develooper Front page | perl.perl5.porters | Postings from November 2021

CPAN vulnerabilities related to checksums

From:
Neil Bowers
Date:
November 23, 2021 18:08
Subject:
CPAN vulnerabilities related to checksums
Message ID:
930c2970-54c6-469d-a84e-895fd83ebdc0@Spark
We’ve just published a blog post that summarises a response to a security advisory raised by Stig Palmquist. The advisory introduces three CVEs related to how checksums are handled by PAUSE and CPAN clients.

The blog post: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html

The advisory: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/

Neil



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About