There is a 13 year old CVE for the CPAN perl module Crypt::DSA which is used as part of Crypt::OpenPGP.
I found it this morning and reported it, to get a reply that a CVE was assigned in 2011 and a patch offered in 2013 but the module has been abandoned by the author and the unpatched version is still on CPAN.
https://rt.cpan.org/Public/Bug/Display.html?id=71421
The flaw only affects platforms without /dev/random and the 2013 offered patch is to just break the module completely for platforms without /dev/random.
Given that Module::Build recommends Module::Signature which needs Crypt::OpenPGP that in turn needs Crypt::DSA it bothers me a bit that the insecure version is still on CPAN and that the only patch I can find breaks Crypt::DSA on Windows and other platforms without /dev/random.
A) Would an actual perl coder with access to a Windows environment for testing mind patching the module to use something like Bytes::Random::Secure that is cryptograpgic quality yet also works on platforms without /dev/random? Honestly I don't even see a need for Crypt::DSA to access /dev/random itself, it should call another plattform-independent library desined to spit out random bytes to get the random bytes it needs.
B) Why is it that a module with a known flaw over 10 years old is still completely unfixed on CPAN, and is there a collection of patches for such issues somewhere that I don't know about that people use to patch old distributions on CPAN that are abandoned but are still needed but have security issues?
submitted by /u/AnymooseProphet
[link] [comments]
I'm a regular user of GIMP in the office and have noticed that it only comes with scheme or python for automation/batch scripts. I've read that perl was once upon a time included. I've scoured the internet looking for guides and information but am finding posts and pages from over 10 years ago which are massively out of date. Is there a modern guide anywhere that can talk me through installing it (if it's still even possible)?
I want to try my hand at perl and translate some of the scheme and python scripts I've written. I know it still works with Imagemagick and excel so I can re-write some of my powershell 7 and bash scripts.
Technically I don't need to do any of this but for some unknown reason I want to give perl a try 😀
submitted by /u/Bullfrog-That
[link] [comments]
[link] [comments]
(dxxiv) 7 great CPAN modules released last week
Updates for great CPAN modules released last week. A module is considered great if its favorites count is greater or equal than 12. App...niceperl.blogspot.com
