-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] https://www.debian.org/lts/security/ Arturo Borrero Gonzalez June 28, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libmojolicious-perl Version : 8.12+dfsg-1.1~deb10u1 CVE ID : CVE-2020-36829 Mojolicious is a Perl Web Application Framework built around the familiar Model-View-Controller philosophy. It supports a simple single file mode via Mojolicious::Lite, RESTful routes, plugins, Perl-ish templates, session management, signed cookies, a testing framework, internationalization, first class Unicode support, and more. The libmojolicious-perl package had a timing attack vulnerability that allowed an attacker to guess the length of a secret string. For Debian 10 buster, this problem has been fixed in version 8.12+dfsg-1.1~deb10u1. We recommend that you upgrade your libmojolicious-perl packages. For the detailed security status of libmojolicious-perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libmojolicious-perl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE3ZhhqyPcMzOJLgepaOcTmB0VFfgFAmaBKvEACgkQaOcTmB0V FfhAoRAAiSm9b56Qh1CPNP0jW9PFiWSq5eZ50zFqG1caBzyFE1Tuxy0atrP6krFd u9uR7mdLQxOJshlNOhg9W1Xsuzw2hd8bmrcFmVAb2lgdhmNCmJOVJAVXwlZT33vt ZzubDp3TuaT70DISZklAnmHO5fW3+kADEXrQbNtpsFvfyb4usr7MuZhKX7NCAHUp dMcvGzTORS7lXAWq1eIE74sQDRCTzndvpXKcGju+rnIV29VBCRaykAgBsq9Ss1PP a1QBWtMw90Fr6ipQHtayBJ60tBTGLpgD4zifIp8li0UO5dJTPB/vWTb2qpV5HSCk YmDCgcN5YEx9Jvhj0AJ2TmiebGxSZvY0jyZFlztjOXmDq5EHqfMrBXNPuXb1pLoG 4NwLHltf2zCd8GAypQaOJ4UrPRU56ShnW/5tXIjSrDNeGMShAW0IXC7w13Ml86bL PALz0y83WYfMAiR5Ck7u1Zqr1sDNmPvAykZE9cP7zuqJeK909tOw6GhksnMcBXPd uJ/nTSagPT3iygSUNH1NFt5Okhi+4ypPgpKMYWl6yMjhhT51F4goZz1bS+taaR6p PdZSnDf6c6JU59pLGPZRxmJbzT8yT8VLb3BA91iFU+hZhbmzuRp5fCoFs+q9kSmk t+mC9aEet6r6uBM6LWD8XIf3FviWWBX3qot3i5q3f9q7i+gSPdk= =qVLC -----END PGP SIGNATURE-----
