CPAN 2.28 allows Signature Verification Bypass.
CPE | Name | Operator | Version |
---|---|---|---|
fedora | eq | 34 | |
fedora | eq | 35 | |
comprehensive_perl_archive_network | eq | 2.28 trial | |
comprehensive_perl_archive_network | eq | 2.28 |
blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
metacpan.org/pod/distribution/CPAN/scripts/cpan