[SECURITY] [DLA 4100-1] libdata-entropy-perl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4100-1] libdata-entropy-perl security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 31 Mar 2025 15:28:51 +0300
Message-id: <[🔎] Z+qKg5fR5b5aKTBP@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4100-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
March 31, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libdata-entropy-perl
Version        : 0.007-3.1+deb11u1
CVE ID         : CVE-2025-1860
Debian Bug     : 1101503

The perl module Data::Entropy was using the cryptographically insecure
rand() function as default entropy source.

For Debian 11 bullseye, this problem has been fixed in version
0.007-3.1+deb11u1.

We recommend that you upgrade your libdata-entropy-perl packages.

For the detailed security status of libdata-entropy-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libdata-entropy-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmfqioMACgkQiNJCh6LY
mLFm1xAAmYQdzAEOGuoO9FIyq6ECEwtsuQ30nxk/5lS39kpjP3F9Zsjrf6SOXOdF
2i8z2RH2eMMs1QoYg7bktj8b9y/bZ86TC3j1U3Z8RWj/TDnPfl33fKuZUbyS4kJ8
zxicLw4OXrI67R444iu3Uf585EmuluG+ejtoV3gSAVuN6k/2TBW/tr5oUyJGUV4k
gJCY+VfsRXndXO+vAAwxO2KPyoYx4fq62WAGR3ZrEhJ78YQFiQP7zMTIjk3LIUfM
X0g2+agtBbg/OLasX9B7HFm28MXFdIUgyIq7XdyS9iCELCXJ38kbTC46TXxwLkaU
D95U90m2Bx2m5tfk41t4XKpxVIIKdXnxzFyE03O682vHL7wHQ7+zRm8kHvrJeoXN
UVsdBanYntolzr5gZ13jEefkMFIhWIWV5UjFDnI/ZB00u+AOK+hIgDGZwjxzlEDI
pLaP+TFQ/Rhpw1cm+N4rVp9fee+JiNO2DATaxTAJ+dvYwoeMuvVw1raEFRM7arvt
73Py1grUbKlfqg75DpRIdInBhIjh3cQYEkyduxvx5LSKb3mBLzbct1zrgKS9xZ03
jz7Wyy1gV784fzYaW8Gzp+bBZBo7y7f3PZlICNt5NAH3L02Yr1l20SWguPtoXvn3
DQ1JAnPn4iU/6OYMa+Y/HrM6AGdpdYS3RCyDgjGp///xHUH5YZA=
=W3t1
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4099-1] flatpak security update
Next by Date: [SECURITY] [DLA 4101-1] varnish security update
Previous by thread: [SECURITY] [DLA 4099-1] flatpak security update
Next by thread: [SECURITY] [DLA 4101-1] varnish security update
Index(es):
- Date
- Thread