[Git][security-tracker-team/security-tracker][master] CVE-2024-58134/mojolicious: clarify my edit

Tue, 20 May 2025 08:33:40 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0f3e218 by Sylvain Beucler at 2025-05-20T17:33:18+02:00
CVE-2024-58134/mojolicious: clarify my edit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5333,7 +5333,7 @@ CVE-2024-58134 (Mojolicious versions from 0.999922 
through 9.40 for Perl uses a
        [bullseye] - libmojolicious-perl <postponed> (Minor issue, upstream 
expects production deployments to reconfigure default session secret)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/29247502/
        NOTE: The CVE covers the default static/guessable secret, and this 
behaviour is
-       NOTE: unchanged by the new CryptX dependency in v9.39.
+       NOTE: unchanged by the new CryptX optional dependency in v9.39 (cf. 
CVE-2024-58135).
 CVE-2025-4222 (The Database Toolset plugin for WordPress is vulnerable to 
Sensitive I ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-4218 (A vulnerability was found in handrew browserpilot up to 0.2.51. 
It has ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f3e218a31073ba81871e4b7ac3ad1057dbfbee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0f3e218a31073ba81871e4b7ac3ad1057dbfbee
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to