[Git][security-tracker-team/security-tracker][master] Split off tracking for libcryptx-perl issue to dedidated CVE

Wed, 11 Jun 2025 13:22:54 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c69be8a3 by Salvatore Bonaccorso at 2025-06-11T22:17:02+02:00
Split off tracking for libcryptx-perl issue to dedidated CVE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,7 +45,12 @@ CVE-2025-40915 (Mojolicious::Plugin::CSRF 1.03 for Perl uses 
a weak random numbe
 CVE-2025-40914 (Perl CryptX before version 0.087 contains a dependency that 
may be sus ...)
        TODO: check
 CVE-2025-40912 (CryptX for Perl before version 0.065 contains a dependency 
that may be ...)
-       TODO: check
+       - libcryptx-perl 0.066-1
+       NOTE: https://github.com/libtom/libtomcrypt/issues/507
+       NOTE: perl-CryptX: 
https://github.com/DCIT/perl-CryptX/commit/32f1d210ed6300b8e82f46f1b983f7316aa7eaf9
 (v0.065)
+       NOTE: https://lists.security.metacpan.org/cve-announce/msg/30337161/
+       NOTE: CVE is for the use of the vulnerable version of the embedded 
libtomcrypt
+       NOTE: library affected by CVE-2019-17362.
 CVE-2025-3473 (IBM Security Guardium 12.1 could allow a local privileged user 
to esca ...)
        NOT-FOR-US: IBM
 CVE-2025-3302 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is 
vulnerable ...)
@@ -459707,11 +459712,9 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the 
der_decode_utf8_string functi
        - libtomcrypt 1.18.2-3
        [buster] - libtomcrypt <no-dsa> (Minor issue)
        [stretch] - libtomcrypt <no-dsa> (Minor issue)
-       - libcryptx-perl 0.066-1
        NOTE: https://github.com/libtom/libtomcrypt/issues/507
        NOTE: https://github.com/libtom/libtomcrypt/pull/508
        NOTE: 
https://github.com/libtom/libtomcrypt/commit/25c26a3b7a9ad8192ccc923e15cf62bf0108ef94
-       NOTE: perl-CryptX: 
https://github.com/DCIT/perl-CryptX/commit/32f1d210ed6300b8e82f46f1b983f7316aa7eaf9
 (v0.065)
 CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NET API with 
the ssh  ...)
        {DSA-4676-1}
        - salt 2019.2.3+dfsg1-1 (bug #949222)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69be8a339c9d9cd559cbc4e67c8b485548a0b9b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69be8a339c9d9cd559cbc4e67c8b485548a0b9b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to