Package: libcatalyst-authentication-credential-http-perl

Package: libcatalyst-authentication-credential-http-perl / 1.018-4

Metadata

Package	Version	Patches format
libcatalyst-authentication-credential-http-perl	1.018-4	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2025 40920.patch \| (download)	dist.ini \| 1 1 + 0 - 0 ! lib/Catalyst/Authentication/Credential/HTTP.pm \| 13 10 + 3 - 0 ! 2 files changed, 11 insertions(+), 3 deletions(-)	[patch] use crypt::sysrandom to generate nonces instead of data::uuid The nonce should be generated from a strong cryptographic source as per RFC 7616. Data::UUID generates v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. Data::UUID does not use a strong cryptographic source for generating UUIDs. Bug: https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1

Patch

File delta

Description

CVE 2025 40920.patch | (download)

dist.ini | 1 1 + 0 - 0 !
lib/Catalyst/Authentication/Credential/HTTP.pm | 13 10 + 3 - 0 !
2 files changed, 11 insertions(+), 3 deletions(-)

 [patch] use crypt::sysrandom to generate nonces instead of data::uuid

The nonce should be generated from a strong cryptographic source as per
RFC 7616.

Data::UUID generates v3 UUIDs, which are generated from known
information and are unsuitable for security, as per RFC 9562.

Data::UUID does not use a strong cryptographic source for generating
UUIDs.


Bug: https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1