Ubuntu Security Notice 2607-1 - John Lightsey discovered that Module::Signature incorrectly handled PGP signature boundaries. A remote attacker could use this issue to trick Module::Signature into parsing the unsigned portion of the SIGNATURE file as the signed portion. John Lightsey discovered that Module::Signature incorrectly handled files that were not listed in the SIGNATURE file. A remote attacker could use this flaw to execute arbitrary code when tests were run. Various other issues were also addressed.
01435cad3cc3f3796eb76778a10df74d3b0435bd530e0a635c5562e915c71934