[Slackbuilds-users] Fwd: perl-Crypt-CBC SlackBuild is vulnerable to CVE-2025-2814
Matteo Bernardini
matteo.bernardini at gmail.com
Fri Jul 17 07:07:00 UTC 2026
FWIW that CVE don't apply to us: from the link
- - -
Crypt::CBC versions between 1.21 and 3.04 for Perl may use insecure
rand() function for cryptographic functions
Description
-----------
Crypt::CBC versions between 1.21 and 3.04 for Perl may use the rand()
function as the default source of entropy, which is not
cryptographically secure, for cryptographic functions.
This issue affects operating systems where "/dev/urandom'" is
unavailable. In that case, Crypt::CBC will fallback to use the
insecure rand() function.
- - -
# ls -la /dev/urandom
crw-rw-rw- 1 root root 1, 9 Jun 23 12:41 /dev/urandom
Matteo
Il giorno ven 17 lug 2026 alle ore 08:56 B. Watson <urchlay at slackware.uk>
ha scritto:
>
>
> On Fri, 17 Jul 2026, pyllyukko wrote:
>
> > Hello, list.
> >
> > FYI. Tried reaching the maintainer, but haven't gotten any response.
>
> It looks like Chris Walker hasn't responded to emails from either
> you (since April 26) or me (about a week ago). Chris, are you on the
> mailing list?
> _______________________________________________
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
> Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - https://slackbuilds.org/faq/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20260717/bd4facd4/attachment.htm>
More information about the SlackBuilds-users
mailing list