[Git][security-tracker-team/security-tracker][master] Add CVE-2024-58134/libmojolicious-perl

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9c172aa6 by Salvatore Bonaccorso at 2025-05-03T22:02:37+02:00
Add CVE-2024-58134/libmojolicious-perl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,6 +5,11 @@ CVE-2024-58135 [may generate weak HMAC session secrets]
 	- libmojolicious-perl <unfixed> (bug #1104633)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/29241187/
 	NOTE: https://github.com/mojolicious/mojo/pull/2200
+CVE-2024-58134 [uses a hard coded string, or the application's class name, as a HMAC session secret by default]
+	- libmojolicious-perl <unfixed>
+	NOTE: https://lists.security.metacpan.org/cve-announce/msg/29247502/
+	NOTE: https://github.com/mojolicious/mojo/pull/1791
+	NOTE: https://github.com/mojolicious/mojo/pull/2200
 CVE-2025-4222 (The Database Toolset plugin for WordPress is vulnerable to Sensitive I ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4218 (A vulnerability was found in handrew browserpilot up to 0.2.51. It has ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c172aa6a238b66e7d34abba3c26de3bf26f0675

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c172aa6a238b66e7d34abba3c26de3bf26f0675
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250503/9956acfc/attachment-0001.htm>