[Git][security-tracker-team/security-tracker][master] Add CVE-2024-58134/libmojolicious-perl

Sat, 03 May 2025 13:03:48 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9c172aa6 by Salvatore Bonaccorso at 2025-05-03T22:02:37+02:00
Add CVE-2024-58134/libmojolicious-perl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,6 +5,11 @@ CVE-2024-58135 [may generate weak HMAC session secrets]
        - libmojolicious-perl <unfixed> (bug #1104633)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/29241187/
        NOTE: https://github.com/mojolicious/mojo/pull/2200
+CVE-2024-58134 [uses a hard coded string, or the application's class name, as 
a HMAC session secret by default]
+       - libmojolicious-perl <unfixed>
+       NOTE: https://lists.security.metacpan.org/cve-announce/msg/29247502/
+       NOTE: https://github.com/mojolicious/mojo/pull/1791
+       NOTE: https://github.com/mojolicious/mojo/pull/2200
 CVE-2025-4222 (The Database Toolset plugin for WordPress is vulnerable to 
Sensitive I ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-4218 (A vulnerability was found in handrew browserpilot up to 0.2.51. 
It has ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c172aa6a238b66e7d34abba3c26de3bf26f0675

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c172aa6a238b66e7d34abba3c26de3bf26f0675
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to