CPAN-Audit-20240215.001/0000755000076500000240000000000014563561460013027 5ustar brianstaffCPAN-Audit-20240215.001/LICENSE0000644000076500000240000004373214563561422014043 0ustar brianstaffThis software is copyright (c) 2018 by vti . This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2018 by vti . This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. 51 Franklin St, Suite 500, Boston, MA 02110-1335 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice That's all there is to it! --- The Artistic License 1.0 --- This software is Copyright (c) 2018 by vti . This is free software, licensed under: The Artistic License 1.0 The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: - "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. - "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder. - "Copyright Holder" is whoever is named in the copyright or copyrights for the package. - "You" is you, if you're thinking about copying or distributing this Package. - "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) - "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as ftp.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) accompany any non-standard executables with their corresponding Standard Version executables, giving the non-standard executables non-standard names, and clearly documenting the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whomever generated them, and may be sold commercially, and may be aggregated with this Package. 7. C or perl subroutines supplied by you and linked into this Package shall not be considered part of this Package. 8. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End CPAN-Audit-20240215.001/cpanfile0000644000076500000240000000116714563561422014536 0ustar brianstaffrequires 'perl', '5.010001'; requires 'CPAN::DistnameInfo'; requires 'Encode', '3.12'; requires 'IO::Interactive'; requires 'JSON'; requires 'Module::CPANfile'; requires 'Module::CoreList', '5.20181020'; requires 'Module::Extract::VERSION'; requires 'PerlIO::gzip'; requires 'Pod::Usage', '1.69'; requires 'version'; on 'test' => sub { requires 'Capture::Tiny', '0.24'; requires 'File::Temp'; requires 'Test::CPAN::Changes'; requires 'Test::Manifest'; requires 'Test::More', '0.98'; }; on 'development' => sub { requires 'HTTP::Tiny'; requires 'Data::Dumper'; requires 'File::Basename'; }; CPAN-Audit-20240215.001/util/0000755000076500000240000000000014563561457014012 5ustar brianstaffCPAN-Audit-20240215.001/util/generate0000755000076500000240000002334014563561422015524 0ustar brianstaff#!/usr/bin/env perl use v5.26; use experimental qw(signatures); use strict; use warnings; use Carp qw(croak); use CPAN::DistnameInfo; use File::Basename qw(basename); use File::Spec::Functions qw(catfile); use HTTP::Tiny; use JSON (); use PerlIO::gzip; use YAML::Tiny; use File::Temp; use subs qw(config message); =head1 NAME util/generate - create the data for lib/CPAN/Audit/DB.pm =head1 SYNOPSIS # usual operation, outputs to lib/CPAN/Audit/DB.pm # gets data from cpan-security-advisory/cpansa/*.yml % perl util/generate # usual operation, outputs to lib/CPAN/Audit/DB.pm # gets data from other_source/*.yml % perl util/generate other_source/*.yml # suppress progress messages % perl util/generate -q % perl util/generate --quiet # output somewhere else % perl util/generate -o some_other_file % perl util/generate --output-file some_other_file # output to stdout (- is a special file name) % perl util/generate -o - # output JSON instead of a Perl module (probably want to specify output) % perl util/generate --json -o - =head1 DESCRIPTION This program chews through the CPAN security advisory reports and makes the L module. =head1 AUTHOR Original author: Viacheslav Tykhanovskyi (C) Maintained by: brian d foy (C) =head1 LICENSE L is dual-licensed under the GPL or the Artistic License. See the included F file for details. =cut run(@ARGV) unless caller; sub _message ( $fh, $message ) { $message =~ s/\v+\z//; say {$fh} $message } sub info ( $message ) { _message *STDOUT, $message; } sub debug ( $message ) { return unless config()->{debug}; _message *STDERR, $message; } sub dumper { state $rc = require Data::Dumper; Data::Dumper->new([@_])->Indent(1)->Sortkeys(1)->Terse(1)->Useqq(1)->Dump } sub all_releases { my ($distribution) = @_; my $tries = 0; my $content_json; FETCH: { sleep $tries * 10; my $response = HTTP::Tiny->new->post( 'http://fastapi.metacpan.org/v1/release/_search', { headers => { 'Content-Type' => 'application/json' }, content => JSON::encode_json( { size => 5000, fields => [ qw(date version status main_module) ], filter => { term => { distribution => $distribution } }, sort => ['date'], } ) } ); $content_json = eval { JSON::decode_json( $response->{content} ) }; redo FETCH unless $tries++ > 3; } my @results = map { $_->{fields} } @{ $content_json->{hits}->{hits} }; return unless @results; return @results; } sub default_file () { state $file = catfile(qw(lib CPAN Audit DB.pm)); $file; } sub default_version () { my $opts = config(); my( $year, $month, $day ) = (localtime)[5,4,3]; my $date = sprintf '%4d%02d%02d', $year + 1900, $month + 1, $day; my( $previous_date, $previous_serial ) = get_previous_date_serial( $opts->{output_file} ); debug "PREVIOUS DATE: $previous_date PREVIOUS SERIAL: $previous_serial"; my $serial = sprintf '%03d', $previous_date == $date ? $previous_serial + 1 : 1; debug "NEW SERIAL: $serial"; debug "NEW DATE: $date"; my $version = join '.', $date, $serial; debug "NEW VERSION: $version"; return $version; } sub get_file_list ( $args ) { message "Updating submodules"; system 'git', 'submodule', 'update', '--remote'; unless( @$args and -e 'cpan-security-advisory/cpansa' ) { debug 'No arguments given fo: looking in cpan-security-advisory/cpansa'; @$args = glob( 'cpan-security-advisory/cpansa/*.yml' ); } my @files = ($^O eq 'MSWin32') ? map { glob } @$args : @$args; \@files; } sub get_previous_date_serial ( $file ) { open my $fh, '<:encoding(UTF-8)', $file or croak( "Could not read <$file>: $!" ); while( <$fh> ) { next unless /VERSION\s*=\s*'(\d{8})\.(\d{3})'/; return ( $1, $2 ); } return; } sub output_gpg_signature ( $string ) { my $opts = config(); return if $opts->{output_file} eq '-'; return unless defined $opts->{gpg_key}; my $gpg_file = $opts->{output_file} . '.gpg'; state $rc = require Encode; my $octets = Encode::encode("UTF-8", $string); my @command = ( 'gpg', '--yes', '-o', $gpg_file, '-sb', '--armor', '-u', $opts->{gpg_key} ); debug "COMMAND is @command"; open my $gpg_fh, '|-', @command; print { $gpg_fh } $octets; close $gpg_fh or croak "Problem making GPG signature: $!"; return 1; } sub process_files ( $files ) { my %db; foreach my $file ( $files->@* ) { message "Reading $file"; my $yaml = YAML::Tiny->read($file)->[0]; message sprintf "\tFound %d reports", scalar $yaml->@*; my %dists_in_file; my $n = 0; foreach my $record ( $yaml->@* ) { $n++; my $id = $record->{id}; warn "Missing distribution key in record $n ($id)\n" unless exists $record->{distribution}; warn "Undefined distribution key in record $n ($id)\n" unless defined $record->{distribution}; warn "Empty distribution key in record $n ($id)\n" unless length $record->{distribution}; $dists_in_file{ $record->{distribution} }++; } if( keys %dists_in_file == 0 ) { warn "There were no distributions declared in the records in <$file>\n"; next FILE; } elsif( keys %dists_in_file > 1 ) { my @dists = map { length ? $_ : '' } keys %dists_in_file; warn "There were more than one distribution declared in the records in <$file>: @dists\n"; } my( $dist ) = keys %dists_in_file; if( exists $db{dists}{$dist}{advisories} ) { warn "\tAlready have advisories for $dist\n"; } else { $db{dists}{$dist}{advisories} = []; } push $db{dists}{$dist}{advisories}->@*, $yaml->@*; } provides( \%db ); foreach my $dist ( sort keys $db{dists}->%* ) { my @releases = all_releases($dist); if (!@releases) { warn "no releases found on CPAN for '$dist'\n"; next; } message "Processing $dist"; # try to fetch the latest release, according to MetaCPAN. # if there is no 'latest' tag, grab the last item (because # the list is ordered by date). my ($main_module, @versions); foreach my $release (@releases) { push @versions, { date => $release->{date}, version => $release->{version} }; if ($release->{status} eq 'latest') { $main_module = $release->{main_module}; } } $main_module = $releases[-1]->{main_module} unless $main_module; $db{dists}{$dist}{versions} = \@versions; $db{dists}{$dist}{main_module} = $main_module; } # XXX: need to investigate why this shows up as utf8 $db{dists}{'perl'}{main_module} = 'perl'; \%db; } sub process_options ( @args ) { state $rc = require Getopt::Long; my %results = ( debug => 0, gpg_key => $ENV{CPAN_AUDIT_GPG_KEY_FINGERPRINT}, output_file => default_file(), ); *config = sub () { \%results }; my %opts = ( 'debug|d' => \ $results{debug}, 'gpg-key|g=s' => \ $results{gpg_key}, 'json|j' => \ $results{json}, 'module-version' => \ $results{version}, 'output-file|o=s' => \ $results{output_file}, 'perl-module|pm|p' => \ $results{perl_module}, 'quiet|q' => \ $results{quiet}, ); my $p = Getopt::Long::Parser->new(); $p->configure( qw(no_ignore_case) ); $p->getoptionsfromarray( \@args, %opts ); debug dumper( \%results ); $results{version} //= default_version(); \@args; } sub provides { my ($db) = @_; my $ua = HTTP::Tiny->new; my $tmpdir = File::Temp::tempdir(); my $details_file = catfile($tmpdir, '02packages.details.txt.gz'); message "Downloading 02packages.details.txt.gz (this may take awhile)"; $ua->mirror( 'http://www.cpan.org/modules/02packages.details.txt.gz', $details_file ); message "Downloaded 02packages.details.txt.gz"; message "Digesting 02packages.details.txt.gz (this may take awhile)"; open my $fh, '<:gzip', $details_file or die "Can't open '$details_file': $!"; while ( defined( my $line = <$fh> ) ) { chomp $line; last if $line eq ''; } while ( defined( my $line = <$fh> ) ) { my ( $module, $version, $pathname ) = split /\s+/, $line; next unless $module && $pathname; my $dist_info = CPAN::DistnameInfo->new($pathname); next unless $dist_info; my $author = $dist_info->cpanid; my $dist = $dist_info->dist; my $name = $dist_info->distvname; next unless $dist; next unless $db->{dists}->{$dist}; $db->{module2dist}->{$module} = $dist; } close $fh; } sub run ( @args ) { my( $leftover_args ) = process_options( @args ); my $opts = config(); *message = $opts->{quiet} ? sub ($m) {} : sub ($m) { _message *STDOUT, $m }; my $files = get_file_list( $leftover_args ); die "Usage: \n" unless @$files; my $out_fh = do { message "Output file will be <$opts->{output_file}>"; if( $opts->{output_file} eq '-' ) { \*STDOUT } elsif( $opts->{output_file} ) { open my $fh, '>:encoding(UTF-8)', $opts->{output_file} or die "Could not open <$opts->{output_file}>: $!\n"; $fh; } else { \*STDOUT } }; my $db = process_files( $files ); my $string = do { if( $opts->{perl_module} ) { stringify_data($db) } elsif( $opts->{json} ) { JSON::encode_json($db) } else { stringify_data($db) } }; my $target = defined $opts->{output_file} && $opts->{output_file} ne '-' ? $opts->{output_file} : 'STDOUT'; message "writing to $target"; print { $out_fh } $string; output_gpg_signature( $string ); } sub stringify_data ( $db ) { my $opts = config(); state $rc = require Data::Dumper; no warnings 'once'; local $Data::Dumper::Sortkeys = 1; my $dump = Data::Dumper::Dumper( $db ); $dump =~ s{^\$VAR1\s*=\s*}{}; $dump =~ s{}{}; my $submodule_dir = 'cpan-security-advisory'; my( $commit ) = split /\s+/, join '', grep { /\Q$submodule_dir/ } `git submodule status` =~ s/\A\s+//r; my $string = <<~"EOF"; # created by $0 at @{[ scalar localtime]} # $submodule_dir $commit # package CPAN::Audit::DB; use strict; use warnings; our \$VERSION = '$opts->{version}'; sub db { $dump } 1; EOF } CPAN-Audit-20240215.001/images/0000755000076500000240000000000014563561457014302 5ustar brianstaffCPAN-Audit-20240215.001/images/briandfoy-gpg-key-selfie.jpeg0000644000076500000240000121672214563561422021737 0ustar brianstaffJFIFHH @ExifMM* (12<BCiAppleiPhone 13 Pro MaxHH15.52022:06:27 17:01:58iPhone 13 Pro Max""'0232ȐАؑ     |5375370100523 4, ` 2022:06:27 17:01:582022:06:27 17:01:58-04:00-04:00-04:00.?"Han)dApple iOSMM& .h      r    B@     %! % & ' +%- . / 0  1X2 `803 04 5 6 7 : ; < @JjA*J bplist00O[jneOYQ 8o$^QSmF%l,/{/|#AHs;wsxIJ0{ /|~-)GG|V7F\]TS^laY_O=luY^jpd"~}E(  bplist00UflagsUvalueYtimescaleUepochL2\1;'-/8= ?sj1AZseAm1gYasGCxJt94v1xTM7uDKrq750n97566D85-200E-4D90-96D3-EC989DC93874X}2KFAD23100-2D6D-4703-846F-4CBFB66CC1BC"bplist00O,{?