https://bugzilla.redhat.com/show_bug.cgi?id=2355705
Bug ID: 2355705
Summary: CVE-2024-13939 perl-String-Compare-ConstantTime:
String::Compare::ConstantTime for Perl through 0.321
is vulnerable to timing attacks that allow an attacker
to guess the length of a secret string [fedora-41]
Product: Fedora
Version: 41
Status: NEW
Whiteboard: {"flaws": ["da725ec8-9b41-4a44-8936-c21c330ab0cf"]}
Component: perl-String-Compare-ConstantTime
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: ppi...@redhat.com
Reporter: ahanw...@redhat.com
QA Contact: extras...@fedoraproject.org
CC: jples...@redhat.com,
perl-devel@lists.fedoraproject.org, ppi...@redhat.com
Blocks: 2355663
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=2355663
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2355705
Report this comment as SPAM:
https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202355705%23c0
--
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
