From 24e2c9f31e98717c7c607b184a33ecb42e63cb01 Mon Sep 17 00:00:00 2001 From: brian d foy Date: Sat, 15 Jun 2024 01:28:26 -0400 Subject: [PATCH] Data update (POSIX::2008 briandfoy/cpan-security-advisory#154) --- cpan-security-advisory | 2 +- lib/CPAN/Audit.pm | 2 +- lib/CPAN/Audit/DB.pm | 206 ++++++++++++++++++++++++++++++++++++++- lib/CPAN/Audit/DB.pm.gpg | 26 ++--- 4 files changed, 218 insertions(+), 18 deletions(-) diff --git a/cpan-security-advisory b/cpan-security-advisory index 37c93d1..937e2f9 160000 --- a/cpan-security-advisory +++ b/cpan-security-advisory @@ -1 +1 @@ -Subproject commit 37c93d1820eafc4fc2cc9745262d0cc8306da21d +Subproject commit 937e2f9cdcc4a90c53363b9981f96d82f3c2990b diff --git a/lib/CPAN/Audit.pm b/lib/CPAN/Audit.pm index 9700283..150d18e 100644 --- a/lib/CPAN/Audit.pm +++ b/lib/CPAN/Audit.pm @@ -14,7 +14,7 @@ use CPAN::Audit::Version; use CPAN::Audit::Query; use CPAN::Audit::DB; -our $VERSION = '20240601.001'; +our $VERSION = '20240615.001'; sub new { my( $class, %params ) = @_; diff --git a/lib/CPAN/Audit/DB.pm b/lib/CPAN/Audit/DB.pm index dbd930e..9b5cca7 100644 --- a/lib/CPAN/Audit/DB.pm +++ b/lib/CPAN/Audit/DB.pm @@ -1,12 +1,12 @@ -# created by util/generate at Sat Jun 1 16:14:49 2024 -# cpan-security-advisory 37c93d1820eafc4fc2cc9745262d0cc8306da21d +# created by util/generate at Sat Jun 15 01:27:04 2024 +# cpan-security-advisory +937e2f9cdcc4a90c53363b9981f96d82f3c2990b # package CPAN::Audit::DB; use strict; use warnings; -our $VERSION = '20240601.001'; +our $VERSION = '20240615.001'; sub db { { @@ -4710,6 +4710,10 @@ sub db { { 'date' => '2024-03-18T12:10:48', 'version' => '4.64' + }, + { + 'date' => '2024-06-04T15:15:17', + 'version' => '4.65' } ] }, @@ -18361,6 +18365,10 @@ sub db { { 'date' => '2024-05-01T09:04:33', 'version' => '5.005' + }, + { + 'date' => '2024-06-04T19:59:44', + 'version' => '5.006' } ] }, @@ -36728,6 +36736,18 @@ sub db { { 'date' => '2024-04-27T01:24:42', 'version' => '1.024_005' + }, + { + 'date' => '2024-06-11T11:35:22', + 'version' => '1.024_006' + }, + { + 'date' => '2024-06-12T09:58:08', + 'version' => '1.024_007' + }, + { + 'date' => '2024-06-13T10:45:14', + 'version' => '1.024_008' } ] }, @@ -37328,6 +37348,38 @@ sub db { { 'date' => '2022-05-09T21:07:41', 'version' => '1.06' + }, + { + 'date' => '2024-06-02T18:49:17', + 'version' => '1.07' + }, + { + 'date' => '2024-06-05T19:57:13', + 'version' => '1.10_01' + }, + { + 'date' => '2024-06-08T19:49:17', + 'version' => '2.00_01' + }, + { + 'date' => '2024-06-09T13:06:47', + 'version' => '2.00_02' + }, + { + 'date' => '2024-06-09T15:41:33', + 'version' => '2.00_03' + }, + { + 'date' => '2024-06-09T20:00:29', + 'version' => '2.00_04' + }, + { + 'date' => '2024-06-10T07:25:19', + 'version' => '2.00_05' + }, + { + 'date' => '2024-06-10T15:39:47', + 'version' => '2.00' } ] }, @@ -49103,6 +49155,10 @@ sub db { { 'date' => '2023-12-10T00:23:20', 'version' => '0.22' + }, + { + 'date' => '2024-06-08T13:42:18', + 'version' => '0.23' } ] }, @@ -51403,6 +51459,139 @@ sub db { } ] }, + 'POSIX-2008' => { + 'advisories' => [ + { + 'affected_versions' => '<0.24', + 'cves' => [], + 'description' => 'POSIX::2008\'s implementation of readlink() and readlinkat(). The underlying syscalls do not add any null terminator byte at the end of the output buffer, but _readlink50c() in 2008.XS also fails to add a null terminator before returning the result string to perl. This results in arbitrary memory contents being visible in the result returned to perl code by readlink() and readlinkat(). At the very least, this causes failures in any downstream code that attempts to access whatever filename (plus the erroneous garbage) was linked to. +', + 'distribution' => 'POSIX-2008', + 'fixed_versions' => '>=0.24', + 'id' => 'CPANSA-POSIX-2008-001', + 'references' => [ + 'https://rt.cpan.org/Public/Bug/Display.html?id=96644' + ], + 'reported' => undef, + 'severity' => undef + } + ], + 'main_module' => 'POSIX::2008', + 'versions' => [ + { + 'date' => '2013-09-13T17:14:53', + 'version' => '0.01' + }, + { + 'date' => '2013-09-14T16:20:56', + 'version' => '0.02' + }, + { + 'date' => '2013-09-16T09:32:15', + 'version' => '0.03' + }, + { + 'date' => '2015-05-25T13:51:17', + 'version' => '0.04' + }, + { + 'date' => '2017-08-25T20:52:28', + 'version' => '0.05' + }, + { + 'date' => '2017-08-26T17:21:09', + 'version' => '0.06' + }, + { + 'date' => '2017-08-27T14:55:54', + 'version' => '0.07' + }, + { + 'date' => '2017-08-31T18:14:24', + 'version' => '0.08' + }, + { + 'date' => '2017-09-01T10:14:04', + 'version' => '0.09' + }, + { + 'date' => '2017-09-02T09:15:21', + 'version' => '0.10' + }, + { + 'date' => '2017-09-02T13:11:19', + 'version' => '0.11' + }, + { + 'date' => '2017-09-03T20:02:26', + 'version' => '0.12' + }, + { + 'date' => '2017-09-08T11:50:51', + 'version' => '0.13' + }, + { + 'date' => '2017-09-09T18:04:53', + 'version' => '0.14' + }, + { + 'date' => '2017-09-10T12:50:52', + 'version' => '0.15' + }, + { + 'date' => '2017-09-15T14:59:53', + 'version' => '0.16' + }, + { + 'date' => '2023-06-01T13:51:43', + 'version' => '0.18' + }, + { + 'date' => '2023-07-07T13:52:59', + 'version' => '0.19' + }, + { + 'date' => '2023-07-08T12:09:34', + 'version' => '0.20_01' + }, + { + 'date' => '2023-07-09T08:25:58', + 'version' => '0.20_02' + }, + { + 'date' => '2023-07-11T15:26:35', + 'version' => '0.20_03' + }, + { + 'date' => '2023-07-12T17:47:09', + 'version' => '0.20_04' + }, + { + 'date' => '2023-07-13T17:26:29', + 'version' => '0.20_05' + }, + { + 'date' => '2023-07-14T15:57:30', + 'version' => '0.20' + }, + { + 'date' => '2023-11-16T19:54:40', + 'version' => '0.21' + }, + { + 'date' => '2024-01-26T16:30:56', + 