Add CVE-2020-16156/perl

author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-24 06:24:53 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-24 06:24:53 +0100
commit: b6a371b65f9706f4de5088ff132ef8282a356af0 (patch)
tree: 5b8b23774ae1a60c3e259c4b902352c10f29d8fa /data/CVE/2020.list
parent: 6ff5af13ce5ba1d1b0a77c3594679537ed848d81 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 3ba12be977..9f3e252b05 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -33710,8 +33710,11 @@ CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vu
 	NOT-FOR-US: GoPro
 CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...)
 	NOT-FOR-US: Nagios Log Server
-CVE-2020-16156
+CVE-2020-16156 [Signature Verification Bypass]
 	RESERVED
+	- perl <unfixed>
+	NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
+	NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16155 [does not uniquely define signed data]
 	RESERVED
 	- libcpan-checksums-perl <unfixed>
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-24 06:24:53 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-24 06:24:53 +0100
commit	b6a371b65f9706f4de5088ff132ef8282a356af0 (patch)
tree	5b8b23774ae1a60c3e259c4b902352c10f29d8fa /data/CVE/2020.list
parent	6ff5af13ce5ba1d1b0a77c3594679537ed848d81 (diff)