-
-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update for 2024-03-08 with latest reports
- Loading branch information
Showing
2 changed files
with
32 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,12 @@ | ||
| # created by util/generate at Thu Mar 7 02:04:53 2024 | ||
| # cpan-security-advisory b9a30c4b9ca63dcd881d5791eef267657bcd6916 | ||
| # created by util/generate at Fri Mar 8 20:20:37 2024 | ||
| # cpan-security-advisory ba68b838b9ad93d2421c515b1f7861585ff4973a | ||
| # | ||
| package CPAN::Audit::DB; | ||
|
|
||
| use strict; | ||
| use warnings; | ||
|
|
||
| our $VERSION = '20240307.002'; | ||
| our $VERSION = '20240308.001'; | ||
|
|
||
| sub db { | ||
| { | ||
|
|
@@ -28561,7 +28561,7 @@ sub db { | |
| 'severity' => undef | ||
| }, | ||
| { | ||
| 'affected_versions' => '<=1.404,>=1.06', | ||
| 'affected_versions' => '>=1.06,<=1.404', | ||
| 'cves' => [ | ||
| 'CVE-2004-0452' | ||
| ], | ||
|
|
@@ -32914,7 +32914,7 @@ sub db { | |
| 'description' => 'The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. | ||
| ', | ||
| 'distribution' => 'IO-Socket-SSL', | ||
| 'fixed_versions' => undef, | ||
| 'fixed_versions' => '>=1.35', | ||
| 'id' => 'CPANSA-IO-Socket-SSL-2010-4334', | ||
| 'references' => [ | ||
| 'http://osvdb.org/69626', | ||
|
|
@@ -32940,7 +32940,7 @@ sub db { | |
| 'description' => 'The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate. | ||
| ', | ||
| 'distribution' => 'IO-Socket-SSL', | ||
| 'fixed_versions' => undef, | ||
| 'fixed_versions' => '>=1.26', | ||
| 'id' => 'CPANSA-IO-Socket-SSL-2009-3024', | ||
| 'references' => [ | ||
| 'http://www.openwall.com/lists/oss-security/2009/08/31/4', | ||
|
|
@@ -44458,6 +44458,10 @@ sub db { | |
| { | ||
| 'date' => '2023-10-27T17:11:42', | ||
| 'version' => '9.35' | ||
| }, | ||
| { | ||
| 'date' => '2024-03-08T22:16:38', | ||
| 'version' => '9.36' | ||
| } | ||
| ] | ||
| }, | ||
|
|
@@ -55881,6 +55885,14 @@ sub db { | |
| { | ||
| 'date' => '2024-01-18T11:30:17', | ||
| 'version' => '0.31' | ||
| }, | ||
| { | ||
| 'date' => '2024-03-08T11:04:50', | ||
| 'version' => '0.32' | ||
| }, | ||
| { | ||
| 'date' => '2024-03-08T12:50:37', | ||
| 'version' => '0.33' | ||
| } | ||
| ] | ||
| }, | ||
|
|
@@ -63451,35 +63463,6 @@ sub db { | |
| 'reported' => '2016-04-08', | ||
| 'severity' => 'high' | ||
| }, | ||
| { | ||
| 'affected_versions' => '<5.25.2', | ||
| 'cves' => [ | ||
| 'CVE-2016-6185' | ||
| ], | ||
| 'description' => 'The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. | ||
| ', | ||
| 'distribution' => 'perl', | ||
| 'fixed_versions' => '>=5.25.2', | ||
| 'id' => 'CPANSA-perl-2016-6185', | ||
| 'references' => [ | ||
| 'https://lists.fedoraproject.org/archives/list/[email protected]/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/', | ||
| 'http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7', | ||
| 'https://lists.fedoraproject.org/archives/list/[email protected]/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/', | ||
| 'http://www.openwall.com/lists/oss-security/2016/07/07/1', | ||
| 'http://www.openwall.com/lists/oss-security/2016/07/08/5', | ||
