Bug#954089: libplack-perl: Please verify server identity via SSL
Felix Lechner
felix.lechner at lease-up.com
Mon Mar 16 18:34:51 GMT 2020
Hi Damyan,
On Mon, Mar 16, 2020 at 10:29 AM Damyan Ivanov <dmn at debian.org> wrote:
>
> Any idea how many packages are we talking about?
Below is my working list for filing bugs. It is based on a full text
search from codesearch.d.n.
My designations may not be entirely consistent, but in general 'good'
means that verify_SSL was turned on (or SSL_verify_mode was set in
SSL_options) while 'fpos' means it was a false positive that mentioned
HTTP::Tiny but did not use it.
As a side note, the POD for HTTP::Tiny is ambiguous whether to use
'verify_SSL' or 'SSL_verify'.
If we fix the issue on the consumer side, as suggested by the security
team, we should also include the consumers of many libraries on this
list, such as HTTP::Thin. Please see #954057 for details.
Kind regards
Felix Lechner
#954040 cpanminus
#954041 cpanoutdated
[good] devscripts
#954042 inxi
[fpos] libalien-gnuplot-perl
#954043 libcpan-common-index-perl
#954044 libcpan-perl-releases-perl
#954045 libcpanplus-perl
#954046 libcpan-sqlite-perl
[http] libdancer2-perl
[http] libdancer-perl
[fpos] libdbix-class-schema-loader-perl
#954054 libdist-inkt-role-test-perl
[fpos] libfile-slurp-perl
#954051 libgitlab-api-v4-perl
[fpos] libhijk-perl
#954056 libhtml-html5-parser-perl
[fpos] libhttp-lite-perl
#954057 libhttp-thin-perl
#954058 libhttp-tinyish-perl
libhttp-tiny-multipart-perl
libhttp-tiny-perl
[????] libio-socket-ssl-perl
[fpos] liblexical-accessor-perl
[good] libmenlo-legacy-perl
#954059 libmenlo-perl
#954083 libmetacpan-client-perl
[fpos] libmodule-corelist-perl
[fpos] libmongodb-perl
[test] libmoo-perl
#954084 libnanomsg-raw-perl
[fpos] libnet-ssleay-perl
#954085 libpandoc-wrapper-perl
[fpos] libparallel-forkmanager-perl
#954089 libplack-perl
[good] libprotocol-acme-perl
librole-rest-client-perl
libsearch-elasticsearch-perl
libspreadsheet-readsxc-perl
libtask-kensho-perl
liburi-encode-perl
#954048 libwww-oauth-perl
[fpos] libyahc-perl
[good] ntp
[fpos] percona-toolkit
perl
[fpos] pinto
#954038 pkg-perl-tools
#954047 pmuninstall
More information about the pkg-perl-maintainers
mailing list