[SECURITY] [DLA 3846-1] libmojolicious-perl security update

To: [email protected]
Subject: [SECURITY] [DLA 3846-1] libmojolicious-perl security update
From: Arturo Borrero Gonzalez <[email protected]>
Date: Sun, 30 Jun 2024 11:58:32 +0200
Message-id: <[🔎] [email protected]>
Mail-followup-to: [email protected]
Reply-to: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3846-1                [email protected]
https://www.debian.org/lts/security/              Arturo Borrero Gonzalez
June 28, 2024                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libmojolicious-perl
Version        : 8.12+dfsg-1.1~deb10u1
CVE ID         : CVE-2020-36829

Mojolicious is a Perl Web Application Framework built around the familiar
Model-View-Controller philosophy. It supports a simple single file mode via
Mojolicious::Lite, RESTful routes, plugins, Perl-ish templates, session
management, signed cookies, a testing framework, internationalization, first
class Unicode support, and more.

The libmojolicious-perl package had a timing attack vulnerability that allowed
an attacker to guess the length of a secret string.

For Debian 10 buster, this problem has been fixed in version
8.12+dfsg-1.1~deb10u1.

We recommend that you upgrade your libmojolicious-perl packages.

For the detailed security status of libmojolicious-perl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libmojolicious-perl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3ZhhqyPcMzOJLgepaOcTmB0VFfgFAmaBKvEACgkQaOcTmB0V
FfhAoRAAiSm9b56Qh1CPNP0jW9PFiWSq5eZ50zFqG1caBzyFE1Tuxy0atrP6krFd
u9uR7mdLQxOJshlNOhg9W1Xsuzw2hd8bmrcFmVAb2lgdhmNCmJOVJAVXwlZT33vt
ZzubDp3TuaT70DISZklAnmHO5fW3+kADEXrQbNtpsFvfyb4usr7MuZhKX7NCAHUp
dMcvGzTORS7lXAWq1eIE74sQDRCTzndvpXKcGju+rnIV29VBCRaykAgBsq9Ss1PP
a1QBWtMw90Fr6ipQHtayBJ60tBTGLpgD4zifIp8li0UO5dJTPB/vWTb2qpV5HSCk
YmDCgcN5YEx9Jvhj0AJ2TmiebGxSZvY0jyZFlztjOXmDq5EHqfMrBXNPuXb1pLoG
4NwLHltf2zCd8GAypQaOJ4UrPRU56ShnW/5tXIjSrDNeGMShAW0IXC7w13Ml86bL
PALz0y83WYfMAiR5Ck7u1Zqr1sDNmPvAykZE9cP7zuqJeK909tOw6GhksnMcBXPd
uJ/nTSagPT3iygSUNH1NFt5Okhi+4ypPgpKMYWl6yMjhhT51F4goZz1bS+taaR6p
PdZSnDf6c6JU59pLGPZRxmJbzT8yT8VLb3BA91iFU+hZhbmzuRp5fCoFs+q9kSmk
t+mC9aEet6r6uBM6LWD8XIf3FviWWBX3qot3i5q3f9q7i+gSPdk=
=qVLC
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3849-1] org-mode security update
Next by Date: [SECURITY] [DLA 3850-1] glibc security update
Previous by thread: [SECURITY] [DLA 3849-1] org-mode security update
Next by thread: [SECURITY] [DLA 3850-1] glibc security update
Index(es):
- Date
- Thread