Ń;G~?z99ݼ?7bplist00Q3Q1Q2Q0" "bplist00  ? ?  AppleiPhone 13 Pro Max front camera 2.71mm f/2.2 http://ns.adobe.com/xap/1.0/ xPhotoshop 3.08BIM?Z%G?170158>20220627720220627<1701588BIM%b?rw1W(ICC_PROFILEapplmntrRGB XYZ acspAPPLAPPL-appl8GmOz/ desc0cprt,Pwtpt|rXYZgXYZbXYZrTRC chad,bTRC gTRC mluc enUSDisplay P3mluc enUS4Copyright Apple Inc., 2022XYZ ,XYZ =XYZ J7 XYZ (8 ȹparaff Y [sf32 B&n5" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzC  C ? ? #@;T*'\U31Xؐ9 {v Cn=?^kE^$QG'N8=sKC_M~Aw`G[:{ơ#Df zu:V_Ewt?? C.CQ6L R6YN;zF\9F26ST Xu^$=QaJ>rN2Ou}Q8$8߯k6w' 㿠"&uh;r1Ƌʁp<'>^[kIQ|YAV@s33P m n3SN|aOUR6s=;֠&쑜y4(]܁В_H f'x`FΣLb@yP:rO*m]Óԃo|g?ʑMpq 7cHQsMa8vi`ba`9cyڞx'%gGtCH;NzGJz$BF{9h %lwi˫[$2t/!vYN잀vYXdށGYmڹ\u=x&̷xHl +klc O֥Zdl1 OߵKBsxdaaL:^F}>RF&E,A3?H.Xͤiy$ s֢o7.L0P6H.сN&a1\7qְO)0yLJwyl\'?(u@l|<sVXF[pN}=9FuU݉[ڠ:npx^h#jp@ >?Cm5y<F `Ip0p(uF@WMē@ICOz: ,*~b#JknOLp2=M :;p[`HIۂ};u-.ʫW\n%OqGLgڞN7ciӞiR2bē9ǧ4~pb>Wr^Z3 3`wObOBh%X?/d-;sV#; 49iGc@+8zZ~i~q,`3ǧ֣`ʤ9Fڹl H|uhxv1Owv 78Sޓ ډڡzGZ~`6n \uT=##N T:}*l2)ݸ`c♻jBN8Ƥ8+'= 6E6Lh<.2=N;9A8"덪N@8 r:tJGvW=y (?xv#v@=9^@a<t 9烟^?Z`d dsl,zK$tGۀGauȩ2cSHN90H<3qڀHn̎Xu>Ԉ\J`t\c|}iA瑌kHL:8_Νl>=z`Yr1Si^T1ALՔ(zMc< 1 FW.r:u`UW F03yw=NYXG'wK&D{~=!?.X1݉i1@1I 1Ii']v稦?;o~I#f2NXI9gtn/''$;c r'MQ<@08S=NzTm)uߐ;g኱ RFTv1YpY@'sTv!}~8QH\r138 pXYH8^|?] J{y ۊ/,t]JI 8ԎvcO'?3Twp}Z| 4;F~tw `01b. MF'?œ@,yA t[*O$@S+ŰW$s:J$X`\JĐ x9e}ە,>#90}vqc9u '*˴?!$4N:O^`<ǧlA,1hsZʠ`T8uQOOof8 WO3<ˆRaϯ|@ d~3L'# רR ڞp2_B=A&;wv۞Uvp%Cs)9$ud<¤{zF~lyۈ$uLgkchj0cFxgJ;x}OZB@5Pm# snxI,Ʃoy` tTɕ9'⬁ r銤v9+Z'#{`6B;PO3AI7 G_qzcGv0'h-9O,1u(a۷S\fW?a沌=>T{V"g,$wZR9{4xF)[#5@ǐ1L lE?B qޟwE@gϧU~y @>JFg9#?ʞW0;1#qX#¶p>^16/g<;i:) yhUO>T-j+;ȰIP6#ۥ{!ʔ,]:?JnH|YesqktgZ?E'<28;^g{"֪eg229H(^4yl^6rTj  V~+5ۃkzě|>UI<iy jM2|bo0jT PG 9O$`XVΈ hn.cd=_%$ 9#͏,n H?I8o2Xd{tU<\TSV #z>Еwzc+ G6AvΘ_ؐHNI=9=-u;y3'5a.G>[ py\" \RG>RVTRRcB}9C(`U}ۈ>uwGk7eot˨\.qҥOܳ)n̄9*9{WڤlRlN$ţ/7;Fʯ={5`#Or>Gܪ2Ի / N8=zᏉT+!2@<Vc-^eu籩`tl?1/:~TNFQxD^ <J5F 1v A_҂7# r#+(cVI}qJw+]R1*3sx /R1cuqA*!'h`s 9@tZkA3QtrBUQ i(3~sRƎe՛<Ϛh!N0;0;,A;H|cҤDdӍ?CvF:c)~v ?wɨӒ: c緵G" 8 `UE9Aʎ֪HAm8Uf^NGyh$=ubXm> ;:'2Υ¶OzjiA$s?#)D? 45'I$GCEOT Tq99T)qH(,#9ڑI A8 x秧4.{O|7c'sPGSȥq,r6>?1CJYz=)U@݂8=q;=qϵKw 0?j2nNHCrw)6ߦ3֐ rI>*qG=~ TW%$oOZGV879+03O4 03t 4\V#, .A#wjkk #Փm$(0r{}M(P<{sEMJMoݐgJq /4q?Ҷs ϯӥ Ip;.#>2b U?^==hRN:AZ<&6SI<7㈲!drkYO 93A,I2NO87&9t䘁_''ۏPe@_{ w~UWܹ֞WP ʠ5eQ"l2604c`7cj ~.˨n䗂)d j. $z`گi5d%ln`N}{f2\?,W$H088=1"#q}3ߎ1N ,~SHR8V|V}We2u:9?Ҡ©8>7%vdрcOq`#9zҤcs)%'Un2\sL 0niܯb8#];O\gj'9|S;s/q@Fv&3y=1R O?PO#a>S'#I <=3HC<ӭ*A#+ӌ*5!Nz$d—!?g>-tj4Cd z.>ZVp w#6xi$J0x)V'=O=;x\ cU q Zo9941Q;TXa3 I=)Aq==hAuޖs4z:0PsמJ!el>`sK  V3]D#9q#iiōA$dg=wRĖ\>8FФtFjhՉb;OBFє1ހ1eS6$8[Wc9:Ys'[cM !<qr1-3v9P@Uk޽ Jo[1!$})C5 SϿZsƓH#?Qszz>iI9=1Y:@2`ܟdjFAS=OAU Мt98ǮSAoϥz+d`998z:םdp13}+N$`siXP*h`X)u<6+zt68X:;%[//`j7nG 0<~dUkq8'|SN-Fߏ UN={ڧUHQ[ YXn?Υ#_nSOT7;FX}AҠ)fGn`T1܌Kv88Th3+t5cL2}8 U}&ބ`vHF"31i8s񞾹ؚa;y;j<10Os޳8qxAM9=A=s'H'#׎?J,/eg9`'ۑ6'o[ ۸ tqcl41oI^1' ORx9bYQ gGR3N:tp6]?1888=1uK%=G^A?L ,J~?G0I g<)9#?5,M#+?ϯjYS^3y{NhбPϡJK0'=Obø1VL#jϟoc@G@3Jr$g#r>)pNшS"A㞽:St IaIuL~Uip I8?E!PGsVa=atOƞ.HJI'rxqҧ }03qz(<0qAd#g =@n9,F03Q$ZB\pR{{H3ab R %7* 2@PԐA\mKMbH!=*'o΀?ӼfƨEnp=Iz=F2]pF=I4i!'@;k@+5KL+h##0+)]D,zZnj-Xo{Iԟx=L,rU8tkZZ+֦Ȑ[lz✻ \炣"S'ڀ%[F:v⹌ .zty ;8 7^#ya<@t46w`ddϮj̬ #' A}Ӱ#j);pv1}@XݜnN?ϵFOˑFJLL9@{supbTs s:t5FޘtΗ'^Jc=ϯN1H2v|}84:@/p q{Qp'=iw8{aq|z{g׽9yv uyt09V88q_ң) q(Uؠ p23.I!xfltZy N@Ǩ8^h]($.x ~=s%b~9#@<'R8 w uG~ǮxFmÌtIw zz*+rCܕr Ue' ۾R?/#i7a  8_@:u(=s?_j\o)̪z[8_vcAb{ty`q5v1yi+2I8@ w_K~_JTc>Pr{Ӷn@8@gTWoA?Z($NX G^@T%wn^ cJځ~%Jp(׷p# ~\HkxoH26xR;#`geDY<`gp=a G4¨wd>'&Ac$g((pwL?uX*ko!ḡ>f<~9KM1u pC0?QS`:1Av ?#ۥ9Twscg<縩“c'NFqHzdcgJ00OOOŒN0{î;TX!{5>n?LT;N3rN6?ǭ=m·??L4FGLPAx _nFwO< 9x'dr1Du<|q})J8#EA€sAw}R0y-wi @sj<9b"2 \1O\qKtCaq=3Q'>ǰydvP3'#};|y#1}#IXnzs?qZ1`|}}HQ'ޤOlrP}G?G sSӻD;r-8<9{TQr1҃Њ3\AhhЌw?/NZ_!G@Fsc '׿Zbu@ <9N;瞝@=o\J F{ wt1ÌdQHm8^ǧ^;S ؜t1 \= RX|7LZ*ߑ=?2hɌO tPr91U8r1߿z!(8€4žYv@ g995Y'==)ݠヴ}GJ3`~av4JȒCIK0ִ&|=\P.pdt$d,q55Rms^w cs# ^Hing9U wwG^{zqAGXh N>泵=`T9ֶ v92VV$:wH%f?T~f,2Oj]9m䐰ÿ<_jB1C<:*uPFRqlu=G# dO<{Re <:bKnE;p9'S[nG^:Js9nNr; oN3@ ps=9?Z\kt2q{8q=Axyװ qǹsN BQzS–'ˍwӥ"ϯ#:@ f ۀ>"|'?T`߿Z.sW;+n'UIrw`$CSvdT*? RPzcӆ 8}zFR:|On3٠$uϧjapIl5++vrx$}*@hnu _F,,,-pA$~8WVᛖ oOj|8$[3N x@򦆑uU=zQ U#}3O Qªq?zB 1MF|F8$*xT$p2Ghع=xNA3''>@qޫLzh}x#_“`W`Y8=@>}? aIs@sRmsi6u݀sǧ ~rT}^$}=({dgJILr:}1N*@wF$4BA!ǜqA4) y:#|`㿷4s9^9Мfgv:Fp4 `; F$p9<Ҍ;s=2{Ґtz=qB)`h<`Ԁ/8= '#d8Oy8'@ H=Om㯮==j<@9p:ק mUe =d!# q^AQGsԄfsӟNܜgy}=gQt qF{~3 O\=8b=9ޢP3c+][(ssYS#BG̻r88;qfe1lޞ D"bdP˘ؒ>5Z?$,̷3-%{*2 qюs_l%a6Gt5Ոh46z0;14힣ϭ=@#?l=.v~LUM^Ml~|^q A=jd;1>opzښ꒏XH}_ܱ,ːz}kBw2{n<pS69y[TԘ9P F;S}21y'c-cRB=+4"ql^1ݴG گA$u#\+DÂ2}Ey!n=/Z{rπ{N*(ש5(\OcjX2A>ΛzzAp,Wn2̽}ʀvp2q>z@ ?ZgwϿo81<˜c0S68OZ̨#x<?M۴pOL?1ʘA.Tc J̢>rGqڌdӏo犐6n4F;HF<{b 1BF9^P` sOiF{zsH\A+קjQ܌gGS}j A=pcӵ < тJ3ʃ ֐ ہ0{s@H1|.>+|Cd;Ɏ#zI)9_Iw8眱58>#j.q۩<؛Xѡ\'q>%R zךp\CNzЛvNq/ܞxS$ 1Fs8M܌wM[FO8R' :~gسw`=}sUg3J?Xr)gtfBA@wu#r*YpqFc'%6CryzTBp?qҠ<ϹB1an~֗p?(u^zqӏҀ%Vm9!,HVR$`t?_}B܆>Hh"?R8׮@1N t0x[<1VʾGLu=Q+3N]z}P2GQ׃޼=u-HWßN,q}rWQӭ N= @*z Μ0'8o $c^RXNxzԄj[suۿ$788@X?L몒 urKcps5Np);5 r[)><^3$Gf 3u@@##_KsԞ32yژ-o_oƕbI>Dhۀ1c?JL2>(pzϿA>7$n@g8<FࠀO EЂA ~(Mŋs߾=kGNp~AV$u_AjCCr1=}}~PpR0P۞{*&PX whCd u(|l|aq@Îʨ2|_fi : c`9/D"TuPN2}k=3kg:qڽwAA ώ2NNs*H8=Q$=zyLa(88yUOPɶpy<Þ0;`+yW-'PCF=?Jnz=ErU}6lt7 I8l4\-1v`Rv?ZRc=O۸x{y\a1Glz*b>\p? HBaUa;J 3AרcsR0N0ǺlFWnFyϿY g֦+ʢH6a!?5,hc/E@j`2pI>cu?5ӎIxw{Rlwʔ'00{olR 08ӓzzt>);rN{O~21~;?Yxu ` 搨 ?A>>Fpy#5@8 01ߠښ8T9߹x=dN{ c;$)L_U98S l$a#$F 9Ҁ  jA;{SHW$mUUV ~Ᶎ7hz9펽CXL*$clVoIJ!qN끌ԻΡ'JߏZ_2//Q3ԍ] krw- <9[q~ctX7Mɮ@ r9 G5;k6⋸nu5"$sϭx?X>J^^+@O\tUw4?1Pr1>8U8icI)8P#-jڌwq( dQm>` s>RPJ'WaMwnژO'=sJ4BN\ZFq4 ;L)d,ǡAR' @ɧ znVcIGן׭}3ބzsLA>l77Zp`ϭR%dgrA  o9R#8>uhg֙#>c?/Hn p~O1SB!JHH Gb `n9җ 4'JpV6s{""(ps2Fp>%r`0rG'wN570U=SO#8{DZ<9s]) _iXk6y;9Ocԟ@p$ܑ $<O^рÐA#=NiF~f|>Ҁp o=N @׽3? pG\<'Qx$uPp;`T#p N:҃ʒ9^(>*1=x+mV@SuyiWprO;qTe1,~2@kȪpG0qEr7n ޿J2}1gQM'ʣjbqE(u8I!XpQsB`s})زx@gUs$\{Or܍>[ 0y_Cxc~8xT/:pxBGyiH$$dz8U#;<Mlm%<ڐǖxyқ"sON1JR?nLR%Du<~]S}c~Deӎ.]`/LPRA 7{RP(t0v9펜P 'ל@/~c^_AIbUxQלӉ'N?4~ϧ=M;f-O\d:tTdS8$r:&$( r2N}=,qA?J.,31x:R:JsSԁ[n@pGL4A{tǮi6>cO `n:!8s9*:{T0?6Cv}3}pPPwڙCgN0N:R1 77L~ 0x}ڙr0??&oRxzԶ!yRźFM+9,LzƕT21֗Xi ~n'Ѱq?)P`[$#zjU۸1MA8O=NH,#FN2G9_WnT|qȠH3{S kOˌQL3cJKZJr۳yүNn~9ިOq+R"\ 9#~9Q0O}sN`gv9iX3F9=>I9BVr=}jd ɬI71NBBgȞ5 :(}ot{8AGf,aR3˨8}k!&\"PFywߎz hqNZs 98$'=8暬*;}k5=GB{zk-}?ϧl0 G֪^/ <ӎg=p%0szWoo+d㞜umĀy0 9;`A[H; q}|00>'9Sr;x֠m:}:דp>@_޽d'<͏|&_a s\sN;:=ɉ;( 9Zn)H@h#8^u} nz Cn8qtɡgL#*v@u?3I?/8`$8>..:M#iF@ibᴏ@O\l0Ͽ;SOx9G:s_Jfy 3楱Ii0z9> n{cw8a*GH cs4G+Ӱ= Ji9N1=zsTt8x4z sJ@"8r=WF5P@b1yF {\:V'O9 6 @G@!S?GLV $v=W+bFFr1а5Yߛ#VA~p2 k8QlR_/!XI$I=~2C$u@={~?QJ1>)pvO_ÕS _O; vH8#)z eFUϽ=aGӑRn$9H=ycAT2Pvc'K[u7ln>)a\(gw88!Gl)20X8hpGq0K[??Ti8VN?[݊H~LG1Q88<~ I3uW<ҫ`rB|q8d#`vImz8 ӟӶ= 0;,Am@g<64>\c?Z 2:+m`:g TltSIrqˌ6:Cڡ{dO x yx^9@ETn~zę1B?VIA^S`6푈8?>c )Sap2kFo$pxsϨSf1J@(q댒 wFGj c~Ҁ.%S 1gnN `ÚT%zg tjU 98}hB cz 9H:$?>ʶH,#H} r0jBxۊBNHd`s=~X٘21#)p@F2pp:Ɨ$ irPN?ƕv<қ cHm}6߯֔pcxg8nvӞ2=s6dc`Ҙh1 Rg=;pA`i[9si RH p>;2Ic{Se>c8F\`OSnB\sTLv;I 4?皑ri wϹJLh~nCܚCG?^8qpUW |})\;ן֕Ԩ'7HT9'9i)JIiH\A1zƾ[Hr*9`cR @݃AqPJ۱:L Io,[z u"5Y'!;sa:n00 '#Hii˂-A}Rb09#׷)=Ft)89=h2'EpwtjTQv9ǰ򇅊?$ 0|qM ,IǠ&3H 1H~9s_S_ C׌P4rGLhJT}?wנ rg+4VU[ݯ80@=i8?.Jw&B_9=PL}[F3 nN:`<]l8ʩ󞾞ƺ*l9N6ۮi2 e^I_GQʐ9R?^Q |M"謜Yasc>b؜-q9nECtvzHQ k [s63k'ҧ{H26@ #~elbr~cy=lOyU J2ԧ*sZB B;G_œ n2 r|8'S8 Vq=9|=Iig##Nj=#56(L6?Ϸj88=?sӒ ۞rj5߀2qϿ&)9P܂r:`Әp}R:L388_j@F1'=>rs۞! zLh@}ןEc8ہN{{rsz>R@04?tNq};8 uE(>x8H 0 f~w8lPH8=_ m݂F}3\ ~F0ғ<1ccFOޜ{H?O;S=h)!WnOwƛ'x=p< {tu^N=>@89}{ý .0Ia;q㯯Oʜ7[Ali?\9ޣm78J8PR`m|cլvTظF;y&f^8O}6׌ { x*,Ѱ $rFA'c$$$OQZ 6p=}Jx\7Br{.냜?¨hqAoenO;2?Zh.0qHcLfrw`*XG9$qړ[mۀFnn8'ݺБ#H>OqU3rǷVHe~_G 1uLhڠ:p28ֱT :_^ ѽgT^݀Y!G s|z  q~>Pq׷2x82t q?i\O$C99܏qLS*jWpڤ I96<&#03,p3I0p0r1v!rǿC~iK9 99J HI?jwB c?*rwv9#R7y q)` sG\d t vI=OX~dn^9Ǩ"`4.eIx!$G=qR(-{>SRؤr~zCa?J\}c텁@ZUr3r?ȣpHC'`e ╔9Awϭ188'ndmRm z#C qZ+fW =q׌c8Zs`ulgjfz2pHӎ֓`Ɍ=nI=?Z|==9FNxQ3 N@Ы8=)Dh/#'pҜ+st$%U N7`g\3,rdbq>ss]cǟ@G+6w톝k2o͟ H3(*9p}:c5+BdI x@(n@vb zqq׊DH ؎FG@ USUqH?R]=}ʘ'!rOSa)a.a-0zpzTaG#rO\qӊpI:OƀB!s*sS>zBIV<|:@0t>n韧=)`8*I aP1R֛PGczZ$߅&V )0zuo,6s:JvT#H)nFpqsM3iwr8O9fʅ@{M$NFz*9`1N{R>c(-vAҚ :gԌ>Zf;O<῞=i}3ҕƄ%H#9409;['993A*[ m lNS9@*Oby?@)[8}!pzT6u9(~ >=Ji;w'=3TUg8 ¸ٝx%s]҃6d юGIy9*;qʴٱ9?{ßL>ބrH񠜷s>VRy=Gs˖g={zU'9Go]Dɸ=~㸙gTg\})zzضd~pzk/ G3 'efG9wv+5[siH>}I\)N$0y 2ݣb0p==欝ma2^*I\ uA}#] M/<;R~0q!r,FO9";l}O4/ szndr;578qK@ ONLT m_ H@ }?*v6|;T:A=+Jǿ}X x'EbAa>sp8&~\r;~}3I $ 39cIГԽ:8LB1g֐*2Fx? 9'ilvO^iG\W aO1㞦`0F@?S pNs`xdqIcq rT'h,8#?~c4xR8'=4 {aQ>\ly]jpOs>M~ѷp=kѶw0x{;CiAlq0hOVMj֙V\.O 2`&" Ǜz_Hߩm2ẅCkOĚtl%pK3m־!?ya!5\w*$a)I`KqU,ytP3cc:r{zR xnN 8+>\GC#$ӯy4$ <ޢ3ˀTb[mb@8C{ld8*CGS|G$s .@ϭtHP<Ұ FX)ך #o\}L'9=p81pzM0887RF1O˜c8~*@HUS:r ۏ@X2TuPXtp`Vd zqT̸^`gTJF qvElۿ8!8U: Oe$9#=9i`ܥzڔݐwcb<?O\>PIqK0RrG$zEnA9a3@PIx1pI`R;A8Ԙ=럧'׊Q9t\K ==1q3z|iϹ'}j^61'>S erI LOQh܂GN>u84v :v@OA(p8d=OLPJ^{,X0 U-!1߁HĐp}Gݷ?( HP7Q7{3@ŗsCPx<#93_\P};F shT0 ɦCq|0=G(eSۮ@r#ߦG4}>jBhԤml񜑎zI HxEr^ }>qf^0$c9y_ GSc [qLЌzE$׮0})0pA`qבJqRFq;Tx g^6#w(9sMalfI8,7RGlu6enr퓏Q̍3=!@gpHM# G @O1=PzPN~a|=){K>!\z':WqXgLl7wiI9Hǵ&\X>0r0p6}n'<°W~]@61䌑4[{H5"N1?Q`׿P8i7q ЏLX1=:#ҘN>R`0czo<<###}%͓Gl|v~G4p9<{# 9G quclplsp: (*s@9rrq3 HZb(Œz_JoJA=H۱{zF*l OL=A8=9421=zޛ#q=7sʋPw2;t.3O_SSz* Bp3߿&+MFu z#$$3y_UP+nG׷5m:\dSJn02av5$\ÀO >;~=hU݅8cj#?|uC1f;sT2^[\3]]<{nXeA䀨>>;BS~4a>3x㑖W8pa}Kb 'Eug ̀g4Ftg?q3ǟi\`Nsּ[$:ue9(n 0H ҢV6q}hM\e{h~zJIUNth~ƒp^]&{g=}9E1x=*" v<}|d7@t? ])>՘ v߮>qK(Wk 99<+ʸ܅=W% d>pm3qAS[ ~~}T~qzn@'{W O-#{Wt珧|5ёۛ\GLw dl#N$;~\tc,qrFp Tyc~E(byj3z:JpS =1vIRs{wL[ry8AWIʩ63{:.mL : On}>2: !sԬ ;u=|:9?ߞ?.*7B(To9zѷ*y8"rIݎ2xG< =1ޜ7௿1u>JSOPGL>ړ@Gn600S۹`&ӑ^d9#ϥ.+ǧ|S289oǽ {',ss=1t~T} S9?.''z9)_*1|Rwt?Ƞ s~"9sACHBg$gh-FGg) B}I vL8U.IO?ױ0zq {zޚ26=?za灵&Bd:a rH$C4ߘprqt 'ܞSRp8ۀ?JßqpNv`;] A$g\SʚHsrHͭKYѯ LetQ>? Z#6uGqk¾+mb@ԒWC=Aܯ*2r=/%A54!$cumh1A=x8NGB40|F*UO6 ~9s5c;Cum$摧Cc"ÞoPHcdi\ 3FrO+~_qIБi^s/ˑGNU0}s҇,3rB~4t @ǩ9ϥ8I~<ҁǭOǧOZBK^ޟO+(n8=:>8<2}zRlB.OrJr0FzgdczW ` ;P~}݂x]TmBJrx aל:U6g# #LI`pN:}ryDZ%F7d<zJ1 qZ*МsYc(8?ӽ_їe9!F{}xAe;0 :^zQ u鎜Ocקg$7L+w`Jrq]eNc>¬X99?7Q(Wd;UǸoc2 s* v]`s|㗍QXs9Џv [Bs=ZS35| Fs07m SA' _gonyj oKp[HBœ?Nn\d0=#Ć^2Y3hk/@BmW6M{7 "u^}O$LOn}z% B.Nyom-JA cQK %AyOO19N1PH;NGx3O>=ۓ]0bʹzt 9>SjMZ (Q2z#îpU4pEOpV C#*H>'C0 s ;q'azq= H}A=9_Ns۱1ǧ>R6{}EC@Fv5!zsG>aFnO}:~5m1ׁ!F[Gݸ8#;h;PNBz;`WcZw$?ZQǯx%OsJ0;s=zМm G\R{r@~U6q>ܑH9לc1 N@9Z 3OAԬI$n>H3~!~mQHFNy'`9AAԜ}):i䷳`{R)&)-ң9 lߒ 'ӊ\Ab9sޓ$n`;PU F#*FzqU^1yjPrF>;v"wHzc(†ߏJx'=1֕Ww=P +|1]k|9> S= ybp#>\'qlR+N2}=0zc֡ؿh3*ß,dsBy~JXӹ13O2zsڼ'I[z~~dc^27.cqԙkH@ZinzQ>pYpe :ߧ);px~2@ۚ z~=iXy`;A9bʑ۹za񃏗3ߵ6k 9dLsGe`nj9QH2' s~؃d:{T\ni3c#L#r;8ZWcn[~cO5G@F7'Z3隋nNw:d%7'QQցrp=\w?t0 H)㑊`39GSJ.` nC܅㿧LQrp8$OPq1;#2\>9I98¹~s(knzW29Q}~ԬNr:88'yY!1$N949Nbr}'р{ۥE-@aYRv m'#}kN<֢'8x>Ԛz϶=6%p7z6Iq4uӟҋ߼y=OLvGWqO^ԅS OX֡\8*d =1<=i<(qZLm{"m299o\{R@ dt=`S #&19=TۀIQᏭ)ٷtрq1Қq`῅G~S@Tl9r; sCETkwH>eI9t]܈$,J=?ZJ*ܩ9PY}1p9pxp< =pF:nNY2=;rxsy玵Z L b?2pf3*g" DxQ:{oDɹJvƄ}qs"4 _z vlq>(PK}JRp>npq>Zy\(bS18ǧDϘXFTю䞟Z౅?s?Dɉ `d`סY!4G9f q˶ FW s۞Zw6P?JB-܇}=9㜳V9p=iF=2G"cұ|[]R5'b}0kuI$:zvsVS` }}=j|I~upy#~rG^~`KIט|~h[{ew89TQ|3N#޳3GdsgލiV?ʤ緽5Xc@FMc$~ `9ߥ.0=󓟡|ϳQ)By9BUC FNZA==}UN0HRA?. 4||rGBJ OLgg4 G$4ltښ35, Ӏ~#( uԩ9}FS> >W#pO\G?=QqO6_p(ʒFpOBW $3H g?H2#N=NLszn^C{㑞q 89\)F=)1rr:^7`ujo# Iߞsޓp8@>Sۦ;S~BqԦr3v PO $zS#9LOyS^FLiVbw<޸G6UN02s8]\fZY,ct kT g[Ϸ՟͝>ݷ| ԛQ3Q`l۳T\3{QwM tV .x8oʾ18v޼qH-Ouıs} 18 *Uua83$x)r{lFo8?LSF>lG9$M.n8 6sO dkkBcUNqwԝ3q]A9E)fn6cDWk 1QƳ-pzgҵ.sc>fb*mqyLYھ'cTNXA8o"v9?FN%y>^Ԁ3 ҥn<9~P:S z`qIT=xR1qަB|܎xyu+(FoBH'c)6(f\=?0W;Y@#<ܮUZ_̖L$vny˓ӌINww8@U<NulHo\" zJ2ߗݸzSlKr=}ET84r~S`#=z@;F$sP6܀OO~?:̹c B7`>."##pq@H*Uwdg$+`1 U)"]mf;8 Si\}})A=:sRrb8j`FAl* +ێi:u42N)I'\`9S`>:dvV#=j\/sTSݸ~20n sS]~Cs8xNa=+OLu}2ԷA=G^hIc?ғpFpydzdwR6`uREʜNv{A;A隝ISfB|Wo'#T8xXȱNwF9澛gFPAx#Cɒu⾜ `;$zwS"3 >Ԍpt#q*F:g8'T=3gyA)'c̆El0u<$M^:uJvRdFF܌cҚGܒ4e ӿRN*;ۦAI( 9zםTnw@2tf9$D8U4Xʂ<*np=|qHN=GzP>n889v"GPg%({Vz0kssqJ1{i(Sw>o&ҲNр;~_#OI {!v#϶qKTiМ. ߓtK ި8k^@q s;\>>%)SӜu/G'Jh/z Lsт`/k3 j@;)V2T6\~md s)2 G?h1nN9#ks@#ȹؿ6ϧU07F~\Lz*48RzѝxfI?1ީyf$O>qsSOW` 18ǧ=] 8O皀FÀր돘$N})E 8$ԟK. 꾇GJV 0{;pFSjI$2–#hp )s:v]WX9܎F*,C( ޣQWV8 {&ߵ|I 4n9ISuCa7d%Mi˟ggnA9U~T 8$ךx }V&_2sOz+)me4r!ӧ?GtP #QZ=>s1܇"dn֟bVIedy#I4j?/QΚ'=rzY9[0}3PX;[vrq9n @NsO#8ܕ},G^p:z@u ;|s*qԚ~"Ҭ2'<'>xcT(@9?:؆2BƃW+0 ʜws֚Bq93Hv|i7N=}PHVOMe(9@IH w6FOGH"&ٜw_*9#:0h֘d`LG40$xGN}4sIp;F87ϯzSY[;CqՀKFNHunx.r@$xƣays^R)ai.pAy8˿OPP0 = :ji PCu##SA~<G';r>cׯE# >RA?VrAay>?c'Ӷ( <){~" mބqHBj =t@R0W@ԝy''=}OFxdq_?)X -zcҤ'#JhzdmsϷ1\oɎ1=ut8 gA Rg8#4o9'9\Uv;z?.rGLNn|p9>@)"7'6`ر}5Rwqd޾c+|l|1א3߄)\ e}q:F'Df88_A^*B0rIWL^qcz|;8b)Ar2rqQ|[1}*U&vg>"̮a cynʻ/LNvOS\g5H9onJ uJ[#ל(zwok!{N1瞕㟳7[hw,{}s+`N=g&ބmh$cɨ,0r;du_J OܓMx#ҤDy霌c*0 yoҤhs߿XfPK OJa=3N#JFXFKHh+sӵ(~Oq~tI Ho@ FXq׵0=G=y)]N?! Hޭ'Rƈv$~\/w(_H2{`<{S ]L#8SF8w'z9''JKv/C@Aצ>Iswޝx A@ XK{ڝQxMG'#g)I Hlg+xPOId:uXJ!ӿ &NqI?;iA8#֗ 4#=)T|{\Ԝ$:c㞕 10=`n$瞸?O~a`s8_QQ+gw <_N{F?\ƋJTuE;vTNF9 &p0F>Iװ]W'۷s2_zU FHH8yMX^;O$4lVZ?