Bug#962407: libhttp-tiny-perl: CVE-2023-31486: Does not default to verify SSL certificates
gregor herrmann
gregoa at debian.org
Mon Jun 19 18:27:07 BST 2023
Control: tag -1 + fixed-upstream
On Thu, 26 May 2022 12:28:16 +0000, Damyan Ivanov wrote:
> > > https://github.com/chansen/p5-http-tiny/issues/134
> > Revisiting this issue now, the state seems to be:
> > The upstream ticket was closed with
> > "On reflection, we shouldn't make this change for backwards compatibility."
Update: This is now changed in HTTP::Tiny 0.083 (which also got
imported into perl core 5.38-RC1):
https://metacpan.org/release/DAGOLDEN/HTTP-Tiny-0.084/source/Changes#L11-12
Cheers,
gregor
--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Digital Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20230619/bf756a96/attachment.sig>
More information about the pkg-perl-maintainers
mailing list