* bug#47624: Various IP handling perl packages may be vulnerable
@ 2021-04-06 19:05 Léo Le Bouter via Bug reports for GNU Guix
0 siblings, 0 replies; only message in thread
From: Léo Le Bouter via Bug reports for GNU Guix @ 2021-04-06 19:05 UTC (permalink / raw)
To: 47624
[-- Attachment #1: Type: text/plain, Size: 692 bytes --]
Read:
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
I have not had time to investigate deeply, posting here so the info is
not lost. I have already fixed one issue related to perl-data-validate-
ip in 8ec03ed5475ca7919a7d11541ff8cbf33a9ffe67, but it seems there's
several others.
One as CVE recently:
CVE-2021-29424 18:15
The Net::Netmask module before 2.0000 for Perl does not properly
consider extraneous zero characters at the beginning of an IP address
string, which (in some situations) allows attackers to bypass access
control that is based on IP addresses.
Can't find a corresponding package in GNU Guix.
To be continued!
Léo
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-06 19:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-06 19:05 bug#47624: Various IP handling perl packages may be vulnerable Léo Le Bouter via Bug reports for GNU Guix
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.