Hi, On Sat, Mar 16, 2024 at 10:39:57AM +0100, Salvatore Bonaccorso wrote: > Source: libcrypt-openssl-rsa-perl > Version: 0.33-3 > Severity: important > Tags: security upstream > Forwarded: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42 > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > Control: found -1 0.31-1 > > Hi, > > The following vulnerability was published for libcrypt-openssl-rsa-perl. > > CVE-2024-2467[0]: > | Crypt-OpenSSL-RSA vulnerable to the Marvin Attack > > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2024-2467 > https://www.cve.org/CVERecord?id=CVE-2024-2467 > [1] https://people.redhat.com/~hkario/marvin/ > [2] https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42
Thiss now is fixed by: https://github.com/cpan-authors/Crypt-OpenSSL-RSA/commit/f986c31575f41107bfe66610cdf922d6858a36be Regards, Salvatore

