diff options
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index e8651b2ce86e..4c84615ca2f7 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -48,10 +48,14 @@ <body xmlns="http://www.w3.org/1999/xhtml"> <p>perl-catalyst project reports:</p> <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-40920"> - <p>Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using - the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating - UUIDs.* Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for - security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.</p> + <p>Catalyst::Authentication::Credential::HTTP versions 1.018 + and earlier for Perl generate nonces using + the Perl Data::UUID library. * Data::UUID does not use a + strong cryptographic source for generating + UUIDs.* Data::UUID returns v3 UUIDs, which are generated + from known information and are unsuitable for + security, as per RFC 9562. * The nonces should be generated + from a strong cryptographic source, as per RFC 7616.</p> </blockquote> </body> </description> |