* bug#47624: Various IP handling perl packages may be vulnerable
@ 2021-04-06 19:05 Léo Le Bouter via Bug reports for GNU Guix
0 siblings, 0 replies; only message in thread
From: Léo Le Bouter via Bug reports for GNU Guix @ 2021-04-06 19:05 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 692 bytes --]
I have not had time to investigate deeply, posting here so the info is
not lost. I have already fixed one issue related to perl-data-validate-
ip in 8ec03ed5475ca7919a7d11541ff8cbf33a9ffe67, but it seems there's
One as CVE recently:
The Net::Netmask module before 2.0000 for Perl does not properly
consider extraneous zero characters at the beginning of an IP address
string, which (in some situations) allows attackers to bypass access
control that is based on IP addresses.
Can't find a corresponding package in GNU Guix.
To be continued!
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-06 19:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-06 19:05 bug#47624: Various IP handling perl packages may be vulnerable Léo Le Bouter via Bug reports for GNU Guix
all messages for Guix-related lists mirrored at yhetil.org
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://yhetil.org/guix
Example config snippet for mirrors.
AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git