Add CVE-2020-16155/libcpan-checksums-perl

author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-24 06:22:39 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-24 06:22:39 +0100
commit: 6ff5af13ce5ba1d1b0a77c3594679537ed848d81 (patch)
tree: 327b1221550ea13d8bf1bcdb65b0590ab295d43c /data/CVE/2020.list
parent: 900b076d38c6b4cd5e58221959867702173894ba (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index a8ac961ca5..3ba12be977 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -33712,8 +33712,11 @@ CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.
 	NOT-FOR-US: Nagios Log Server
 CVE-2020-16156
 	RESERVED
-CVE-2020-16155
+CVE-2020-16155 [does not uniquely define signed data]
 	RESERVED
+	- libcpan-checksums-perl <unfixed>
+	NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
+	NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16154 [Signature Verification Bypass]
 	RESERVED
 	- cpanminus <unfixed>
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-24 06:22:39 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-24 06:22:39 +0100
commit	6ff5af13ce5ba1d1b0a77c3594679537ed848d81 (patch)
tree	327b1221550ea13d8bf1bcdb65b0590ab295d43c /data/CVE/2020.list
parent	900b076d38c6b4cd5e58221959867702173894ba (diff)