 From: Tom Hukins Date: Wed, 15 Jan 2020 11:29:17 +0000 Subject: [PATCH 2/2] Force a minimum version of Test::More I chose this minimum version arbitrarily, but it avoids problems such as "use Test::More 'no_plan'; ...; done_testing();" encountered when testing with perl-5.24. --- Makefile.PL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.PL b/Makefile.PL index 900fbd239..2ecc92c4c 100755 --- a/Makefile.PL +++ b/Makefile.PL @@ -54,7 +54,7 @@ our %prereq_pm = ( 'String::CamelCase' => 0, 'Template' => 3.004, 'Test::MockTime' => 0, - 'Test::More' => 0, + 'Test::More' => 1.302112, 'Text::Autoformat' => 0, 'Text::CSV::Encoded' => 0, 'Tie::Cache' => 0,