perl-devel June 2025

perl-devel@lists.fedoraproject.org

2 participants
53 discussions

[Bug 2035273] New: CVE-2020-16156 perl-CPAN: allows Signature Verification Bypass
by bugzilla＠redhat.com 03 Jun '25

03 Jun '25

https://bugzilla.redhat.com/show_bug.cgi?id=2035273 Bug ID: 2035273 Summary: CVE-2020-16156 perl-CPAN: allows Signature Verification Bypass Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mrehak(a)redhat.com CC: caswilli(a)redhat.com, hhorak(a)redhat.com, jorton(a)redhat.com, jplesnik(a)redhat.com, kaycoth(a)redhat.com, mspacek(a)redhat.com, perl-devel(a)lists.fedoraproject.org, perl-maint-list(a)redhat.com, ppisar(a)redhat.com Target Milestone: --- Classification: Other It was found that cpan and cpanm are vulnerable to a signature verification bypass. Additionally, CPAN::Checksums (used by PAUSE) does not uniquely identify packages in the signed CHECKSUMS file, enabling a supply chain attack. Reference: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2035273

1 16

[Bug 2369739] New: CVE-2025-40908 perl-YAML-LibYAML: LibYAML Perl File Modification Vulnerability [fedora-42]
by bugzilla＠redhat.com 02 Jun '25

02 Jun '25

https://bugzilla.redhat.com/show_bug.cgi?id=2369739 Bug ID: 2369739 Summary: CVE-2025-40908 perl-YAML-LibYAML: LibYAML Perl File Modification Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["f6dfca03-6fd2-4487-ac5c-839067edd0e2"]} Component: perl-YAML-LibYAML Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: jplesnik(a)redhat.com Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: jplesnik(a)redhat.com, mmaslano(a)redhat.com, mspacek(a)redhat.com, paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org Blocks: 2369630 (CVE-2025-40908) Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2369630 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2369630 [Bug 2369630] CVE-2025-40908 yaml-libyaml: LibYAML Perl File Modification Vulnerability -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2369739 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 1

[Bug 2369737] New: CVE-2025-40908 perl-YAML-LibYAML: LibYAML Perl File Modification Vulnerability [fedora-41]
by bugzilla＠redhat.com 02 Jun '25

02 Jun '25

https://bugzilla.redhat.com/show_bug.cgi?id=2369737 Bug ID: 2369737 Summary: CVE-2025-40908 perl-YAML-LibYAML: LibYAML Perl File Modification Vulnerability [fedora-41] Product: Fedora Version: 41 Status: NEW Whiteboard: {"flaws": ["f6dfca03-6fd2-4487-ac5c-839067edd0e2"]} Component: perl-YAML-LibYAML Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: jplesnik(a)redhat.com Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: jplesnik(a)redhat.com, mmaslano(a)redhat.com, mspacek(a)redhat.com, paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org Blocks: 2369630 (CVE-2025-40908) Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2369630 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2369630 [Bug 2369630] CVE-2025-40908 yaml-libyaml: LibYAML Perl File Modification Vulnerability -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2369737 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

perl-devel June 2025