| Summary: | dev-perl/App-cpanminus: signature verification bypass | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | perl |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ | ||
| Whiteboard: | B2 [upstream] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2021-12-13 19:50:16 UTC
No motion upstream since 2018... 108 open bugs... That said, by default cpanm doesnt verify signatures at all anyway. https://metacpan.org/pod/App::cpanminus |
