[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-13939/libstring-compare-constanttime-perl: link patch proposal

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Sat Apr 12 10:41:20 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76402de3 by Sylvain Beucler at 2025-04-12T11:41:13+02:00
CVE-2024-13939/libstring-compare-constanttime-perl: link patch proposal

- - - - -
2a406b3a by Sylvain Beucler at 2025-04-12T11:41:13+02:00
dla: add libstring-compare-constanttime-perl

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5765,6 +5765,7 @@ CVE-2024-13939 (String::Compare::ConstantTime for Perl through 0.321 is vulnerab
 	[bookworm] - libstring-compare-constanttime-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28284732/
 	NOTE: https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL
+	NOTE: https://github.com/hoytech/String-Compare-ConstantTime/pull/21
 CVE-2024-56325 (Authentication Bypass Issue  If the path does not contain / and contai ...)
 	NOT-FOR-US: Apache Pinot
 CVE-2025-31181 (A flaw was found in gnuplot. The X11_graphics() function may lead to a ...)


=====================================
data/dla-needed.txt
=====================================
@@ -147,6 +147,11 @@ libreoffice (dleidert)
 libsoup2.4
   NOTE: 20250408: Added by Front-Desk (Beuc)
 --
+libstring-compare-constanttime-perl
+  NOTE: 20250412: Added by Front-Desk (Beuc)
+  NOTE: 20250412: Upstream has been dormant, but there's a patch proposal from RedHat.
+  NOTE: 20250412: Coordinate with them? (Beuc/front-desk)
+--
 linux (Ben Hutchings)
   NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab8acdcfc0ebe2e73bb5ae150407b2e3c52d6b0b...2a406b3a19c285352aa8292ee72f33a6f3437013

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab8acdcfc0ebe2e73bb5ae150407b2e3c52d6b0b...2a406b3a19c285352aa8292ee72f33a6f3437013
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250412/029326fe/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list