On 2026/02/20 19:28, Andrew Hewus Fresh wrote:
> This has fixes for CVE-2026-2474.
>
> https://metacpan.org/dist/Crypt-URandom/changes
>
> https://lists.security.metacpan.org/cve-announce/msg/37085458/
>
> Comments? OK? Should I commit to -stable?
OK. Low risk in terms of how it's used in ports anyway (most are fixed
length; Crypt::DSA and Crypt::CBC call it with variable length but don't
seem likely to be able to go negative) but yes it makes sense to push to
-stable too.
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/security/p5-Crypt-URandom/Makefile,v
> diff -u -p -r1.4 Makefile
> --- Makefile 17 Jul 2025 11:22:43 -0000 1.4
> +++ Makefile 17 Feb 2026 18:41:29 -0000
> @@ -1,6 +1,7 @@
> COMMENT = provide non blocking randomness
>
> -DISTNAME = Crypt-URandom-0.54
> +DISTNAME = Crypt-URandom-0.55
> +CPAN_AUTHOR = DDICK
>
> CATEGORIES = security
>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/security/p5-Crypt-URandom/distinfo,v
> diff -u -p -r1.4 distinfo
> --- distinfo 17 Jul 2025 11:22:43 -0000 1.4
> +++ distinfo 17 Feb 2026 18:41:29 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (Crypt-URandom-0.54.tar.gz) = SnPNOUkzMo2khKrrhkXXNbNUZd9gEJ5VngoosGYFOlc=
> -SIZE (Crypt-URandom-0.54.tar.gz) = 23803
> +SHA256 (Crypt-URandom-0.55.tar.gz) = 759EFBBzwTVz6FsUj/mpCJxFglt9ZgjYMuQmOJnTotQ=
> +SIZE (Crypt-URandom-0.55.tar.gz) = 24023
>
No comments:
Post a Comment