perl: Fix CVE-2023-31484 & CVE-2023-31486 - linux/poky.git

diff options

author	Soumya <soumya.sambu@windriver.com>	2023-06-30 14:41:57 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-07-07 04:30:25 -1000
commit	68b407ff942a1606c732ce4dcbf1ee20404a40ea (patch)
tree	c4953e1a858ec4360b8e192630ab1c7bf9572a37 /scripts/lib/build_perf/report.py
parent	5e72da9780f6ea95dba9d59ee88c17cb69e416c8 (diff)
download	poky-68b407ff942a1606c732ce4dcbf1ee20404a40ea.tar.gz

perl: Fix CVE-2023-31484 & CVE-2023-31486

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. References: https://nvd.nist.gov/vuln/detail/CVE-2023-31484 https://nvd.nist.gov/vuln/detail/CVE-2023-31486 Upstream patches: https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d (From OE-Core rev: f4fe9861d6aebd971a3120a0eb43f752c73ce2fb) Signed-off-by: Soumya <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/build_perf/report.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: