https://bugzilla.redhat.com/show_bug.cgi?id=2335501
Bug ID: 2335501
Summary: CVE-2025-22376 perl-Net-OAuth: Default nonce for
Net::OAuth package for perl is not cryptographically
strong [epel-all]
Product: Fedora EPEL
Version: epel9
Status: NEW
Whiteboard: {"flaws": ["0d0def6b-d3d7-489c-824e-dafb571e1f39"]}
Component: perl-Net-OAuth
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: sander(a)hoentjen.eu
Reporter: mbenatto(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: emmanuel(a)seyman.fr, lkundrak(a)v3.sk,
perl-devel(a)lists.fedoraproject.org,
sander(a)hoentjen.eu, xavier(a)bachelot.org
Blocks: 2335488
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2335488
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2335501
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2161639
Bug ID: 2161639
Summary: Pregenerated File-RsyncP-0.76/FileList/configure is
missing a source
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-File-RsyncP
Assignee: jplesnik(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: imlinux+fedora(a)gmail.com, jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Link ID: Red Hat Bugzilla 199647
Classification: Fedora
perl-File-RsyncP-0.76-10.fc38 source package delivers
File-RsyncP-0.76/FileList/configure file which itsels was generated with
Autoconf, but the original source for Autoconf tool (configure.in according to
File-RsyncP-0.76/FileList/Makefile.PL is missing from the source archive and
thus from the source package.
While the file is licensed as FSFULL which does not require distributing
sources, it is deemed to be against Fedora spirit (and Packaging guidelines?)
<https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject…>.
We should either reimplement configure.in or remove this package from a
distribution.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2161639