Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Perl>
  3. porters
CPAN vulnerabilities related to checksums
neilb at neilb
Nov 23, 2021, 10:08 AM
Post #1 of 1 (65 views)
Permalink
We’ve just published a blog post that summarises a response to a security advisory raised by Stig Palmquist. The advisory introduces three CVEs related to how checksums are handled by PAUSE and CPAN clients.

The blog post: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html

The advisory: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/

Neil

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal