unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#47624: Various IP handling perl packages may be vulnerable
@ 2021-04-06 19:05 Léo Le Bouter via Bug reports for GNU Guix
  0 siblings, 0 replies; only message in thread
From: Léo Le Bouter via Bug reports for GNU Guix @ 2021-04-06 19:05 UTC (permalink / raw)
  To: 47624

[-- Attachment #1: Type: text/plain, Size: 692 bytes --]

Read: 
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/

I have not had time to investigate deeply, posting here so the info is
not lost. I have already fixed one issue related to perl-data-validate-
ip in 8ec03ed5475ca7919a7d11541ff8cbf33a9ffe67, but it seems there's
several others.

One as CVE recently:

CVE-2021-29424	18:15
The Net::Netmask module before 2.0000 for Perl does not properly
consider extraneous zero characters at the beginning of an IP address
string, which (in some situations) allows attackers to bypass access
control that is based on IP addresses.

Can't find a corresponding package in GNU Guix.

To be continued!
Léo

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-04-06 19:06 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-06 19:05 bug#47624: Various IP handling perl packages may be vulnerable Léo Le Bouter via Bug reports for GNU Guix

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).