Thread Index - July 2025 - CPANSec CVE announcements

CVE-2025-40923: Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely Robert Rothenberg (16 Jul 2025 13:09 UTC)
CVE-2025-40918: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely Robert Rothenberg (16 Jul 2025 14:07 UTC)
CVE-2025-40919: Authen::DigestMD5 versions 0.01 through 0.04 for Perl generate the cnonce insecurely Robert Rothenberg (16 Jul 2025 14:07 UTC)
CVE-2025-40913: Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow Robert Rothenberg (16 Jul 2025 14:08 UTC)
CVE-2025-40924: Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely Stig Palmquist (17 Jul 2025 13:40 UTC)