[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 Bug 2035341 depends on bug 2037408, which changed state. Bug 2037408 Summary: CVE-2020-16154 perl-App-cpanminus:1.7044/perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files [fedora-all]

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 Bug 2035341 depends on bug 2035342, which changed state. Bug 2035342 Summary: CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2035342

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 Bug 2035341 depends on bug 2037407, which changed state. Bug 2037407 Summary: CVE-2020-16154 perl-Menlo-Legacy: perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files [fedora-all]

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 --- Doc Text *updated* by Eric Christensen --- A flaw was found in the way the perl-App-cpanminus performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by a user, or a

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 --- Doc Text *updated* by Tomas Hoger --- A flaw was found in the way the perl-App-cpanminus performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by the user, or a

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 --- Comment #7 from Tomas Hoger --- Additional details about these issues can be found in the following blog post: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html -- You are receiving

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 Tomas Hoger changed: What|Removed |Added Depends On||2038837, 2038835, 2038836,

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 --- Comment #5 from Tomas Hoger --- Upstream fixes linked in comment 2 do not completely address all issues - they still make it possible to include crafted $cksum data before the signed content of the CHECKSUMS file and have that accepted by

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 Tomas Hoger changed: What|Removed |Added Depends On||2037408, 2037407 Referenced Bugs:

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 --- Comment #3 from Tomas Hoger --- Created perl-App-cpanminus:1.7044/perl-App-cpanminus tracking bugs for this issue: Affects: fedora-all [bug 2037408] Created perl-Menlo-Legacy tracking bugs for this issue: Affects: fedora-all [bug

[Bug 2035341] CVE-2020-16154 perl-App-cpanminus: Bypass of verification of signatures in CHECKSUMS files

https://bugzilla.redhat.com/show_bug.cgi?id=2035341 Tomas Hoger changed: What|Removed |Added Summary|CVE-2020-16154 |CVE-2020-16154