Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
249ec575 by Salvatore Bonaccorso at 2025-06-11T22:32:27+02:00
Add CVE-2025-40914/libcryptx-perl
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -43,7 +43,12 @@ CVE-2025-41661 (An unauthenticated remote attacker can
execute arbitrary command
CVE-2025-40915 (Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random
number sour ...)
NOT-FOR-US: Mojolicious::Plugin::CSRF Perl module
CVE-2025-40914 (Perl CryptX before version 0.087 contains a dependency that
may be sus ...)
- TODO: check
+ - libcryptx-perl <unfixed>
+ NOTE: https://lists.security.metacpan.org/cve-announce/msg/30332012/
+ NOTE: https://github.com/libtom/libtommath/pull/546
+ NOTE:
https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-6fh3-7qjq-8v22
+ NOTE: CVE exists because CryptX embeds a version of the libtommath
library that is
+ NOTE: susceptible to an integer overflow associated with CVE-2023-36328.
CVE-2025-40912 (CryptX for Perl before version 0.065 contains a dependency
that may be ...)
- libcryptx-perl 0.066-1
NOTE: https://github.com/libtom/libtomcrypt/issues/507
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249ec57591770be6cb38f662711647ecf2cd607b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/249ec57591770be6cb38f662711647ecf2cd607b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
