https://bugzilla.redhat.com/show_bug.cgi?id=2035341
Bug 2035341 depends on bug 2037408, which changed state.
Bug 2037408 Summary: CVE-2020-16154
perl-App-cpanminus:1.7044/perl-App-cpanminus: Bypass of verification of
signatures in CHECKSUMS files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
Bug 2035341 depends on bug 2035342, which changed state.
Bug 2035342 Summary: CVE-2020-16154 perl-App-cpanminus: Bypass of verification
of signatures in CHECKSUMS files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2035342
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
Bug 2035341 depends on bug 2037407, which changed state.
Bug 2037407 Summary: CVE-2020-16154 perl-Menlo-Legacy: perl-App-cpanminus:
Bypass of verification of signatures in CHECKSUMS files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
--- Doc Text *updated* by Eric Christensen ---
A flaw was found in the way the perl-App-cpanminus performed verification of
package signatures stored in CHECKSUMS files. A malicious or compromised CPAN
server used by a user, or a
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
--- Doc Text *updated* by Tomas Hoger ---
A flaw was found in the way the perl-App-cpanminus performed verification of
package signatures stored in CHECKSUMS files. A malicious or compromised CPAN
server used by the user, or a
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
--- Comment #7 from Tomas Hoger ---
Additional details about these issues can be found in the following blog post:
http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
--
You are receiving
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
Tomas Hoger changed:
What|Removed |Added
Depends On||2038837, 2038835, 2038836,
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
--- Comment #5 from Tomas Hoger ---
Upstream fixes linked in comment 2 do not completely address all issues - they
still make it possible to include crafted $cksum data before the signed content
of the CHECKSUMS file and have that accepted by
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
Tomas Hoger changed:
What|Removed |Added
Depends On||2037408, 2037407
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
--- Comment #3 from Tomas Hoger ---
Created perl-App-cpanminus:1.7044/perl-App-cpanminus tracking bugs for this
issue:
Affects: fedora-all [bug 2037408]
Created perl-Menlo-Legacy tracking bugs for this issue:
Affects: fedora-all [bug
https://bugzilla.redhat.com/show_bug.cgi?id=2035341
Tomas Hoger changed:
What|Removed |Added
Summary|CVE-2020-16154 |CVE-2020-16154
11 matches
Mail list logo