From c676c7078e9b943c8dccd1b0bef6e6b9549cfeef Mon Sep 17 00:00:00 2001 From: brian d foy Date: Fri, 8 Mar 2024 20:46:46 -0500 Subject: [PATCH] Update for 2024-03-08 with latest reports --- lib/CPAN/Audit/DB.pm | 54 ++++++++++++++-------------------------- lib/CPAN/Audit/DB.pm.gpg | 26 +++++++++---------- 2 files changed, 32 insertions(+), 48 deletions(-) diff --git a/lib/CPAN/Audit/DB.pm b/lib/CPAN/Audit/DB.pm index ba2f5d7..7216129 100644 --- a/lib/CPAN/Audit/DB.pm +++ b/lib/CPAN/Audit/DB.pm @@ -1,12 +1,12 @@ -# created by util/generate at Thu Mar 7 02:04:53 2024 -# cpan-security-advisory b9a30c4b9ca63dcd881d5791eef267657bcd6916 +# created by util/generate at Fri Mar 8 20:20:37 2024 +# cpan-security-advisory ba68b838b9ad93d2421c515b1f7861585ff4973a # package CPAN::Audit::DB; use strict; use warnings; -our $VERSION = '20240307.002'; +our $VERSION = '20240308.001'; sub db { { @@ -28561,7 +28561,7 @@ sub db { 'severity' => undef }, { - 'affected_versions' => '<=1.404,>=1.06', + 'affected_versions' => '>=1.06,<=1.404', 'cves' => [ 'CVE-2004-0452' ], @@ -32914,7 +32914,7 @@ sub db { 'description' => 'The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. ', 'distribution' => 'IO-Socket-SSL', - 'fixed_versions' => undef, + 'fixed_versions' => '>=1.35', 'id' => 'CPANSA-IO-Socket-SSL-2010-4334', 'references' => [ 'http://osvdb.org/69626', @@ -32940,7 +32940,7 @@ sub db { 'description' => 'The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate. ', 'distribution' => 'IO-Socket-SSL', - 'fixed_versions' => undef, + 'fixed_versions' => '>=1.26', 'id' => 'CPANSA-IO-Socket-SSL-2009-3024', 'references' => [ 'http://www.openwall.com/lists/oss-security/2009/08/31/4', @@ -44458,6 +44458,10 @@ sub db { { 'date' => '2023-10-27T17:11:42', 'version' => '9.35' + }, + { + 'date' => '2024-03-08T22:16:38', + 'version' => '9.36' } ] }, @@ -55881,6 +55885,14 @@ sub db { { 'date' => '2024-01-18T11:30:17', 'version' => '0.31' + }, + { + 'date' => '2024-03-08T11:04:50', + 'version' => '0.32' + }, + { + 'date' => '2024-03-08T12:50:37', + 'version' => '0.33' } ] }, @@ -63451,35 +63463,6 @@ sub db { 'reported' => '2016-04-08', 'severity' => 'high' }, - { - 'affected_versions' => '<5.25.2', - 'cves' => [ - 'CVE-2016-6185' - ], - 'description' => 'The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. -', - 'distribution' => 'perl', - 'fixed_versions' => '>=5.25.2', - 'id' => 'CPANSA-perl-2016-6185', - 'references' => [ - 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/', - 'http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7', - 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/', - 'http://www.openwall.com/lists/oss-security/2016/07/07/1', - 'http://www.openwall.com/lists/oss-security/2016/07/08/5', - 'https://rt.cpan.org/Public/Bug/Display.html?id=115808', - 'http://www.debian.org/security/2016/dsa-3628', - 'http://www.securitytracker.com/id/1036260', - 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/', - 'http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html', - 'http://www.securityfocus.com/bid/91685', - 'https://security.gentoo.org/glsa/201701-75', - 'https://usn.ubuntu.com/3625-2/', - 'https://usn.ubuntu.com/3625-1/' - ], - 'reported' => '2016-08-02', - 'severity' => 'high' - }, { 'affected_versions' => '=5.8.1', 'cves' => [ @@ -69899,6 +69882,7 @@ sub db { 'Spreadsheet::ParseExcel::Workbook' => 'Spreadsheet-ParseExcel', 'Spreadsheet::ParseExcel::Worksheet' => 'Spreadsheet-ParseExcel', 'Spreadsheet::ParseXLSX' => 'Spreadsheet-ParseXLSX', + 'Spreadsheet::ParseXLSX::Cell' => 'Spreadsheet-ParseXLSX', 'Spreadsheet::ParseXLSX::Decryptor' => 'Spreadsheet-ParseXLSX', 'Spreadsheet::ParseXLSX::Decryptor::Agile' => 'Spreadsheet-ParseXLSX', 'Spreadsheet::ParseXLSX::Decryptor::Standard' => 'Spreadsheet-ParseXLSX', diff --git a/lib/CPAN/Audit/DB.pm.gpg b/lib/CPAN/Audit/DB.pm.gpg index dd79456..70cec65 100644 --- a/lib/CPAN/Audit/DB.pm.gpg +++ b/lib/CPAN/Audit/DB.pm.gpg @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmXpZxUACgkQ+D+NXoeL -YEEsVQ//es7QOREXC081nc5mXtJjH9/macePabbyfQHn93iwsUVcUCH0AhD3Fu2u -b5eQiuNSfipmf91jeyCf2HQ4/z/wNEAOuqKh6CN4ql6qODS6ypJiib7GkcZUXLdn -WJRYec4tFBHeyqlYw06mqH3IRu73A/knR5C1+hvTRun1JSFQQLPIUnqVzKB17Rjx -xTU94AKPhk4m/oetxiU2VHsqDOKOFIyY6O4OCRPoQEoPl1f3pjejdPo7K5PoMHIh -eronr/cXu2h5YKSQhXxLgWH9jX96BNHpvbvIe67eZ0FCgU4L+Qr9l9s9H0uUV8ch -zo1293Tgt5JEZeu1NWdv2YaYezyW1ajLOJl21tZDem7gaTSGeOk6mtPfWSbMgiiS -bAzyorxau7SmXYPcCswZ+qhtaH3XEme0Cgt9Wgeif6lcCXgft0S9Yvmgik+61lwL -zBDFFQHGJXU3CrSEGrQfchJb4MKEoizmDb6mp9diT2bLvCJjXAVze2YBy7sQqipX -+FfCyaxIjNY1T2/iobd/rv39fYaFKq2nZMfFgtRxFf6HqoTcCrEHqD9OkcFXAQGg -76BdE3YTqRJ091F13zaIhouprWEkzalEDGcYV5lDOq1Yif/oYLAIWe74lu5niRmY -cSoj5ZHT3mYv3CPTa5iR3uYK5b+1VZaKEsS5DJL1imQdMYmCD2c= -=xhSu +iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmXruWUACgkQ+D+NXoeL +YEF4aw/+NZxe5WQitrLfItEFA0QQSQZGogP8HGiGsBaf3cPJkc10uZhl4HLkoFte +2Y/eRIZ4ONXVcg4dBebMIHXDZoPed6kiEYtU05rj+rRBhbOqEAsRtXjAfnoZbqPH +gqNj/lepcXG13U+b53Vu32Uq/RxKnrrfKg0AqiQiwoYbXDtU6EtNGZoMe2uJa9Yp +b3B605gXRYvPvLb7HJmiasABA8M7tKbOgp8yvPmS4ONNqjPVivW98SaOYXrz44fH +bvOPmUEN1+XOV4BAb5MIxnAU4A5m0p1eZRi+BAg02VKra7eVgqvCebG5p9VmRM+M +sOpnwgjrhXRBOOfp86oZBv2l1v/bfmT9IlttHeajs5aYwXS7/Kp0dGp9dhNoKB6+ +t4TgWi7+imeNNkTLfthKtIs0egYHkpII7kbo5rae44/eglJhoNGKmf2eRLvAbD6g +aUAjrQLKIxJozakjl+gAqAxwPykpjNnY6nal3IzDZjswh4oTC+7MP49kmgZszhQC +hw0UulqgZP2lrGIWHaG1aYnCQ2B3JEBmsYt8nN5+FvYi6m3IetK8iiSeL/c+eD7r +YqDPo/88ep28BJxjnmw8JB/XPVJbOGMQRYKU8VijCkU3FsBmr95tIE1DwO0oiRNR +6HHtvp9Nne9hzQanKYVVZws/T2HC+HRwb3x7AAq+kWJvwWTqJ/k= +=8wy4 -----END PGP SIGNATURE-----