Bugzilla – Bug 1193811
VUL-0: CVE-2020-16155: perl: CPAN:Checksums package 2.12 for Perl does not uniquely define signed data
Last modified: 2022-05-09 15:57:27 UTC
CVE-2020-16155 The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16155 https://metacpan.org/pod/CPAN::Checksums https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
I can't find signs of this module in perl5 source, or in other packages. I am actually not sure if we ship this cpan package.