Описание
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libdata-entropy-perl | fixed | 0.008-1 | package | |
| libdata-entropy-perl | fixed | 0.007-4+deb12u1 | bookworm | package |
Примечания
https://lists.security.metacpan.org/cve-announce/msg/28284586/
Fixed by: https://github.com/robrwo/Data-Entropy/commit/1293c1570507c37aedc5ad631f013170693a2ef4 (v0.008)
Связанные уязвимости
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Уязвимость функции rand() языка программирования Perl, позволяющая нарушителю обойти существующие ограничения безопасности