[Git][security-tracker-team/security-tracker][master] LTS: Ignore last remaining actionable libmojolicious-perl CVE

Sean Whitton (@spwhitton) spwhitton at debian.org
Fri Jun 20 15:03:40 BST 2025 


Sean Whitton pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ebc1dee by Sean Whitton at 2025-06-20T15:03:29+01:00
LTS: Ignore last remaining actionable libmojolicious-perl CVE

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -133467,7 +133467,7 @@ CVE-2023-52341 (In Plaintext COUNTER CHECK message accepted before AS security a
 	NOT-FOR-US: Unisoc
 CVE-2021-47208 (The Mojolicious module before 9.11 for Perl has a bug in format detect ...)
 	- libmojolicious-perl 9.21+dfsg-1
-	[bullseye] - libmojolicious-perl <postponed> (Minor issue)
+	[bullseye] - libmojolicious-perl <ignored> (Minor issue, fix likely to break existing Mojolicious applications for minimal gain)
 	NOTE: https://github.com/mojolicious/mojo/issues/1736
 	NOTE: https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c (v9.11)
 CVE-2020-36829 (The Mojolicious module before 8.65 for Perl is vulnerable to secure_co ...)


=====================================
data/dla-needed.txt
=====================================
@@ -174,11 +174,6 @@ knot-resolver
   NOTE: 20250506: Writting to upstream to get a PoC to reproduce open CVEs.
   NOTE: 20250522: Processing some tips received by upstream to try to reproduce CVE. Still working on the patches.
 --
-libmojolicious-perl (Sean Whitton)
-  NOTE: 20250506: Added by Front-Desk (Beuc)
-  NOTE: 20250620: Picking this up again.  We have had some e-mail discussion
-  NOTE: 20250620: about the CVEs; I'll start by updating the trackers.  (spwhitton)
---
 libpgjava
   NOTE: 20250613: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ebc1deecfd326575626f56acd46c9081b19e69a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ebc1deecfd326575626f56acd46c9081b19e69a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250620/1370f02e/attachment.htm>

More information about the debian-security-tracker-commits mailing list