Bug#962407: libhttp-tiny-perl: CVE-2023-31486: Does not default to verify SSL certificates

gregor herrmann gregoa at debian.org
Mon Jun 19 18:27:07 BST 2023


Control: tag -1 + fixed-upstream

On Thu, 26 May 2022 12:28:16 +0000, Damyan Ivanov wrote:

> > > https://github.com/chansen/p5-http-tiny/issues/134
> > Revisiting this issue now, the state seems to be:
> > The upstream ticket was closed with
> > "On reflection, we shouldn't make this change for backwards compatibility."

Update: This is now changed in HTTP::Tiny 0.083 (which also got
imported into perl core 5.38-RC1):
https://metacpan.org/release/DAGOLDEN/HTTP-Tiny-0.084/source/Changes#L11-12


Cheers,
gregor

-- 
 .''`.  https://info.comodo.priv.at -- Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
   `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: Digital Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20230619/bf756a96/attachment.sig>


More information about the pkg-perl-maintainers mailing list