Bug 1193811 - (CVE-2020-16155) VUL-0: CVE-2020-16155: perl: CPAN:Checksums package 2.12 for Perl does not uniquely define signed data
(CVE-2020-16155)
VUL-0: CVE-2020-16155: perl: CPAN:Checksums package 2.12 for Perl does not un...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Michael Schröder
Security Team bot
https://smash.suse.de/issue/317301/
CVSSv3.1:SUSE:CVE-2020-16155:5.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-12-16 11:12 UTC by Thomas Leroy
Modified: 2022-08-29 13:56 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Thomas Leroy 2021-12-16 11:13:34 UTC
I can't find signs of this module in perl5 source, or in other packages. I am actually not sure if we ship this cpan package.
Comment 2 Thomas Leroy 2022-08-24 14:59:21 UTC
Michael, can you please help us to find if we're affected or not?
Comment 3 Michael Schröder 2022-08-29 13:49:03 UTC
I could not find the module in our products. It's used by the upstream CPAN server, so there's no need for us to ship it.

So I don't think we're affected.
Comment 4 Thomas Leroy 2022-08-29 13:56:08 UTC
(In reply to Michael Schröder from comment #3)
> I could not find the module in our products. It's used by the upstream CPAN
> server, so there's no need for us to ship it.
> 
> So I don't think we're affected.

Thank you very much for your help Michael. Closing as not affected.