Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d096d039 by Sylvain Beucler at 2026-05-18T21:42:04+02:00
CVE-2026-8507/libcrypt-openssl-pkcs12-perl: introductory commit + bullseye
not-affected
print_attribute/info/info_as_hash functions all introduced in this commit and
the next one
- - - - -
b35f6e08 by Sylvain Beucler at 2026-05-18T21:42:06+02:00
CVE-2026-8721/libcrypt-openssl-pkcs12-perl: bullseye postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -242,6 +242,7 @@ CVE-2026-8723 (### Summary `qs.stringify` throws
`TypeError` when called with
CVE-2026-8721 (Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates
passwo ...)
- libcrypt-openssl-pkcs12-perl 1.95-1
[trixie] - libcrypt-openssl-pkcs12-perl <no-dsa> (Minor issue)
+ [bullseye] - libcrypt-openssl-pkcs12-perl <postponed> (Minor issue,
only affects passwords including a NUL byte)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40149249/
NOTE:
https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/7b90e88a97f0ebe440032b8116249d1004d7ca6f
NOTE:
https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/468712ae04188342b263f057ad65f21a3545013b
@@ -252,11 +253,13 @@ CVE-2026-8719 (The AI Engine \u2013 The Chatbot, AI
Framework & MCP for WordPres
CVE-2026-8507 (Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have
out-of-boun ...)
- libcrypt-openssl-pkcs12-perl 1.95-1
[trixie] - libcrypt-openssl-pkcs12-perl <no-dsa> (Minor issue)
+ [bullseye] - libcrypt-openssl-pkcs12-perl <not-affected> (Vulnerable
code introduced later)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40149247/
NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56
NOTE: Fixed by:
https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397
NOTE: Regression test:
https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/31878e6453079d0cdb748c7e9c514460cf308e6c
+ NOTE: Introduced by:
https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397
(1.92)
CVE-2026-6050
REJECTED
CVE-2026-46720 (Net::Statsd::Tiny versions before 0.3.8 for Perl allowed
metric inject ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42783da209487a8fdd699287b406713d796a6c86...b35f6e0862188aae5403c3f453aa093fd13d72ee
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42783da209487a8fdd699287b406713d796a6c86...b35f6e0862188aae5403c3f453aa093fd13d72ee
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
