On Wed, 19 Apr 2023 20:43:38 +0200, Salvatore Bonaccorso wrote:
> > 2.13 adds the additional required path component, so maybe you are
> > right and we should consider the CVE addressed on the package side
> > with the addition of the cpan_path key.
>
> Discussed this today with Moritz: Let's do
Source: libcpan-checksums-perl
Source-Version: 2.13-1
Hi Gregor,
On Fri, Mar 17, 2023 at 09:40:18PM +0100, Salvatore Bonaccorso wrote:
> Hi Gregor,
>
> On Fri, Mar 17, 2023 at 09:15:12PM +0100, gregor herrmann wrote:
> > On Fri, 17 Mar 2023 14:50:29 +0100, Moritz Mühlenhoff wrote:
> >
> > >
Hi Gregor,
On Fri, Mar 17, 2023 at 09:15:12PM +0100, gregor herrmann wrote:
> On Fri, 17 Mar 2023 14:50:29 +0100, Moritz Mühlenhoff wrote:
>
> > CVE-2020-16155[0]:
> > | The CPAN::Checksums package 2.12 for Perl does not uniquely define
> > | signed data.
> >
> >
On Fri, 17 Mar 2023 14:50:29 +0100, Moritz Mühlenhoff wrote:
> CVE-2020-16155[0]:
> | The CPAN::Checksums package 2.12 for Perl does not uniquely define
> | signed data.
>
> https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
>
Source: libcpan-checksums-perl
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libcpan-checksums-perl.
CVE-2020-16155[0]:
| The CPAN::Checksums package 2.12 for Perl does not uniquely define
| signed data.
5 matches
Mail list logo
