[Git][security-tracker-team/security-tracker][master] Add CVE-2024-13939/libstring-compare-constanttime-perl

Fri Mar 28 08:17:32 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f16338cc by Salvatore Bonaccorso at 2025-03-28T09:17:02+01:00
Add CVE-2024-13939/libstring-compare-constanttime-perl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,7 +83,8 @@ CVE-2024-49564 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neu
 CVE-2024-49563 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2024-13939 (String::Compare::ConstantTime for Perl through 0.321 is vulnerable to  ...)
-	TODO: check
+	- libstring-compare-constanttime-perl <unfixed>
+	NOTE: https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL
 CVE-2024-56325
 	NOT-FOR-US: Apache Pinot
 CVE-2025-31181 (A flaw was found in gnuplot. The X11_graphics() function may lead to a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f16338cc6766db2bb52f3e28b6b58762f100d31a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f16338cc6766db2bb52f3e28b6b58762f100d31a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250328/60f9a58b/attachment.htm>
