On Fri, 17 Mar 2023 14:50:29 +0100, Moritz Mühlenhoff wrote: > CVE-2020-16155[0]: > | The CPAN::Checksums package 2.12 for Perl does not uniquely define > | signed data. > > https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ > http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
After reading those webpages and looking at the diffs briefly, I
_think_ this is fixed upstream in 2.13 and in Debian with 2.13-1.
What do you think Salvatore?
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`-
signature.asc
Description: Digital Signature

