Add CVE-2020-16154/cpanminus

author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-24 06:18:57 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-24 06:20:01 +0100
commit: 900b076d38c6b4cd5e58221959867702173894ba (patch)
tree: 256a5ddc5f34b7f3c509695300c6cfad6ef6fce9 /data/CVE/2020.list
parent: 50bf36383d0d1c0c300f15c3d3229a099e4f1a6c (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index c333cfabe5..a8ac961ca5 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -33714,8 +33714,11 @@ CVE-2020-16156
 	RESERVED
 CVE-2020-16155
 	RESERVED
-CVE-2020-16154
+CVE-2020-16154 [Signature Verification Bypass]
 	RESERVED
+	- cpanminus <unfixed>
+	NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
+	NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16153
 	RESERVED
 CVE-2020-16152 (The NetConfig UI administrative interface in Extreme Networks ExtremeW ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-24 06:18:57 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-24 06:20:01 +0100
commit	900b076d38c6b4cd5e58221959867702173894ba (patch)
tree	256a5ddc5f34b7f3c509695300c6cfad6ef6fce9 /data/CVE/2020.list
parent	50bf36383d0d1c0c300f15c3d3229a099e4f1a6c (diff)