We’ve just published a blog post that summarises a response to a security advisory raised by Stig Palmquist. The advisory introduces three CVEs related to how checksums are handled by PAUSE and CPAN clients.
The blog post: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
The advisory: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
Neil
The blog post: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
The advisory: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
Neil