[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47624: Various IP handling perl packages may be vulnerable
From: |
Léo Le Bouter |
Subject: |
bug#47624: Various IP handling perl packages may be vulnerable |
Date: |
Tue, 06 Apr 2021 21:05:33 +0200 |
User-agent: |
Evolution 3.34.2 |
Read:
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
I have not had time to investigate deeply, posting here so the info is
not lost. I have already fixed one issue related to perl-data-validate-
ip in 8ec03ed5475ca7919a7d11541ff8cbf33a9ffe67, but it seems there's
several others.
One as CVE recently:
CVE-2021-29424 18:15
The Net::Netmask module before 2.0000 for Perl does not properly
consider extraneous zero characters at the beginning of an IP address
string, which (in some situations) allows attackers to bypass access
control that is based on IP addresses.
Can't find a corresponding package in GNU Guix.
To be continued!
Léo
signature.asc
Description: This is a digitally signed message part
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#47624: Various IP handling perl packages may be vulnerable,
Léo Le Bouter <=