MGASA-2025-0276

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0276.html

Import Source

https://advisories.mageia.org/MGASA-2025-0276.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2025-0276

Related

Published

2025-11-12T21:29:34Z

Modified

2025-11-12T20:50:55Z

Summary

Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities

Details

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484) HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. (CVE-2023-31486)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / perl-CPAN

Package

Name: perl-CPAN
Purl: pkg:rpm/mageia/perl-CPAN?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.340.0-1.1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / perl-HTTP-Tiny

Package

Name: perl-HTTP-Tiny
Purl: pkg:rpm/mageia/perl-HTTP-Tiny?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.82.0-1.1.mga9

Ecosystem specific

{
    "section": "core"
}