[Git][security-tracker-team/security-tracker][master] Add references for libcrypt-openssl-pkcs12-perl issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 18 08:07:49 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d1f19e3c by Salvatore Bonaccorso at 2026-05-18T08:40:48+02:00
Add references for libcrypt-openssl-pkcs12-perl issues

Note the upstream repository got wrongly tagged for 1.95, CPANsec is
notified.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,6 +63,10 @@ CVE-2026-8723 (### Summary    `qs.stringify` throws `TypeError` when called with
 CVE-2026-8721 (Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwo ...)
 	- libcrypt-openssl-pkcs12-perl 1.95-1
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40149249/
+	NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/7b90e88a97f0ebe440032b8116249d1004d7ca6f
+	NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/468712ae04188342b263f057ad65f21a3545013b
+	NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/68904cd32691e223ad9eeff914812b8641eea14b
+	NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/d69393f3207586e3c6f2fe1a21b0b8972b93f8db
 CVE-2026-8719 (The AI Engine \u2013 The Chatbot, AI Framework & MCP for WordPress plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-8507 (Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of boun ...)
@@ -71,6 +75,7 @@ CVE-2026-8507 (Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out of
 	NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
 	NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56
 	NOTE: Fixed by: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397
+	NOTE: Regression test: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/31878e6453079d0cdb748c7e9c514460cf308e6c
 CVE-2026-6050
 	REJECTED
 CVE-2026-46720 (Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric inject ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1f19e3c0c924c0310701cceea7011105bf9e74d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d1f19e3c0c924c0310701cceea7011105bf9e74d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260518/5880f90d/attachment.htm>

More information about the debian-security-tracker-commits mailing list