Debian Patches
Status for libcatalyst-authentication-credential-http-perl/1.018-4
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2025-40920.patch | [PATCH] Use Crypt::SysRandom to generate nonces instead of Data::UUID The nonce should be generated from a strong cryptographic source as per RFC 7616. Data::UUID generates v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. Data::UUID does not use a strong cryptographic source for generating UUIDs. |
Robert Rothenberg <rrwo@cpan.org> | yes | debian upstream | https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1 | 2025-08-03 |