| 'https://rt.cpan.org/Public/Bug/Display.html?id=115808', | ||
| 'http://www.debian.org/security/2016/dsa-3628', | ||
| 'http://www.securitytracker.com/id/1036260', | ||
| 'https://lists.fedoraproject.org/archives/list/[email protected]/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/', | ||
| 'http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html', | ||
| 'http://www.securityfocus.com/bid/91685', | ||
| 'https://security.gentoo.org/glsa/201701-75', | ||
| 'https://usn.ubuntu.com/3625-2/', | ||
| 'https://usn.ubuntu.com/3625-1/' | ||
| ], | ||
| 'reported' => '2016-08-02', | ||
| 'severity' => 'high' | ||
| }, | ||
| { | ||
| 'affected_versions' => '=5.8.1', | ||
| 'cves' => [ | ||
|
|
@@ -69899,6 +69882,7 @@ sub db { | |
| 'Spreadsheet::ParseExcel::Workbook' => 'Spreadsheet-ParseExcel', | ||
| 'Spreadsheet::ParseExcel::Worksheet' => 'Spreadsheet-ParseExcel', | ||
| 'Spreadsheet::ParseXLSX' => 'Spreadsheet-ParseXLSX', | ||
| 'Spreadsheet::ParseXLSX::Cell' => 'Spreadsheet-ParseXLSX', | ||
| 'Spreadsheet::ParseXLSX::Decryptor' => 'Spreadsheet-ParseXLSX', | ||
| 'Spreadsheet::ParseXLSX::Decryptor::Agile' => 'Spreadsheet-ParseXLSX', | ||
| 'Spreadsheet::ParseXLSX::Decryptor::Standard' => 'Spreadsheet-ParseXLSX', | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,16 @@ | ||
| -----BEGIN PGP SIGNATURE----- | ||
|
|
||
| iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmXpZxUACgkQ+D+NXoeL | ||
| YEEsVQ//es7QOREXC081nc5mXtJjH9/macePabbyfQHn93iwsUVcUCH0AhD3Fu2u | ||
| b5eQiuNSfipmf91jeyCf2HQ4/z/wNEAOuqKh6CN4ql6qODS6ypJiib7GkcZUXLdn | ||
| WJRYec4tFBHeyqlYw06mqH3IRu73A/knR5C1+hvTRun1JSFQQLPIUnqVzKB17Rjx | ||
| xTU94AKPhk4m/oetxiU2VHsqDOKOFIyY6O4OCRPoQEoPl1f3pjejdPo7K5PoMHIh | ||
| eronr/cXu2h5YKSQhXxLgWH9jX96BNHpvbvIe67eZ0FCgU4L+Qr9l9s9H0uUV8ch | ||
| zo1293Tgt5JEZeu1NWdv2YaYezyW1ajLOJl21tZDem7gaTSGeOk6mtPfWSbMgiiS | ||
| bAzyorxau7SmXYPcCswZ+qhtaH3XEme0Cgt9Wgeif6lcCXgft0S9Yvmgik+61lwL | ||
| zBDFFQHGJXU3CrSEGrQfchJb4MKEoizmDb6mp9diT2bLvCJjXAVze2YBy7sQqipX | ||
| +FfCyaxIjNY1T2/iobd/rv39fYaFKq2nZMfFgtRxFf6HqoTcCrEHqD9OkcFXAQGg | ||
| 76BdE3YTqRJ091F13zaIhouprWEkzalEDGcYV5lDOq1Yif/oYLAIWe74lu5niRmY | ||
| cSoj5ZHT3mYv3CPTa5iR3uYK5b+1VZaKEsS5DJL1imQdMYmCD2c= | ||
| =xhSu | ||
| iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmXruWUACgkQ+D+NXoeL | ||
| YEF4aw/+NZxe5WQitrLfItEFA0QQSQZGogP8HGiGsBaf3cPJkc10uZhl4HLkoFte | ||
| 2Y/eRIZ4ONXVcg4dBebMIHXDZoPed6kiEYtU05rj+rRBhbOqEAsRtXjAfnoZbqPH | ||
| gqNj/lepcXG13U+b53Vu32Uq/RxKnrrfKg0AqiQiwoYbXDtU6EtNGZoMe2uJa9Yp | ||
| b3B605gXRYvPvLb7HJmiasABA8M7tKbOgp8yvPmS4ONNqjPVivW98SaOYXrz44fH | ||
| bvOPmUEN1+XOV4BAb5MIxnAU4A5m0p1eZRi+BAg02VKra7eVgqvCebG5p9VmRM+M | ||
| sOpnwgjrhXRBOOfp86oZBv2l1v/bfmT9IlttHeajs5aYwXS7/Kp0dGp9dhNoKB6+ | ||
| t4TgWi7+imeNNkTLfthKtIs0egYHkpII7kbo5rae44/eglJhoNGKmf2eRLvAbD6g | ||
| aUAjrQLKIxJozakjl+gAqAxwPykpjNnY6nal3IzDZjswh4oTC+7MP49kmgZszhQC | ||
| hw0UulqgZP2lrGIWHaG1aYnCQ2B3JEBmsYt8nN5+FvYi6m3IetK8iiSeL/c+eD7r | ||
| YqDPo/88ep28BJxjnmw8JB/XPVJbOGMQRYKU8VijCkU3FsBmr95tIE1DwO0oiRNR | ||
| 6HHtvp9Nne9hzQanKYVVZws/T2HC+HRwb3x7AAq+kWJvwWTqJ/k= | ||
| =8wy4 | ||
| -----END PGP SIGNATURE----- |