[Git][security-tracker-team/security-tracker][master] Add CVE-2024-13939/libstring-compare-constanttime-perl

Fri, 28 Mar 2025 01:17:40 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f16338cc by Salvatore Bonaccorso at 2025-03-28T09:17:02+01:00
Add CVE-2024-13939/libstring-compare-constanttime-perl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,7 +83,8 @@ CVE-2024-49564 (Dell Unity, version(s) 5.4 and prior, 
contain(s) an Improper Neu
 CVE-2024-49563 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper 
Neutraliz ...)
        NOT-FOR-US: Dell / EMC
 CVE-2024-13939 (String::Compare::ConstantTime for Perl through 0.321 is 
vulnerable to  ...)
-       TODO: check
+       - libstring-compare-constanttime-perl <unfixed>
+       NOTE: 
https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL
 CVE-2024-56325
        NOT-FOR-US: Apache Pinot
 CVE-2025-31181 (A flaw was found in gnuplot. The X11_graphics() function may 
lead to a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f16338cc6766db2bb52f3e28b6b58762f100d31a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f16338cc6766db2bb52f3e28b6b58762f100d31a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to