Skip to content
Commit f4fe9861 authored by Soumya's avatar Soumya Committed by Steve Sakoman
Browse files

perl: Fix CVE-2023-31484 & CVE-2023-31486 

CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and
available standalone on CPAN, has an insecure default TLS
configuration where users must opt in to verify certificates.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31484
https://nvd.nist.gov/vuln/detail/CVE-2023-31486

Upstream patches:
https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0
https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d
https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d



Signed-off-by: default avatarSoumya <soumya.sambu@windriver.com>
Signed-off-by: default avatarSteve Sakoman <steve@sakoman.com>
parent ce5337d1
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment