Thread Index - March 2025 - CPANSec CVE announcements

CVE-2025-1828: Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions Timothy Legge (11 Mar 2025 00:37 UTC)
CVE-2025-27551: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm Stig Palmquist (26 Mar 2025 11:19 UTC)
CVE-2025-27552: DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm Stig Palmquist (26 Mar 2025 11:19 UTC)
CVE-2025-1860: Data::Entropy for Perl uses insecure rand() function for cryptographic functions Timothy Legge (28 Mar 2025 02:02 UTC)
CVE-2024-13939: String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string Stig Palmquist (28 Mar 2025 02:08 UTC)