Ղ^gv$''p+_W2T`83^tw!' zhG`o)RE d ~:s_=/{,7$rW1ڜ1A { bX`d`ib1G<Ԥb4+\}j(ĉHӷ֧f\ex=2 Vp|q$>=$l\?<מZYp8{ҷIFy{.&t'vAkumң,ÆzFz8䞜{鎼Rq8Ԟ}rA?+8$d׀}G?ʢb|Nq@=Ol>l;99' ٶ ԬX8x'P N߈ }y:}i d1##xM+qހ#4Ϳxcӊnj:٦/<דք#n;d_.Fxp9)psqM`0sҫgҚ[vA1+pH;x=u#`1i˷[x4ЎNEO( y~Fn9i_u9'InF@~/ͅ`3Ӝ~}iz ;ZpgM>4А;Srrz~U&p1vAҀv1sԏ'@>`8x#'GNWc\ti~@R3_q!듞Enq?NzUk6W8$t<}1E Jet۟~ֻ۳#qYJ 'RyV!`~I8RhGl:3֓=Lh9n TP1w?J::gwZA0qsUn i3`|qsrq tR#w8WƽF2B?_M7w#<ºq?"/S;~=S.{Jq@Jo# q'ҼtN_#4ÐH9qJuQkqu*tC-̚ELd#=ϭpS4UW#s6e@x? [!Xp稤y(#z[sc8ۊ8ۓ9$~r ;LoǩǭH03pG_~ݪʠ:pshqd'3V˖#^2-y'kĿg3TST]$8?^y9iVFv( <v9ҩ9>8ۮ+ FrLg 6 qcqJyt"lpXL?J8#nrK OFðs߯N=r#gק֙'~/7|rrp1ߚaT`` qmH=:P' }zSR=x㷯&Mx8=F\vqL=jv0>E4czs֠W8ϯlRm$w>(tdsM#-}(Ʃ8_瞸(H$8#xo~J0 ?;1֤:ҐHR^{`@ `H=s2}=1`?>t0|G柒'#Fx~_83hN\ҩ㞝zS>R$"I'$"7{$pN9㌐8Þ^=𞧸I=[Ҥc0=QH0H@1{(jr@?:dc\?lCg8ϧLӗ*1XrQcLvW[k[q<:k2Idrg=Ǩϧjle <Ѱzˉy&92?ery'p3}kZՎHV$ @VE7#c/֥Ա!2NǏ¼Ğ;@Z7$ =Ogx/~KT/g\/zqCE_.IiF$$~8$d֭>$fT t#[1Y1SB=0#=x,Tqn1(e%C{t{{#{VrD)[ `2IA`2=p1Sǧx_c+cN~%yv9q1ϔ֝g)=A ن>`I8+tYONV͘` uןj5a{*Drw'PGaBfmI W=_GUQF;1T+> c߮}xKrt$"5 +'v+F͓۟p+:K7px'לq(3teV#^aڸ)7 pQWC4Y "?H۹霆J./dSrz9<'lJ9׿j})L#mK[?JI䜊,;zsUsP7wR9"h#&@ ר9LvAV 8QCen wTp9d$ ~;b&u8GSTe(Oo֭iڞ\}F9#$ }:sLd)d/LԶe8]YJ5D7J>}}+jX.IasҼA@m{Ů} pYHG<ǭ4.NB? ]̌Sh91ucpHyUGlç?gI7]x,y+t;ȉ*:yf*Mnw.V"C[9~]~giڛFdڲ!B}kG OO҃"<˜ oj{dqtøy>5py)9;:ǵ2S9+܎> !q}*1z=.I R!nJ&֑2o˃ʒǯSqH$N=z)0IXu`֓i.n4nr@<( cǃwoPG:i8Sp Þ9'vhPzw?:d#?208:psQ<1sH9$$}y魷Zx8$qG $O_QBq Z;U=On=}>q8ЏK$cin??SAV#Z^O,})<Ӿ(IUƕ8=iw|p)*Av*RS%G8@BN=OWp1ȫ9c~<3LRQ{`ف!ڒH$1V?!9zg֪6$gg֮(!sOLԢ4e?=RW85u>E zR嶪y=9uAӿ?Ψ_"@ &L/@#+ ]+d |yA^pZyP޾kgUy>N+":r A\qSޚ=)Ł;H^3q 9?Q\5LL`s\$̜A{57v#(y:}Ӄ9E-k_pȇM%2㞘2+vlAZKbM0F۶=';0>RGLW5@a8:N|'\\ޢe[GO0Lqlp;S[) l~mVFk_0ry / [Onq"5y;sN\ۆ ݞ3Qn^Hl3ڝ7t~48~k18?قq۟ZVOf \tl0V9F9~>޴@ߨw0rWSg)ZW8=GB8lҘgy 3qHN2[*Ha“n7 z}}ހ 8*sܓ''?ӽ&~U8#zT4;se~olEG8v}Nz3OG3 ?⤤8r~'p>܃Y'g?p8^Y'}84 L-OJAÐ#=~@c= a$@: \my9p1Ϯ}9#׀{z RIN:47er{uj0t率Z"9s~Jq.zIm y=xH8Q8r8~08=Aր`w:?OZCssG8=xӠmX)Ƕ,U}[(:C`٘qט^rؤ~< rO[-$[Ty:U=IzkxY,XI>nb(.6tˆ ϳv7 qʴa:A҉v>kfҿ =?63JsrzOZLLK%1;J$=Ǧ+~[`bުw'#6:>k0 83kvtBm 18?JH rxx ڍ^\1VĈI19IN P&1T8$vҮg|x)V erGin2${AԠg}`w 88H3M^!GaQFy=AJ&|VRFj! >֩s5s,|<PۀR8U ˍ\u,LNrֳo ɼvn3hsȬTOڷ0+~\O"\7uLi\SːiA#۹UGǧ]S϶;a=FqתG*Aڶ/-7dgfdrG# .a( xH,=3t?.}+CiI:S&k.3A*?\jF >Sw8\.̜ VkjFI)wH`6 9T8%Ly?OJjSBM,4uka -zAÞ1SײOFX$k^腮#_: 6sѽ\1#ݚKnF}4+=O nW2 IVC<{k\矖0tә^1nK1+=^Eep&݆2_#=J.&fI8$O񨥐SBLdYprܐ1+ Hn x}'8T srs~n?J{7 t=}f3HCoƂ[p1ҭ0T *9җ26+;ژA)2F@#۟SNt!p9Tg=Npy(<GU;w>'0ǧ?_I8p_06păש0a#M+1;}ibp= aG#=p)}=AH,zvcp/U6p+sfJ\އ?ZVpyVqa9:{gFۏ'<Җ$,R=qINN9>ñgod>w~ZvA=)G AA@& Ȧ67F};~@R{zQ s*MAz`zTW;ypY2ĎÞ0NO19$ 2ts>+1RIRN8iMM,r6n[Xmק JIH''pstQd u$<}b\'d>q `\c4c21=wrs=M#z Lt9Q:?#:r3|Slƣ2by_1t{Wkণ $<+J*5 +-89@JUQ{w_`{JiĜ?n+ ޼g֧p6`>~JC^\Jq<@ǷNb9o=>psJ=s}ccm(c U-.8yPO "|ryX@>1?vse!0#z}i+q?Su1I2xCFէijH-\~s*;K.K(Pq&eHFI>urƠbebOwp?] 6ķ<2=)HOXB6{WAqoYp9}OoZPF>ND`3p8 ޺1@SL,~'<cYtk;k8M1G_JTpߟz w'B|=1(;#L*E7`2;cޣL3NUUAAzvYL)1j"m/O|u:F3ۀ+H۸F -q=?Ze$^tmnϽRhդ@9VD*G嚩+ru2OSJ`pp8Gqm.TH8x<$<Q/ʊdRێB>)e(YG^YRD=TL8qs9`IFjh~~\BUf|`>Vn9U$%_a~b8~Q25+/>6<_2xrFp/Ya⾯M*:⹭gD%Tsz[x:±jEpѬ#b?1#¯@c_޼ 9n8bڸ+i<׭ʧīJ_5j~:L2 mti+eǨePѤgq}mu w098.'sFu= @^}ӈ;yRF1FZT ʃH~5I¤y޽9yFOI\;p@OqHK?\Âd;:?*F3Rp|q08)'$d'8F'\֤ r8,AH8hb7o^1P?to_OWU#|c9?8y5lALST\OΚOR<Lm`cqrzuۓb$`qHH8ޑX# ~8~=4r~'x"03:PH?)c \uL)UA'OsR<>/#zv$@kaяқ)Mh0uս$N6ڪV]][ A&c<}^M9xHOqx `yvxt ǷU.3Ӧ}2}jw(Ӫ94K>\P~7ShXm_@x%:oÜ^ HźmIҽ!Y}s]X e{?ʅPĎxcg<;d@0y8'|Hp9:sHX$qr0zzz_#NI>x(O8qOڽ}t@ 0`C#"U9=:ޛҥ\4[vz]1ڞ "r1ߵ13p?N]S;@0| zqPgޛ*ס#?j@lnڡ8U3=iNH #rq՜v>Qa|A\2=1OwzfoDpB`}oJ|Zҿ~R-L2 s/u-k~>qarrzu=OJcKwJƹhOֺYٸ qJ R*}Pz <8ǧO*bzm 1ߡ'@pFzgSH艾fXW뚍DDѡ䱓hʯ\Vgy9*XF=kyծ-'*F2OnOj洡vtrjK`yU^wH?^0 ڀ`1$+ӞA8;G#ډhz>$eE$s]kb+8 uW %B׷HG2B.GN%ps9S?OJ#0E8׌r{%[ '{bXT/̣ǭa&wӉf9Lm RH9qDxgX~"8TpFOeH؂Q&tEmR ?^mW_qkeb>Q+zc6x=JIsaS^ U_[ &ON+6Epnǽr[8]0x5Չ-v c֠TT#օXI8#ҟ,22F}:d_*Rqs>g02YD&E RE߻*&nr?*a P_'fx&&S#6ŝĠ__Zo-\S<S]Vp"? gATȠPs)\V]KSp:U9aV c9淤"S݌l,# &e(d3rH?T=p&fx#V,*Xi4s%V:Uwv:sձ2YNIģCAGgd)I"0ehGڥI;AsN,_4rWo$7O'԰%,wI曻?)8R@_j<#;dwm<4́wz{m N:BsLgN3׎siL3\}Oʀ #8R=;88lJn'Ͽ4ޕ\OJKYos@%9SƓ9_&:p@q02Z^0FA(=*)ձDZJ@8u&Tqp9?΁3pÑ?ƴ42݉m} w?SU!7eӌ(%#G #L2Oi$r“AcYN9?Jp[m=?QV G^9!'w>g_N ҽ1<18ԛoS s^QR1[t4;OOQ}F 89=yZ`۴0vJo [|7vWS6F~d\=딿#̹sֺo :,E!Ҷ{ &Kg'9O$';c8aqx#.O?tqJ3zqޢi[냌PJb"W*9u^W|4 9eA8%C^|a}𪯸*F?G8?Ӄ;THF鎼v{29=} CCdr3׎8M*t#:sT[J~Sԑ>~m9<1z:uJq8Ҍb>zh Б)`nQq}# xxt7 0a\flnqk~dB[Vj((S5m8>kU~IU]>̕D A翡5۰0 )h+cn89?C+n@gtl~HC3Zq*F.P0=S.@l)NnӞ*ᑤqާm CgDbYDCu-!2:vVΟidT)4!$~}>Tf;7@Q呀#'=}1HԖ$pg| }}Vιv:=+z8aM1(L 'צ\XNK$rf!bU#Jcn 8<4L$`?Z|. csO/;돦j1o"Y I32x Oݒ(3yqzɖ=,;LHnN;Ug.J^G#irƃm.+O?'TG=yu{X`g+Zs0 -sNkM| G?<#yYHP8|C7 #|ǧ"wV /#<,23' }zWBؚVfxoTV7 I'kܥAanIbsFrLcnq daQFNF3=8'z?}8KA6~8H ~ԜXgQ`F1w):`FF$Ғ'{rM40 O׹qz8Pp`NFOn(f9 1Ma+鞧#<ҩ 23U4;8{R8=:sz~?(9~ = $]ǩg9Jw$c[dsM͐qz/L{V?܆`dc9$K߀#"'9ST7]@0R 8A'Iv>DCH :Ӱz)-[#cfp?!aǏL=sQH:Hp=Oւ sSb|܆N})Of;z7x*s8b Oӊ>`ŽA9=9`A8s܏ʣ Fp8>:dt8oMc8\~nMaRÌI$<0==N;Ou)ь`{ߎ*78Қ$`i\sz{z\ sӧ׮)2Ki>=q@6I nH8=OGtדJH !I=z}hhH#9rNh 3A8>cpz a cc `w? @ R^SNFN~ц8tn}?!i۱R1ׯz =N'$@{t ~P0@H'A= qN#s=3 8=)KpǨހtL3< G>#N:PrzNlX>^v8<z:e2T@HsqU"Nq_M#u%q"}y?1Xzd]A=m?+Aܞ5^&ֶb 3V܌fʌG5!j^.<-#_xw dr^'$'9 {O$G8ǥ|cGw)J+I.  {zW ꚬuCA'8r+o+rà_ WJREĉe<;k|4n s>N _SԚ/L#C׭s>b3Ɯ_Os^in8v{jV5trdN3Nz Doׯ~Օe0D1.CxǷt !n`F?6{T#$~\[UT=3Cy7cMa9 =:ކd0ǟgTbe"PNNzqkfdmIzյ,LsO3܀2v?ZΈ@,Bqn c Iާ"1#۽O1ҠJ g҉4їqn{v,aq늼<ƙu950J(gByXxK~u(;TdvN<<|OvH6! -L(;gLcF֒<r2#Ϛ o.++0O }1*}@Q1v4rHǛL|7w SO r`?:HAГ 1M"dUfG:yf'R8?^:4(yPoc5#=dGdtMaګ\IWںaq 泡vɅ'H{`d֕ܮp'5̬bd}qڒki,*# J}nƠTZX7pO™%!co x=ZF@=S93@Ua3J  Ӟ+tGc4L.: H`vAA)\mfa',UZNsv3ffUsozh1Ё:cϿheHSGd'b+;p$~+Ǟ9fS9YNpsǵeKʕk:BI\eqNO}kdrT:0+ߟO]Er D3;㡯US<),"+(Rc us,IA>zw8cGjۀqs½6cPlu+ 7$r;ԯ"gx!xŽ|Ju 8ʮmpz1ҽEdܧ=+Ȝy[FC7r=ƚBH8cIcqzCקsPj9hn2ÜiNdc'L:f'i N3sMsޙ#Ip}ZIIAnN}{i<jn3I4SO#րHH21S~NG'\`\g:#7sLぞ 7cB öp}=jN'osz\a=;SCŀ{i9#wҚPYF>_slv4183}x$s*)[08?) zzy'?7DϰQ Fq==x~^ND;l] rn~ SZ gpFOiF <CQ6~ ϮILт6:V: t+D!{Xy%Ձ'VD6s3UqY@SkY M=kϴ)vVRlHss]zAǝUQJX{TY,ۧˏ!a߱\dtz~J`iO#*~|:u;ֲj/+zqk-BGˌ={6(F~Gҵ*]d+9WCIOSPr1J@͜9=( v=8<`?ʲh$}zUƸA{UTd1=r?q #OcZ9{ K}JP$Yt(:W@q׿ֲrʀ(AЏWГa98׭'N3? Vns v'O@e=L*Ued(>$:4l$ eyxׯFĒ7^iYc?ŌqGi qңr3?ϥ)azs'n[@Ls{=ʓ'HG ӷAz~>D;~&qǨǵ&=Ґ ~Fpܜʛch6_SrC q p`zg)7<)NF݅ARn?*`r{ҍzTr0Gz~9A;Z 2@j6Ӧ3S|$}*3Мށ@*zׯn)#@c΂ܖv.qIۧJ黁n1׏oi`cMp18ۑLm&I?J@Y[ y $#>=黾oAt;ӷqր'3ۜP9qN-8~4М``t4<g8df.9ZiJFOEV :wkHG91{nܣ8!x_ƺe$ Cؓ'}O]J-WJРbkꥐFy?kjR Gd־y( g8C'_Qz|]1y# 57í jZ]\gr8ҽ'$4 d+^XI\[yŽ=uN4mB7Giv0V=Ͻt#2g[yمK8g:lfq)u#2UqeV,-A9zWQYÒ1'3{,Z.\8HjTf'j8ҳ|R:}k^1͞:bY+!*Tүj\ iB=y+ɸ&_8)5ͦjvwb8oB}>o26Iun*:nS4'=r09җ 'Oqlrs֙>Q{v␸.7 08znFԷ^JrGaSOʹJ`) ׿\ ' r2N=$qg HpyQ£?IߑSp$8qjF#'?1Q;0ly{SlHO(r3c5N@2TϥMolc1ĎIMES2xk2J8;Gs&@L>)02d-Bx-#ZTMb+[7%s},vIW/q|ٹNW;H:qUˌǂs?NT3 `SM! sN)~\pǓ֑v9Oj"9|u=q)G$lS89 )}8d`t#2@<zk>j%_muʐ@=={=RO;9<1RcP|?ǭ|҂FJ~$u^If`v ~f/̌d#یS$þ#s;gǸ ~*e\d?BkN.#rhWG=p@=pyUµwO?O7{V"6h'g~#h[j~*&R0#sp<Ҿ}8ׇ\iI'&Y,H8_jM >U1]XXksr@>wzV彺 0q5r %Wn{z]O)yy2={OӾQv's֭Enƌv$z ̱MJOrzup1ҹ{b%;#Co8o!p8Qʮk >_Fj]B  {I?t{f(TdWaiy< 73dLd׶jcoλ'K[Iuyv1K2>FGJVEkSJH=zsTnw9mmI2k1@Z P8 qpdj[_{B4mM:'Lg>.嵣PvfJ.@`f4684j:g=? mB-V܌f 20sUߵm8]ISiWv3Y[˙ 3= Jw18]BÓ됞̋<`?;F//Nk Q#*zgB08.ǻ+?+|#q׸ *\#$~jG4#?Hg#i1NHztǵG3] |[v8ldki>|NL[VrWBR} pF:cT,'<׫G xR8E8[V?)h<%88M7J]LjO=)K.G^w_ٗ;D? %$0?='\-8Л>SHrI89NzsZ]?dL~y^ns! "N#-)?j;ϙB'>+8O +W"97s'?TV+.K*nH8Kpc@@$t_[kdE9)3έ\hIL$ϯRTV'nNQWw:cVhfPS,ھȓ$$7esTQZۈ#d\`Sӯv4]ϑZNv=? sx3h (Wn>`c6aaR?ﺟP|Uy x#_}x[0*\x͚1k}>jcĺ63VCk%Dn斔嶟&@^=]_->!'!?^_oK^EVSkR;Ga_vŰN-?'‹|Tz7`|g+52⋼჏қ u`_ aưΫGGbFH,p`zW>bOA<N?|Ux3N?JD~t[@X.j_$'fonϋorqqoi{8K/HcZ&{Chn9"> +QOFd7 vg#ھh3-xg`RYʐi}Fa]w>\Bz n>W3&x+i7{>SԗsNI'@b::ujad@RßZ'%B]XOpGZXZ얚|[8'n}>|ܟ21cCb) `}=8Z>r?sM99$gF}+K*LzUfqC=XGէ9$?*3}^'yѡd=sY}Q =*Ùn,F6xnqS p}»|Q_)<=;9#kvO v ϰ]~>'9ǥv|3<>$GIZP?drrF1Ӛ]/Lu8n?fڣWvտzz 6ރ<Ƒ|,ؾ^'IzzCX#eʜүE}Jx2{g~]@9GGSg`1ɫ2< VVF?:"7}h${11VlCme^VV 1EA6O#{l +AU.9V;uI-RutpGº 7 TnHzPfp:ylu <."$>cۯ ?zl&v`z^j{a })1'-Ec7 #AYq, ;GFZ6x9zUYKf0ƛ9sw 4,=07wW:c: nY0 {s~$YH3~i 5tg?s#+,*ƞH8YrA=3]9jpz!c#pT}׭aS{]m5?:QOڑ7ې t=9һ`y"y[7LuHՙrNkuY<;} ѳC"x?UKW^Zg2(9$r;gf ,v.'%CE7Gߟ֕T?Bt}a Fny\0V;q߷Ҽw.s7/dlI^ֽx3 l9FzW(g|]^hj `Vr rp3}u? lN5;BL FbgAg]I&a"1#zJr4Iy5/z`Y? }? xgL˵`·392Eaeqv-# к>?WKshElF0S#x}cRmP{Y R:¡wwlR`qh!|ja\iݝ ;{ڜ#' y ?4J=l`(u7w7vS =&֝s)za` AL֋3'E)y54J]iۉ9sNxpF{æri 4ހrNiJq9'[9?ړ7צqړ$C;CG4 qҐUqO_֥M`%֣Gbgq+zP*N }>#in=y߿zY:,;TJI֋;NH* U_nԹ}h-V}Hg­Xs 3 WRpGjimp|8YW6\͔]9Mf?UwDM +ӉF8 g@$Ho.x;irsj09d'"} yJ/4^}?4[Yk O-Ocҟ'U=z(Ӱ̩|;Yf,w?/1lO?J?ElRq]o_ e1gj_~bݩR~eU+ ׭=YOJV9==;;xu@'83WOve.tÚ]CKd-sivOS)~d3G򯸯j,jDAͥn_#?Z͟_Y#|"y. xeݟ4zRtavDk>W8 < :A+ͤ|`RaYv?c,vh0 Z!:aHzFfv䑜1z׶oVe mbs zW|WD0Cubrp>t_J;HmTWHx܎v90y Ð1@O^9U WgzRbfUih"}j+NHrsN26#PZ-!xOaI|TNp; LudCP)+t V(1Mg#R?͹wqxNa4޸㹥`q R2?/;>ivj|04sڔFIrG@49n9 `v=J@r: KOJzv:N</9ɣ}94 `8$qtԇiF})rr^2iH8GzR6'o>@8=:)O gZfi1Nn)q۶3AK9֗C`: ##=+:d889=i?h85hZLVRl?DsXԷI*2>72AP4O)}i8\,5{q_SH*R$~w 篭4g< T3PqsP @ ^>{:tkcGHyjXFN=9OO| BOGJGb?*Nm=ͻ_Zyn-vT\>' kFL贏_t>7 O@;Ko-T,GbM}|D 4rGpFA |!g!}N+CReH'm&VA mW_?NMU<i$Q$\M4sn Ìg*H浭Mt>lt ,zdW[qK?!\,r6c]|M{g=}:V}'eWcy8 ͵ ~T܋EWqn0=cU{L"jduś&M]pVd |ZU$':!wˑy;fRdrFN[q@A'N8\18ǽTms=3޺m2_qUeNx8b0 }MM9R[w8qTSzh@ɅExǷ֣arorir#5ڂ A$sN:}>p3];Xr@8Ǹ6 bu =G\tZ(Ҧqcu:Z8Fvdy%!oi}y=M )͐*@8eN\²0]Y/=~ICStQsq'/L7ShR5R_y?ʙn*3ڇ!(^;~4M!9'8ZQ'x9lU$',ʠN="]8'$m~y`:rWؔ48qN:M:-5eHWF<ɔ;rrg@e,[+ԫu?pWׯn>8#i2)ZZV`rWy}&Y2|<Q{*IV̭QB>_R~Ѐ,{uWK|m2C},Y<!c,ro4_x2c"T%kR|5~Qn"t!`/Ό& NMgQ;"!I-=kK4tTUE{4MzogLr9qR1O;nuDCJ2I8+?i'߂ v0t{}^q1yFsNUʢ;-/Ŕp]C,a^QOS<3:\ Vxx3ȱ;I~?t%VHEGjtvZ^70n^L w` D!PYr*ε*nSje9.[(`tԛRm[DGҟ5_>+Dm_naL-6InҽCxGZnuKHnLAlT6?;>QE}wmE?WkbUʤX!P0q9=_S_4|+|E=E ]:y*ש- 5)7۲5?^R[;pMeن"o*pN>MsD(   5K-q%Ӝ9) GcVtz\`s*u2F;}5}֕[kw.5Kcltǜ9أcYo/׎4K4GK$hM1Ӟ񟁴ן$X:Р"q8(7G[hQQ(TEBڧ ZUd~fU|=<⧉~_<>=ve \X\Qv;## ^y}̗VE4t@Ĝޯ 4gXuj)R*Lv$sAsS4A5>GqOʤ+`\wݷLc4șrrN1@oC&m!$Jh3Ҁ\zT3ڗϨHG˻݃8 E`\p;R(oO z)BrDpyMɩ#4=+4z/#u3Jh׊iQ`#<3~JLxZA5+Bɥ+=y4)nj>wgi!3_@N+A)Is<:5JJ7q_=1I:Qb_X(FqZ"vāHk[,rlT6E=2Dm=~E???Z45[ D*C`7 9h ǿKi&<9r,Z7̬٘0c$N8\e'$W3OeYIնN=ӢIU( R@#JV4ZN"F=BUI$s#6*q= Fk~..|XIѨw|)#zw jqhb V"힕(r3Cp<k[^GM*%z7ck+PҽB2޵xDbxGPڹ*@O#TSHOR`*Z3щȁ ʵr铊`6 |:WX۶[FIs]z~$0{6pe*p 9Ͽjt6++r H>涗,!Aޜ t`b8>yZ:z'ǂ˴}If&'pF=8hnKc*Wi?͙Iz"gI[1\Qf[)$HVя͎2N3\ w t)pXI'g d''z{ņqv:VBmNw?Zt99`}q4s&Q W -JS7F|/{;O*xO@>\goĚ>Eƥ pFO0J7~wwp1V4Fx'{Uݢ8> 1'q ScpK2H*C \N93-N oTFb Il>o0>xŗjz mb0N=DݎPXIpqvҫdfR(7 ;`:VdQ'£Zh&.NzUynRT/ںI( 'A[`HT$߯ 1=ҧ}3{Ը g"FO6v~g3+CStf&His8Ց5I,ɢR;kxqӒz6>Xɍ2H y#Dk)>>U۸dOK̠@jXV 8 ;H$O+lִ䴒xȥo?0K+ufd'cR.wBQ}:j.}HU.cxUG8矩\gуJ;HY#R@_̏.0O_4pKTp1Ӟ wzxTc#nW)7dti2)Gڦe^Tq?_z$i s)NLY]BH``W~F z'c<6dsOQsIQ32tv=2k `Ul`y뻱kԷM\ج@\r1} t5Q5pb.L> OSo²7ʳ w 5[카6o`q0d(I$̃wtv=k9$kv.eY"+ + dw|8DQBT Anmdy>W3nr+ ]A< c=EUGxe}Џ[:bq}4/˹{z<ݸzfqޞǥ)8̈- upgL7fo-&f#+7jgMౢ(մil.ewAEp4:-G}?}ׇ9 k ؗh5(ۙZ/1\"Olۣu t*#VG Dֱ;QI'̟ Wg_-~\[&;ky `+>th%,sBZko3ujh'wn¤`!ҭNN[oL6T ʹMOe&`ʎW"4?d-b>"%HǨY?gM{&NסKo$FX6dvb^Ʒ W[kF.nJo˳z'npib]W*u#088cV1J|zys^p*S^=J}{ILd2|5?_ ;5«+ρR|Ԥ$ƚ#.gۦkԩRևy^_b0iiſu$ӹ?E@-䁍ؐ͒u35߂O5 5H^lٜ/!taӌ^3q8.OE^=? v dqަʎܚaG^ @0vJNCޔD'v,\՜Q` );=Fsqx&y!<8#\g'R ?ɦw57rs c֗(9=:rc S`Fӂ~=G)0j`<=)ws􃞦ǚM8Gz@6Ɓ1?QY#ZxiSւpڎ̹ ՝\N en?[9ʹK]>(c=D `稪. >+tE-jPz5;467- {F'M~VeX 8?||U5#ڌnum^Dt ?6n` lLWR#o$0s]Ԇ85"oݜ}aʱ0\[0lO 65KmEcڳ}Q'!`9=G"c\yt!IxM>XN6:Fƞ 0vJBdGpX9O R߭u6wIo(ᑗ) J+{G_ſ$ԭwMikye 5;sΔfv> A1?< iRxu},r:[dRH yBx$ ɯ5/փ;~.4|[&,q2 2y2)ʼx l!q⍭ƏZI?h~RK}]$ܛB%HUc!Q4Ϳ/|Qk i^-`Y#Aݒ6Xt i5G1ӷ*g'Zg|<*=)by<:pi۲0|>1gm1lu؅7Ȳp펵ʅ hnoQY~;!$2 19[B2[#hZֲ籁Z|9^UʲFޣ8ȯ6Ɏ>+Hak w:uQ,ytV24 5XholvAW̋cmG~zclEjD9`E*#'qd2diW-0u4Nǐ|0AOdS_:Y+h-HU=G> RHn\SB۳eU$8TSc#'~rO<|DѢRA鞢ŵ qF +&n\9쿘H9 82fJ#܎Z ] ]DTfSh`3jMZ[O&FʷO´Ⱂ S1CW$tTKwc5cxBI*U0 CeYCt+ͮ|m,r}URBȯXuj;o2dׂVn2x;9qdAX7t `c>yl' >C $wfUv#Yǜjs+*###kҵDGf I ?#_4g NKќK:<ړ9O0q#SI_v$d00d}jQ9k2rӧy*4ǖ1?Npʓ~`O1VDK#!nw*z $;9^G+F;wXܬ@Xi2$"Ň܏\ USs}sKZ41TeNN+ S/C#F"Hy7/=?.kҼC֟o%D+I*xapok2Tt B5 U-$ V@KI+2y_6YmrïPq' dNHxvy=(_֌q]F"G9iN4ߧ?Z]N۞*''Q֘T+9b9K?`ϧpsLwzۊ\nހlc7smixus iwɦ32185^@ ,cG<)}i =2~OZa9Ƒ+4_> 89҅#*P9#RCQZ4m[i O:)8{Pv*><FR7NL<?ZPx:?Ο=JMoQ@Nh#i;FQv4]UYGVAN rqAho[qV5K&ZՎ\ W r0{s@DI"n-H"c/^V6qZ+Vx:7B r:ΙyixvhIp>WٖX(x$}yx _7:=ckWqu(d]Ѻ0x$1{!om<1u$LMw'ۛ؟4o/$U9pKLg Smg6lVQ28DSusھj^o&-OþVѮd1ukyJȨF :UoyƯkt]>Ѯq7QN1ruc_nprOʾ.ŝK/./x?ῂ$ψTǻ쭗g#*DE 78>/7|7@^OxD~N;G x>Md am9b@v- Ү >[ҹ-3SB[=ךl"DQ%ے{t\7+mavkK= ;9?xӕ%J*GyBA J ώ8Eun>xOoU-n-28 Y 2x{״EA'񸁾ˠڵ~wVJG9>Nn<$C!lt+Nd*] 7!!GszxMɆ%`{zojQD.q-BcSpZUf/ҵm%قOCֹIkFVWb''z OXS|O9JTκuJ4Yc4*e9>✴O˴O_Jὰkv_?ҧ*a..?vIϨ5j9$ v<~Una*,c$Tq#+(H8.KsaKQOs!_vӒ@ޥ)Ifo׊8#=.Rԍ+{F %@_Jl&#Qm3 VBP!l1?xGn+ჅU<T:o}'VUܲoM2QZgT_Jt:ʈřprx~:M 1§7zzZڒ@O GЃTm` b_:g90Bዜp)#Ԧ fnE6(&dUF;GKYf2<60q^EƑg>`vzcιB%IܓpZnZjEFtip4lAU'޵ F H9<%( rN8cIuˎM0#[c{j ymc>)svjs'1׎ɻihujY$7b0r# cM nuxRS;X@[ 0s\&/L\9rO@3<0 glc2 iRHw-خ<긶: OڍԭdMHwg~>luszuXud?$ƼZ6б4~#}N[I9<5=l\3^!RI n7xNS8 N$HP:'sU cw;6:wwoѦ'9@ Vv׼0F\gdklA7R$qX{tPj#(vEME bS.g|eq28QֲJ 7  @ß1uā K62FL3FZ*͝ŲGQʆk91,9#m;Qfqܑ̻GmR=6Km<@]#vdi֬ב[ʳE+LTS t>Ք|;>Fqڽӣy~DT uQN1$Nݏ>P^}QdP\~>F'%rX䌓<٣40OrhLӾ TaI}0Icum ѹ;8{Z [*}$*$6ޛ885## sx8o~٭Y.HuiIvA&@T. d_>cSe|"_-̘Mp (䎵x_VWQ\3$nQ3Њteo-QFHb{uRy׎nm ·D'4Y#C8JS*?\` 7z5Ȼ7VҸ$-ĻA=xpsiasֿ4rQJcXD5cƣ,MȤ ;f[ҫ=G %hQ)b (EQJAfɧ1J&:~(9sH 6S=<=鬼;Ըh ֋#''Rx0Ƞ9P@gӭ?p{Up`Rdcg#)Iq#2jp^9Qr~B Wg0 b5F=Mu@=:)?JF3WkIdDEfbxrhsH:c_ORo>uG->>lqo,1\JN$meYXpA 8+ cwJx8=F0sޚy=y`ǧzr R5B2r1KӟIgRh9dJ0qSz'(@pq`&Kg惎@?7z{GzUNZJn#H+xip}F7 83G~.2rOJB{Td`KdSp3( Rֲ|Aop@#; *}sYu$l薭\x&1C1yQ]"A8|D1؏^ c pHiz3_>5U#|Y)m _sRi^1d$Hgﳦ~^eNBs9ء̸l)I&\jzD%ʃ+zncCJGtD\d|LWE2aX`U^tvY. 8ڳf# ;$λ/& NC+H15vkt<"=UOG|`S*]J L@8֜,hDx9X.00Ǔ|cZxu>*DOO_i6Shj'f@?ҿ6mdd+meq$т'L~|שZbf"/(_ƳtK=Y%oFA@*o56d}He$瞼k-!R"ČPC\);-8ɕLyvW]iGHW ӯ#zq rXH;HKpJQP=8^S]BV3Ӄ5iRO. F2Sƅtd HgN+.`κ{ hNN\gxkdch3DSTh&{zScKRᛨ-R@Bw*8W+K<(r#wRR,@FA$%I(F2;gBiNrO~9 [ "*ckG5fڶucr̢DNT<^}x2N^?tII?*tu&]ZJcӀ+ *[TY0|۶y vjANL1$@p}N9ֽC춺N ۬C  wV%:-!lj~?ʻ]E4۞ 3&J^чSRtNdN+jt"%  ){+٬H.xx_˚\pfca+>{|Rs2sPKqpxg9LWK^YYQ'}=Ku}BH]氕sCqS2h8d_!5IZO})$We+s;&]3`E׈5Q?-ڂ0fEWF^1QktK{*ձnvFF;fs7|KrQN1^2=K<ϴpAFѲ0zar­ 4F`nB/|t޷4aGt?N֧Yus"*AE}OZMχn .%$?_$gpss8~E)I'_*e!ljӴ29m{;W_;(ܳj:pm(1P)I$~4c)SF|En=m_l_9@1=2V'x'zQ>g4w/0Rg ztuXoOgo[,umcڋaiHT.c[=}`_o(OaOT{_wC|nt_Яh|…P?:#gިkLJ<-`ڗ[]"FLS$)PzIƃЁ_?y'f~,u]N7hE'ڇ_ǫxSU֬dZLFHM[%9#5xu)4L/ax.nE2 V :Vsx_Vmcym%Y\ ,AZ=Jb<dY>(oūx],IH#ivجw\Þ 񾏮jkey4qc{*)$2GL^ͽPw=9)9 Z>#IaNM[g4ZJ#k&x)>|Jw>4oǬ薳m%j<؀.@SNvsLg'5Z~1d~IaA{V~_k:핗dby+o & m :2:.í)_Qo KWZ۾ǖL"k~~?_}I4?kc|ats#1|Qόx[hepФe.xI㹾qAN?oO7W3MVd4&6:2GPA~_o5t{/ &f\iNi&>ڤ* 1XȓʡH:22>9gk]c|eGl;xwv }+Zw!g=pN~wtsր3_'~~{sx+=~|Z}S᧊t[Gõ+!ur"h\x>Ko4{SHnh1nxYѼE_<֬ J֓2܀ {f;3uO#kJ9c"#4ݳҤeP2)3Ґ 9=x4tr=3LgZ`{R0:@7<6{w98[ g88u'NGƂddsJ hLsiO<AOަ`#y]Ƌx' á<0=,-KU9S@'<|]keKk:wuH{|oī+aS⋿j?l=O7͝bۖf-$+>Ȯ'ƾ*y6uk2]YÂ0 VXgR0zժܣ<7?K OD 6Ɓig$bǑQ̍ο4m ?o Bw^lMyfJU!>ijHiŻʒ+5n%G5 >5N>UusC֠NxAW3ko%ԸXv)OHkM=~`H/RxS*P-4m9O#q'VjnG1sЪN+I\fGv!RX<[fRMѭZ]VYʱ :|[ K)K#P@qJ?f]SP # $6#A=y>dJ8Crj}7Xh,߲_%Q#z㚃Zo"tREaE=>8UP))r*Ž`fXԠbvgOP>?5K[Pcr=~~afwyn$m?.׉X&!xPPaT}WHIWy/!mGzT5*d< Eji~%"_( P2 ϥVS}qi 'zlP~FV%nxi-͡J= 6wVeQ:݇=qֻ W hz6rN N?y[j26n4A~C6Z=>f^㞘Fǃhڕ7@F 0+㲒KxcBc9Ͷ[D*=wE)Ϯ=} k[ Vr!93һdӭyq{)xY2>/p}nQȮtvHjEPvf#SL VFF8K3Ykld9!?7:eE.ۑ3׊$_#5Yk-̂wA"0X7n+@3FN{zՉo,LH*W~{CIU$cWMkB20}t5IlO;÷yỞ?iL±^6H8]녵 Lyot1grqyނ_\Hk8rvozyUuN<7_?€q[>zo<ˠI$>i9~6 wүh4r @d׭r'a;M)%`$ec^../uh\ =ھqo\ ( h"%\D \+t?j›=Z_x}}ΑI/<H=Ǻ| N!ӡ : ^,-xKm,o =޾~( r+-NTv#<8AaF5/xB4[aI8q  W__ U|Ys6*blSL-}QgB|8ᶅ_M<] oO,> \O{Ɩ25hb+Qr|6H<שArcɫRľ"Y#tU m 9/"?|`7z4 {*c-bW#R\u$rcM NѤҘ𪄕}땼h]/<]bK˫voǚBQX=HRq5';cYs)wF{>-(mF!6GNx<⭳e8f.4w*| +Eyƙ:H 8n⻍PMFvdS,GQ]4-]MnM6,2䤨HV\wLyρ |>vZ\C#Kc#eterkKxG^:-ٟ'Lg|e+/9qkW`asN5qC58>D|޴wANÜoʜh⺎18b+' ~|>x]65p0|t8mT@o ao9:>mFk&bRzxjܪh:9͠ksw(sڕ?V#& ӟ!;ǀgKeBi|D}iaJHeܐ;n床M 1ZDkL]H}N鶛n|yZܓK6!'ˎO0-~T HF#Z>T|ܚo)q [%cB*<$. /A|wƟ |iqox/C},UTIᕏ\zď xޟ7X[5X,&8T̯ԅ>:l/nїHuOZ*.nXAr P?'/KP~!V.l51@bM|}|]|LQ-̗%?薩,zI?m!xWv&]wN&i |mm4Xri*/8um%u=;ើֲ v|OpJ<#ߍEfD%\"]W6LdFv1Ҽs?"f|w}W=OU9V\rZY=''b⦣C]6[Ś:#s$k=x$'ȍ J8P@W?oZ"u4۪xr{]hAK,*~#PXIOi!hsW(1Et>*\P\Sk [_A4u.FŸiTcF_l |3 o|8ѠӠTKpI4vc$תk;IfNxCMٍ]Svi b#h<_}x5O xI"0Xit[-m|s/1+ h*l>WsVVcq޿'nޣ+t59O2CGrNS84)2J,J]4j:Tun vm,z}{87~k+ǚ-։XlilSl 0`@a_*íl>%Mg:sԤK7RfPj.V0_>'j$^ًvg W$F,G'|Cm>?Wj'{ki$e㸴rW/u 1{&u]v(ocYCH yG}J VOqm}GVUD|,'lM|ǁ<5Nds|ԕE{oƪ4~uxb_~0|6?֩-Dp`vVHW+_AJYxQE#ZIq^sW_-ccţz"YA$ZU+;0|< ߃⏌|dĜ*n4'K◎|O3]yZ^X67,D8c@=9'?E3h_OO[w`3$]Fc$rl|ڟ֬Q3DWzqQ ּ2MWzJgD+#rɆnqq[I1V<77jq47($Dn=([gJڇ;O0ѭGm.ds E&ŹA 1;I^OR x*[đǶ]1fPm?G[_ㆯ wm #%H7|FǓNX_n[Pg +gBc۹Z2.XqUzF 0~;y4qzotxL t>ԀMv;1Rԛq)r=zc?JnirTeOqS0)0:z Nqޥ+zPRܮ{ҙ['4@!=EDdқ?CI\o@w]px<Ajd'}`=??JŴn9SzB%]k4ѓҤOԭ5X|sCSJ<Wu]ѹ_5~m[>S 1S?|--^[Ya͖={滫2#lf~5tRC^9-3Gل2TV0[bx7[MקQ=Ϧ|`2bɃЏDZ2O]Fmi >z(rl6WXFH 9-KաC%H8=r*K-H8l15Xݞ> .σ#7I$2dRP2pO}(V{Un #ڰ|7]EO Ccg^uW +dj= 4tsABOJRt]YvO>wj[bƿ30־?N]bFaX37Ǣz{QM#cѯ|cxOOiǰk&xov9rxy|ͩZxh2LGjman%A 1oa]+̙TdKכYϺ8-(n}OJ_VwMd#C;'f:O~=FËl"hbCo?n- Z+xfw;hGd*Uqv9]Nx{q^Nlߊ"->=J[ǎbŚF }ܱ^aOe>"{6 %asʡD |W[,ICo E!yIowVVż 1N7:}⟆u]z/ [d \B.$" >u%cd䠖B寉gwk ^!vFF+?xĚ$Vmy!R~mqƛ=k\C^w?6bNs߭}5hrx+OּAM1 k?ynH8'?uV B4$oĄA^#-kzk!p c8=kǴψh;k%\ZY z\5r몑N;K NQ FFGhݱz,n"xܩzSn-7#>+hnyk2b&#ڪ_joL#G#} W5.|$+∣ȭpW8n՝9^I;O98W[ z"+"GAYV3 q[AXͯ\}N6'AՈeK#k VOZGΣLg}F^2n$3 J,sczmWPös=(rʼ\&hr˧Se$2a@{I0!s_xrnLE*R޺Svlԧ\vPH=?ȫZ曪nقYQԓ?;" ơd^#n[b9bAǸa>Ľ9ey|-oZ7p p}OuGhcGlH uG#ڽ:KGEܮK30٘#-氞"'LhC'텬&| tmJCm=s>ֽ8xeV`~r}yψFo.\ORDZ׾/kzmSXڍs?WV"=חqly'#)Lcc[fY%F$eDKӎlm@Ht\HT\Ƥ9=OLG6.O]m3~\WQs{k fqӜj'ޤ-o8l2F6ztzsc3x uŒ t5[ MnHH?Ƈz&ywWq=\K3܈Fv%9=j yk ]A[9Tk. 5kO/íV;l2%PH2XwxGZ.vgqe:q9w" |XE/+PG(:t_Gƺÿ!Ui S)9#͌2pXؿXx+4X#wXƦyjIctoAR>Sh pOdwj 2vês_1/٣^#wLaMæTJH2H ?IE~H?l?ɢ .+N-#4y~!go7xq"<~5/xx.}~k`<"5" 3k _h#Ej%f>;}v? cO`WLHw41Mՙ $C#'  N_N7==+%2q ZA}a ?Yd<)2|MG/UOjX?lT7?[+nESǯ%^?X7l:?90-"~$L!g.ϛqW"Gw|?VMۏZ QeW|=-+{23~aд~"~м_W9y{YkA.WwCDŽWH{6㷓89[`Prm.GCjG?Gߠ`rqQҿ?Oÿ gi6Y?kѵ=7 r~An$i6wcXϐmQ- g_eX!:f=9a}$BK\}-vn+)|+ e :}!ݘWI#?IS:5M~ET2c21&}>pԇ?n3?oD#v};SWù1rce)jT2V~g73ڹ |Dg.={ž-KHw#/ux_?>_Akb66Vsw3p0#rw5. +VWk" M7+?Rƴ3ĸ#Ioƿ4>2|ZOƟKVD lZkxOQ''s36@?IFF} O֕-D9j~99#qTl>ޕ&qi98 ~TxqȠfysM#=:i`{bHI1Pqv-Ndu144c򧑚iqR +n)qOn$G45#sNzzP i99ң8Iy4Fc֘It<*N51I=Tr(Ji3HڠsP7lֹXJeF*H޹CO$1)4;.ktF˒#hRa*\VV ,cRQpe0oOz4#MePxes`@k\\+&2 q܎zנObUEg~oNRC&_\@+h zγ@<95Y8: βht(cZnMP?!pdvrڡcTPkzZ>b#9=EbzGkVouKO"@81V乙/.~QX\ԊVr8xvʑ|+K؜70;Ok:n'F'N@o\fDX!muI 3gC,Q\?v sV.q_kl'>kwf" $1KsPO70g闖Ko=KTy}[w*Ƴ ^CeY΢UXX4ʈOq]-D 2Xک>2;e|LMiLrNq߁\]内i"˩LoT ''564[ZG&, P9${@x<-'o +2מmsS7]Nfdx7$7|\XW*`#ǭ]tU#% qsS9gAXnuz t@ǛҮW׀ξP*h.wZg}P:W ׷}Vq>O1w?VM ;' +sT_W 78c8c'<%[]+⍵ն4iw%2ym!ۑ׹HX|Rī>!V dL4r#m~ַ@cZif-ҿg u)W El8bk/oL O^Bj*~~MF◈ʿ_1`~.~,SBfKk h1byn%V**_d~߱1-Ӝc'k +jPO / \1,72Z)S,hŕ_$N ?i''t>Ib{#chKqkhYScr ~}SW4}D̻Nm]kYJ:W ~+YCZg B;ܧo{ˡHl"=!ckSk2 񘔑?>6i٫^,=۸6lv@$gci5M9'E&bO Gßi:7ZXjROAOi>4yet0q/Q$1$0Hˍbgba6ˎR1Cc&)J?OcHA/ZwM:v)k[E>\S`^Wpk.wV uxĐLr w+7UM[O|Edtm^ԌyWq$L85)[aU/Ǐ6S_E%VLtYˮ{|ڽo> XO%_k%e{.G0$YHoMԴZ Iǧ'V Ⲃ;[c.8Q(^jgG᷀,M_Gl[\^c~/`p=[?u?xSy|Ku.ˈd^(ʝ*61ݫiZF䪓|Cv3Pc? ͠$'{_ :xf-mdAcpaG`73d_ 6O~՚&hn=Յմ["ڥ'iC pȪ s({b= #9G㹎OMT_&]GSғD/5bH< #W]MBx!ȯc3 ,o trdS{f&Kupݒ4݀dvU_=~˿Q |]f[x*|o$2?Y*~`>,Tӧ 6 W㘮|[ڬ7Y%md,y'澀1~IҝǙ{l#8",O#bA7%&UU\~iڦsY"(@to_߄~fYR]H\3@|zW|X/ͻ@~1?oSD0'n|%k.erJ,SF2Q>l1)R~R|9ӴO|XQk}ɱlFM= c~ACEՉ ,OcQ8N.49{S2OҀPy)z~t1Aӏ#^ƒ'FgڟԟCȠd@n9+j}ޜGs3Ji4Ga:ɑ8TiO419q<<NR?ʓ$84$4>:u=hz#asߥ4NhcP09|xϧR4srfQ{V'??wG Ooʕɸvu>ll.QzR"Xq[VڀkM,˜qt|4G=e.t@6O첟0sf~ a/:w ~_=Jk9Trf>>4z.&uʣ'C+c'Lt,0<('\ˢCsI?j_|Is%$/\Tc163/񹽳f]ě۟p}05h2ܫ]͌W#;#}RE6oDgs70^4;I0ɀc8.ENA0]qvjOqk Ãe1{"}dm,dw84-Ą< wkz_1 8A!p7ܟl0v6mF3 2퐾"(x%{TFL@=]oʡc^:":tOlCr>;[vT㿱[EuylYe\<>wRmEN21dY]un 1wZd' a}b馏qx]4w9V<fp|2=ȦsQɗW@O_z3+#[~I5;1=AL&l9(.sPArm2I]W!a@~Csc@g#^[4Vx}.9:FwN溸x*qu'5M4@|xzcSM&A%8aAVG MO}˸>Sl43 ## TqprBºo ֮m#QDw9z(Ȝ6ONɜ!r NJtK5X1F3?5py>*a_#Bnq XJ1{c[7c+𯎼 Cmg.)J H8=5IEG|!P|IP cnz.~8R)=1Xg?4? 8cc4ri;:N88H:<*zNA'5x7.![Go(} 4)^$w`4zSr)֙ۯOΟ(I~͞ ֤_4$FfqI o.<єUah>=J_2j΀zJc'%r1MZKUv1k},ů&?ZhCLchڳ80=3>!O+a~-iJ[b*8yɈ~?