'version' => '0.22' + }, + { + 'date' => '2024-01-27T15:34:00', + 'version' => '0.23' + }, + { + 'date' => '2024-06-14T12:10:38', + 'version' => '0.24' + } + ] + }, 'Parallel-ForkManager' => { 'advisories' => [ { @@ -66841,6 +67030,14 @@ sub db { { 'date' => '2024-05-24T20:45:21', 'version' => '5.040000' + }, + { + 'date' => '2024-06-04T21:47:57', + 'version' => '5.040000' + }, + { + 'date' => '2024-06-09T20:45:37', + 'version' => '5.040000' } ] }, @@ -69423,9 +69620,11 @@ sub db { 'Kelp::Response' => 'Kelp', 'Kelp::Routes' => 'Kelp', 'Kelp::Routes::Controller' => 'Kelp', + 'Kelp::Routes::Location' => 'Kelp', 'Kelp::Routes::Pattern' => 'Kelp', 'Kelp::Template' => 'Kelp', 'Kelp::Test' => 'Kelp', + 'Kelp::Util' => 'Kelp', 'Kossy' => 'Kossy', 'Kossy::Assets' => 'Kossy', 'Kossy::BodyParser' => 'Kossy', @@ -70531,6 +70730,7 @@ sub db { 'POE::Filter::IRC' => 'POE-Component-IRC', 'POE::Filter::IRC::Compat' => 'POE-Component-IRC', 'POSIX' => 'perl', + 'POSIX::2008' => 'POSIX-2008', 'POSIX::SigAction' => 'perl', 'POSIX::SigRt' => 'perl', 'POSIX::SigSet' => 'perl', diff --git a/lib/CPAN/Audit/DB.pm.gpg b/lib/CPAN/Audit/DB.pm.gpg index 9f534c0..6e0702c 100644 --- a/lib/CPAN/Audit/DB.pm.gpg +++ b/lib/CPAN/Audit/DB.pm.gpg @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmZbgTkACgkQ+D+NXoeL -YEGA5w//TgMtafMza1v2GDa2HovYn6jLatkf4BYl5jWIsAXkX3/li46Nfpnb/gST -44lxt1IJ8Ev7UGpXrDO4X0ya1JyY8h7e/qYMP2zoIgjtF589tR43EicrAZ6eECbY -3cYprz3xCbRVle6p0brdJk481JPRpES6Rx3aHKQSvzOFJkcfC3zBcUjUUxPJuHas -nfbLUJ1hK3juvOIorJHFSt5nyfZoE/mwHksxmXHihsgWYGXlg6t/OfPz1xyXAZaG -mfKDehAyMGbecaKAR0EiehXUONEa1ORXUt1IxrIHHI7kQ/RBnYihdxiqLGj9ZaHc -WNPslSJXbFRNdZVrpEPLfHKFqqpKrKdUkin9cFDVU2uKVMTxpDPNlcHE+Gptnk2C -oWDwBOE0iFfh4AhpEMmFTGX9QpfLMh17G5mAJO8s0pZj3m6h7Qegq8C0sbqYoiwv -iciiw4+ryPP/mrK1rgCejLUxk2GSsu3cDyEvWRL0rRSJ7/RfHpFdZjWRbcCfWdTH -x5/fPTWm1Fqapf6L4Na4h7khv4H/QkMsZ3Xne7dVAwUz/04d2NxT2bdfElZByn60 -R4VpaBNUPdy2CjTfL1+TJzXMN+TFIYeqqVR/HBxl4kTBIyc0Dkz9xuQoLHppZERc -+1BvfwRvJWmeu/9gEUxcUXApH6soaJp+bsQjz4JlyZH6R/amFw0= -=8oeN +iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmZtJigACgkQ+D+NXoeL +YEGDsw//XPPqm4pRw1clb4WFlqBTAKf4sA8mHKdCwx3H2rZMr7pgkJhxP9GJwlpt +LCWWFBno1IZ95mHyMYkF9vmAekaY99gaq287pSJyseu00PqwWJvzEPzuRtW+Tg5F +32NxjKbwTdduGdmawV6gfIOQeyWdf0J1FNBXTWzVqAsR/kaD/Mh9F55ooUfw70/t +ZU5j7fvhnu4408j0TwV9eVcUJx/ioYXeUv9FwG8VCoz4DBNvXLNWBNc1pmrGHiNc +R/2qGc7wBJROyauYAdQjYoxAelJ6Av4bn/W2He8JtrkYOhOcWiRprSNVroYjXJTg +nPFsEprW6/Zuw80R0Yisuld5kTMy8gR6FAkEZWCIHdqhi4PHDdabOMkEomKeKADI +UZj2osR6VBQvUx3vMQtY/C0EAgoykgmrmUifpr6IBWAFPOptlO+3bc/EUPLqKqOQ +OBZibU0kv7l1//jpPQK+sesXQ+KUPa6SgGwxdqF9c/yzTf17hrPuwoOcdWk4Vxem +650lhywVW8hu3khm206yElkM8Auefr8FITfswpf/8fGiR16iEN5yxoIIbLWHiyxU +6D6/FfZSYekTRwW911l9uyzRogPAgaV8a2QjUOIPJi0QyrzKKzGHhRQery8ytsEk +Nm1NlhwwZ0KPO7CNgAsIsXBlIXfNbA6jeiNpBwuceD1uG1BY2oo= +=nHv4 -----END PGP SIGNATURE-----