'Re: [oss-security] Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modu'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modu
From:       Christian Heinrich <christian.heinrich () cmlh ! id ! au>
Date:       2023-04-21 0:00:33
Message-ID: CAGKxTURUKjUkjXOKvT+MdYZTXyVQq6fQEj2tsxyXhXE+XxvVmw () mail ! gmail ! com
[Download RAW message or body]

Stig,

On Wed, 19 Apr 2023 at 01:24, Stig Palmquist <stig@stig.io> wrote:
> ... and more. We have generated a list of over 300 potentially affected
> CPAN distributions.

The responsibility for this fix is therefore with the maintainers of
the CPAN modules who accepted the residual risk as documented at
https://metacpan.org/pod/HTTP::Tiny#SSL-SUPPORT rather than HTTP:Tiny
itself.

-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic