[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-8507/libcrypt-openssl-pkcs12-perl: introductory commit + bullseye not-affected
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Mon May 18 20:42:14 BST 2026
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d096d039 by Sylvain Beucler at 2026-05-18T21:42:04+02:00
CVE-2026-8507/libcrypt-openssl-pkcs12-perl: introductory commit + bullseye not-affected
print_attribute/info/info_as_hash functions all introduced in this commit and the next one
- - - - -
b35f6e08 by Sylvain Beucler at 2026-05-18T21:42:06+02:00
CVE-2026-8721/libcrypt-openssl-pkcs12-perl: bullseye postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -242,6 +242,7 @@ CVE-2026-8723 (### Summary `qs.stringify` throws `TypeError` when called with
CVE-2026-8721 (Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwo ...)
- libcrypt-openssl-pkcs12-perl 1.95-1
[trixie] - libcrypt-openssl-pkcs12-perl <no-dsa> (Minor issue)
+ [bullseye] - libcrypt-openssl-pkcs12-perl <postponed> (Minor issue, only affects passwords including a NUL byte)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40149249/
NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/7b90e88a97f0ebe440032b8116249d1004d7ca6f
NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/468712ae04188342b263f057ad65f21a3545013b
@@ -252,11 +253,13 @@ CVE-2026-8719 (The AI Engine \u2013 The Chatbot, AI Framework & MCP for WordPres
CVE-2026-8507 (Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-boun ...)
- libcrypt-openssl-pkcs12-perl 1.95-1
[trixie] - libcrypt-openssl-pkcs12-perl <no-dsa> (Minor issue)
+ [bullseye] - libcrypt-openssl-pkcs12-perl <not-affected> (Vulnerable code introduced later)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40149247/
NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/56
NOTE: Fixed by: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397
NOTE: Regression test: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/31878e6453079d0cdb748c7e9c514460cf308e6c
+ NOTE: Introduced by: https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/b9d0469c6d8f5b5c6c2a45a3d0647a532b749397 (1.92)
CVE-2026-6050
REJECTED
CVE-2026-46720 (Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric inject ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42783da209487a8fdd699287b406713d796a6c86...b35f6e0862188aae5403c3f453aa093fd13d72ee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/42783da209487a8fdd699287b406713d796a6c86...b35f6e0862188aae5403c3f453aa093fd13d72ee
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260518/2834e7d7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list