[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3846-1] libmojolicious-perl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3846-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/              Arturo Borrero Gonzalez
June 28, 2024                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libmojolicious-perl
Version        : 8.12+dfsg-1.1~deb10u1
CVE ID         : CVE-2020-36829

Mojolicious is a Perl Web Application Framework built around the familiar
Model-View-Controller philosophy. It supports a simple single file mode via
Mojolicious::Lite, RESTful routes, plugins, Perl-ish templates, session
management, signed cookies, a testing framework, internationalization, first
class Unicode support, and more.

The libmojolicious-perl package had a timing attack vulnerability that allowed
an attacker to guess the length of a secret string.

For Debian 10 buster, this problem has been fixed in version
8.12+dfsg-1.1~deb10u1.

We recommend that you upgrade your libmojolicious-perl packages.

For the detailed security status of libmojolicious-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libmojolicious-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3ZhhqyPcMzOJLgepaOcTmB0VFfgFAmaBKvEACgkQaOcTmB0V
FfhAoRAAiSm9b56Qh1CPNP0jW9PFiWSq5eZ50zFqG1caBzyFE1Tuxy0atrP6krFd
u9uR7mdLQxOJshlNOhg9W1Xsuzw2hd8bmrcFmVAb2lgdhmNCmJOVJAVXwlZT33vt
ZzubDp3TuaT70DISZklAnmHO5fW3+kADEXrQbNtpsFvfyb4usr7MuZhKX7NCAHUp
dMcvGzTORS7lXAWq1eIE74sQDRCTzndvpXKcGju+rnIV29VBCRaykAgBsq9Ss1PP
a1QBWtMw90Fr6ipQHtayBJ60tBTGLpgD4zifIp8li0UO5dJTPB/vWTb2qpV5HSCk
YmDCgcN5YEx9Jvhj0AJ2TmiebGxSZvY0jyZFlztjOXmDq5EHqfMrBXNPuXb1pLoG
4NwLHltf2zCd8GAypQaOJ4UrPRU56ShnW/5tXIjSrDNeGMShAW0IXC7w13Ml86bL
PALz0y83WYfMAiR5Ck7u1Zqr1sDNmPvAykZE9cP7zuqJeK909tOw6GhksnMcBXPd
uJ/nTSagPT3iygSUNH1NFt5Okhi+4ypPgpKMYWl6yMjhhT51F4goZz1bS+taaR6p
PdZSnDf6c6JU59pLGPZRxmJbzT8yT8VLb3BA91iFU+hZhbmzuRp5fCoFs+q9kSmk
t+mC9aEet6r6uBM6LWD8XIf3FviWWBX3qot3i5q3f9q7i+gSPdk=
=qVLC
-----END PGP SIGNATURE-----


Reply to: