[Git][security-tracker-team/security-tracker][master] Split off tracking for libcryptx-perl issue to dedidated CVE

Wed Jun 11 21:17:43 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c69be8a3 by Salvatore Bonaccorso at 2025-06-11T22:17:02+02:00
Split off tracking for libcryptx-perl issue to dedidated CVE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -45,7 +45,12 @@ CVE-2025-40915 (Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random numbe
 CVE-2025-40914 (Perl CryptX before version 0.087 contains a dependency that may be sus ...)
 	TODO: check
 CVE-2025-40912 (CryptX for Perl before version 0.065 contains a dependency that may be ...)
-	TODO: check
+	- libcryptx-perl 0.066-1
+	NOTE: https://github.com/libtom/libtomcrypt/issues/507
+	NOTE: perl-CryptX: https://github.com/DCIT/perl-CryptX/commit/32f1d210ed6300b8e82f46f1b983f7316aa7eaf9 (v0.065)
+	NOTE: https://lists.security.metacpan.org/cve-announce/msg/30337161/
+	NOTE: CVE is for the use of the vulnerable version of the embedded libtomcrypt
+	NOTE: library affected by CVE-2019-17362.
 CVE-2025-3473 (IBM Security Guardium 12.1 could allow a local privileged user to esca ...)
 	NOT-FOR-US: IBM
 CVE-2025-3302 (The Xagio SEO \u2013 AI Powered SEO plugin for WordPress is vulnerable ...)
@@ -459707,11 +459712,9 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string functi
 	- libtomcrypt 1.18.2-3
 	[buster] - libtomcrypt <no-dsa> (Minor issue)
 	[stretch] - libtomcrypt <no-dsa> (Minor issue)
-	- libcryptx-perl 0.066-1
 	NOTE: https://github.com/libtom/libtomcrypt/issues/507
 	NOTE: https://github.com/libtom/libtomcrypt/pull/508
 	NOTE: https://github.com/libtom/libtomcrypt/commit/25c26a3b7a9ad8192ccc923e15cf62bf0108ef94
-	NOTE: perl-CryptX: https://github.com/DCIT/perl-CryptX/commit/32f1d210ed6300b8e82f46f1b983f7316aa7eaf9 (v0.065)
 CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh  ...)
 	{DSA-4676-1}
 	- salt 2019.2.3+dfsg1-1 (bug #949222)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69be8a339c9d9cd559cbc4e67c8b485548a0b9b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c69be8a339c9d9cd559cbc4e67c8b485548a0b9b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250611/e45766e0/attachment-0001.htm>