[ ug|]{(I';jޏq;;Met!5JM&l>-ZլixKIAy<8e]7ҽB? O<'xk4+)*ϩ=Mt/%P׵ a9 $Q\{ 1BDl皗n =AtMycM9HG^((&HS 9Gn˓<4''H$9qU}iʃ,z%C89ϯQ#|P3qz%?jnD=+#<(lsU\Ա[RmLJoR(}Lޝ L9Hl/`t9$(\zN#{搀>^^#R{V̚%m>ٮ[TN}#]AR\Žg\H7b^zW"GS,>>? =t }(+ ^0rSLeȬ+35/f {j¿UH\0{`Rl3R;gR61W/5xSBΗwO1O/8+30N'OҰo2cd JV<ZW u֞?.b7\[e0]y??h"Qg7qxǜ[9Icqz{SوRrA9ѫ>~2[B7(`Bs\ơj.`Y~sRYx2W1V/]ƍIњUk y<>+ҭ4QDlcW :#T~"0«DZGd h.C[v t\~0F[ y/;w{GmwCRleIla>NួRcqv#F3׸⴯.y ޣ>T5ȃ-A@(lgxz`wֹ eFF6zPt3E4kg.9qnJ\\#$nM>qڹEܬ$68d֥&UVV ;*${9~Ҋ<7*F\ǥtV3EU?.; җLPlS#VEb'%OqF3: e`[WHNA p̨beNQVc,φd^ƴ1Z/+к6< Qh MN=:4eEǮ:q\N@–(OCL<^d(a} =4&&:Ƞ{:ֵH ye!Qb[ߚ֌=0g_2 : q[<J!!NH9555OC=B'6t95?c8LXߨo9j=1*CfqU@L?Z}sFfw7-?88{q& T~5Wע[HMXV&.zs8OJCde1_gxAa.+eH庉$Seb1d;&^cOdzձ(O֋ a}?X<0{lW$Ko榸~߲ƛH/4HnoUx6`AF*"?6Rh k{exn qhFWOkki~=}X5 u. [+_;S\m`c?i(xZM[\IXXdER5;\, R+Ho%WpUh\,l$B0Uрt#֑!eDbr=׃~ʿn>>~Ͼ]l[ !_1A9<׻Z+2Ɯ1Hz p{u␣ T}}iv Rg;sڐE.2Ec0=3CsJC3IMgwzgySn84d';x;isr:cM8D8'_~ǿ4Y1_LRgYdr8m$+Y 'Cg?$uǮ3?{m $g``y$.;gutoB@x9$r uTq<Ҝ@ R[%zҳ4"e3Q2{<;y# 2\x` T'-Xҗ#+CaPIqǧSTe-PAiNo5r'~Ү'ǫRk$cOe:J~%=̌n[hFR=c柲b)^9>J$M+4RN ? ņO J0~k8Ds;xN6.6сR={zT8 HdpqS;A^QO H$8*nڤ\v4Ƕ?JE)nj|'sxK@G^oʍqZ@ӫ$mۃ9תnl>bW1X$ Gj`2yhVt榎_4:8T0G<ԎgFO\hѼ(O ge=ΝR瑻\pcV=CǑo*TppOתB{~o #:ww?yrm%bCִ6ӏr1~M<@ف0ļv>sإ'OJڢ<5 r@$pq=}0$#q\ װ!WtSںVwr9&&nݘ:/&&D"0X#qx ќb=]BV7;L=֨,P{pXwm}{O0im*$g?("p ;O3"9OS<ۚҋO*uF\H>lsJ֗MHq8?-K%y3h]r:n}YJ* ν7R3!Cv ~uPrz\Qq6*cҩmtb~^NWP-̾ZC˻Q ̻{q׷UbbEkp9U1PXbA, A8w*,<>^7p==h=ELܰ۳$(<zhṉ7=@ҽ9ll$e-q'ttf `:n28zҰf]8uhq^M ݘ`;k2~@#G҃NnWb`zV˟)N`WQQlH <hiJG?1*M]o#MKoETI8pn q\H2gd_SjmLrRONU5lx%{g;BZORy]Z@gv=oK&o,P"3|͖QUh.A5CJt*#H=+t/s ˨T8U\|!BC& _ֳ]5]ʥJp7nA =kfk;bQXGAA8n⧔$OJYz2 [>Zr͂$6>`[sF/܀F5cHf &=Ԏ ]eƁHp q\(S!\>~y'DRJxaYrLGmBw'&ۘ> e*Xg ף)Hfo qc\/ǜ1Viu;Afs~+&PHSO:WӨ:gku) Jz#OZ8RIusN1n7VJI6=N:]#5jSya3s۟oȩ2> .G 銆8$ɑIpD%70O/^= U3*6,-Zk9%y0<zchV$23Zz*$M$T`j{'0oSD%vm:WΑfQ,^rrGGI .y?,딟_]=UV6ѓ_6'a2S]n?ۿS&|;$`miC9&}+/ԣ?hAn57AFxo5 Uh};T&N{8F 9a?Kό?y[P[v2VhI+q #z"XX+Mǿl?w SGEĤ̹8QNp3+'\#ϧ5$< ~"h&ȭ=%sI'~Ts_I _Y⋥@$ǧʏz_d_|-61lfl}xI7,zRc7+a_3ÿ|Pa%o."KKv.d>_$);M.X,z^yePGMQǟeZrG|WrN1;ᯇ&Xd4Ƥ gu(Oq^GItRAN :;}9_ Fkm evZnW3osϿJ +j=j.59|?eFПq???n54+/mW[ -Xu\@zT*O> V<)C|{̮_JgSZx _VP꣒E~i:]ľVҵ8A,B*0 qXM-ҴWv4R)7H+훪ξ,O xi҆vVô]ZGcұ|W;oڴ>-#|13dW@9{{Y"Uqe# \ώ~-Q膬j;d/HvS63 y~?ioǖlwkL.C&d!9;Z{[˥F+, +>hufKmlG-v*j'mv?_i*>j_֛mڻ.|KX,v١L<9T$| j/bt:J{kcQIAIL׵|qq LmƈK3u Gxn~*xī {2ZDrd0ȨUFKmی8lm?'"5]l7KЙ\dFlWnK?|?yοeentrǑYKF%p~JV rA6PO$?$lKL06URqW1˜z֧@)98)ɪyg>lȄc[b ȲʂO~*y[+2Nڒ%Ls_f&%u{{R[kCX!ECmLheIMAx8@2[R "\y=SparIZ(2Ԋ: 7 wZi:Rͪ9p[ּ00Ƈ@TŝzK2l\TXtB읎a(Px5Ks),9#SH5^CnT=GB9&aԄPS4 2?JN3}(Bf\^r[4&ԃoe`;Ѹ9M$&/R 񻊋pǾ)L)$qހP qPQN Ҁ'ݜP T?1 O\v bO”w杼qj?M0R"F,rR5;Ax1k3+3eWcjEjUT7OqC=띚NivZpRc9\NƐJpI{B9'Fp:5xrxQҐn}] ֓kzԦ08==לw898?.#'qN۳o_ƾ,l=T~;G\ =8Nkt=|tbU(1z괹 %pv 4u Twu'mzmɾ5P9.Jœ$15:Cxo{9.{zV3;zY43żrO{KLs۞j<>VrcRe,+I U#Xb !xm)TUtOz뤎XW(d/ǵTrnBs8?h_e""v7GOD`~l^an6d v=?!!cAy鸞jEs ^ !v]k:y퍪9ҵMi*T =յf );X7n5h|ʠ8zf}C\Fx5=Nc<#yAX:~-ʍ ГIjL~+H`Q qrJ'XLv+땒d |t~+3gl =?m, Q.9?Cn_Dw,mc,6Uhwy \".6zmdM F0=?wQ–p[Ű<*dw,F(e8@Qj {% !69#P&%Nk*̬$Ӿ*N=4{m >OkYO#ҽV@,$M.Y ta89m-62䓎qփ3udV vz5d;ۂEtw6 PXzouu:g4UK14=o]oiO.r sh\H~_#9"<' C4-m#GP>Q'\_e$f瞧S^ǰZSFZay8? gpHr x c*q+gsrj;"q =t-Ne@%׎ZoV8=dR[>Kq1eV*[ KGs ?/I<VFgw*c2CNJ۳EI"%sА=*"2G1 Z\I:[Ol!Jڝ1W[Øqt ? d\wˆ~c0B+]#AU}>>>Gu?:R^3$feLk qÚ8K^vḳ=:T[j8 FA\M-ψ<i4𞥪%eiw3 Q^@;7UkJ{"4|#E׵(3 1Ӷ6Dui '~?N5^/6-F2MdӢ~M` '̔_P'?~h_^X|?eJ@4fi[BXzx&Dj;DF놾c퇮FjɥiZ!#6G_}s[ >׫3c-y3F|ԦZ+a|cv  |L~X'ja_G<i?Bcn_|NX:?&vV_5\\iV;@ʲI* # ef:Hp'O"=Z(pQ}C`Eā$qOP %Ov:WԼE l>)z>sCf!/.} yB5>:/_ǟm/ AD@OM~z< _ݴ*R$E!B~_֯m O ,w$Uކ_>e*(UHRc8Avg3~/4&2?FtKg`rk[CFd\~1jj? +%$W/ H(%%mgM{ѠB#E|٫;z v jo /t۹.) PA#ҾiMᾳe մpǴO2evE,G^+SQ-!P0hi>yYJ7Q'~GD]@5vv!aD1QOBĬaGk>8*R$Mݻ9is}_|[koZn{),e$d0[Ivrp DH9qڪpy5x;Q[_XZ5ן{-K,k92*vi䉝v?֥殮9&-, ]ƿzU9ژP;U ӷ nMiZ6R#j\t8(ƒ%89c>[J9@jzHI3[CK Ik$fYYYH=k'֥V~~oS6}2`.n ~Wdc.7#~(|9]`'cyD)(%py+H2ERLn,ݛ$ǥ!כ?4]7vW<:~i젎r'm9=+Le=Er}9 IMDm  g9 G'xGߌ^;׭|7>.֬kgBtp#\0Czt#1IRZ94d֓q9K6OaSj#(19qY>mF0͙2ܞc8]kI3I/xb9o{cNa? M?'׵ztAx8JzkN%篧ֺ-ݎW ?aǶ9p}ѭԑưC )O #Yٽ )9?\R…uLvNE-yTvcInK-[ sn$T-~vxG|VF<~5~)מEox69>t+W#zNYZc=3Z毵[ʐ99?w=MEf,2 sY #=52ITn{b3M5W<`+ U7Fqs\OO6`G\m»iRksUK>!^Ou}#\Dp,:c>e~=U.~Hc>Ht%;qh +[3ͫ߂Cw~͋9pq'rkS,nM.DgT`DG.fHv>ǒGQ&utɦM&3cIk<9^{F ~WwEu=L.F]n?f]A$\SmPbbÝZsk9F  M [đbW~*m?#t8*yWu y@=|Wp~`޼޺b6S4|g߂{⹻I ^AO|<Κ酫Ĭ%Lyz" {[嫫`r:g'ש^J:=H _5xr0T?;Ur"Lq =VZ}~Qwh<"?(WFk-j" >~[FxR&sHs-׏' | {y٤訹a mN:s?,bx.>]/FjL~>>𯃮. {Wt5V1p3`AeA d_#~HbW=Gbců_\c:{Vvkd^hB?1N0W ndI$j?J&읡!ʿ&h\ SLyO~EYRqU>Rjt3k4sL.\n*ʂy*`=+C BpP?+?RZdf (BO ~Zq k>fDR(_Hc F1d3nc xwIޝ.B K4p,8$tֱ֖i-1G@p4O:_ekzLJԼ9xa<6D*AI>/ǞhZ$vѳI;]NyȯC~ `PAE;'x+E|7U#ΥqqnGDl2a`!Y/itV|a$z Z܄\r-FY<@ .bGnMdH_VT#tz 9R.mFr9"'߁I˨9x΋gNxU^N.o'6c^o|oo~ "-inѧIQSgjmRK6=\q&{~ҚIJ_hCi8=xNc4ysO@қң s4;~̓)7sJ\2ƑsL,;z (WڔqcU$i|pG+3JO|c/b읧r,<?.EuyGX&hm'!uLvs 3 i#I938'FGYa,z1œ,A`V O:N y u@ҥLltF/oƦqْ=* 6zLߩ~T֠N= ;g$gۊ21?¾,hc/8\}Z7`R[' )*&=((Il u -&MJiyl|&W?c]n.U[\tJ7ג‘Xz8Ok&3Xi!%\OZdkU;g# x9$$yִR/Bܦ2"o3as,x2@n~j􅝙c<\zE=OtUƴ9{뙤rIWP`M8=Ol{C-j,,I힞J|3k6$㝀 gWG>Ư%keqDO_-W]I mzSrfIm htqJjMI (V;v'͵}jyn(]k%؊P. [Dh qn+Q{&qr ֳ/^hVzr䷍fe 7O%.Ku^2`Ӥ˲ga܅=2z{PlsNg0@>W ]<;b9G;dkY$Hv21U*q#c3FYN1qԚi)yj|$:c\[!$r+ߋz2oY=BJ >/E_L%M*dp<ԏoz%MH!lvzmw$o{cu7kqi [w q<g<`Sms7b-ҔY}Km (Hc^O64C(<~"wUb7f6]FrJ /9+UR$Hmf8!np&XPOG|ku-d<}JuM@1!f|<@" # z)ϰ+nn#`0zlCL >&G]ع(*˨aoE&NK '=ׇ\o,Y|@8ی:WI}m}q![I"8ٶuH(`iiwa \J XPϧ[z{khvDrbn?NW󭋿E-2'a7 4ʪf䰛G0 0 opYJ WG/7<#1LMc$o C{go]㼾{ &kƛR%,QN߻(O5<ʵ?¿Vr,9+5,oqZ.HRFyAA7.x\$Vz-jQӇt=RB9S9 eW1BE}fݡF9hܪOsT`IB$^&jI y\nJzT3kJ]ѣ}1Յ0:Z&HLt iS zWdyOQڎ:S9n搌{[N| q7%lt!ǵGg?g_پ?i-K)CmQDzt~PB~oHϕyeeR8(?Ew#g xωdwc^;By?:IB 4qxNN))ϿǮh¶ֿ8?6O_>i_V FAJ i쁤Y&M+X֭)1%θ>ZiWq3x[W' bX~2,sI}6pG@;Krtz}yt5''1 ݞ{Q ޣÓ{(!B,<Q{ g pq֚NO}EOPPZEiT}*3"2E@c= 2"B@W3}jޤvϯ9@dqqnl TDs|T  [ᦵ?m<[u%fڗpF.%Xe?:y+M-y.#vBod?2'#ֿ?l'g@Y~Кu{m:mЅmJez8 8죭k{S5XʨPˏ!6d)[l1W'$5.SW?4 \7hDS o4/V(* ̡-9Qߊ~tRiZckCmg% 9eqs+}/Ot(",KZi%v`OZm$vJV4X@>@OME|1??j WS񧇧3%B͜ XddEWڿM;םxgO#_|DӒ^{. Q B|p$$~XPt+Ҏ:w2:sSbn)t̂0z~Te9=:RHBNCC~Tʭ;#3׮*lq~t֓@9N-i&gv{S_49 hր;ӰCIIM8#4{{62PO=},2j4uUQQdA(B8cvH8:VG<6(8u:g1?ZiEim[^,ӆ^[_[[P\#vp[_:.YhEu-6U%c$_qPA*@q劝cx5%kτXI#M /=)/-- eɟ+TmGM't~iקPH]?w>@NiT \2*;Txs:V帥G_H~\T{qHcA9@gӂ* 0R2s_zn50~^ϩ11OQNFGc_ʾ,@1=ǥBsێ})$:olTÐ=54-z1GubW ٖ~09+GCɻ+rxMiƶo>@}<i5s%KX~p\t\kV兤 997WS*sݯӰwQ^na^mh}vz#$7(f1vrv)y.S zWF\88GOζw aaGq\osݣ5c\pzJA)ճ+.|s֑n ;J.tsXRP?15Q¨ps8i\G N{׏S ;E, ZҞJJMKk`B_*b3>9KF= 5#$$w;)ϩ'UZ6jY'gbz;}vBfK/ɑK3 F7*}?Z O_ eCi,+K'U#[UP|J[c;?Lא&mj{'4nm€L~@GgWoiK-WRRH$!#߂k:`>oɏSMZק.ʱ4ڒyBGR;*^\x^Ԥ6nX<-$zV_aDM:EkTwޚ?U:q;׌xcV: ;-)vg̚S9p]vKxXං%3Iʠb޼>[F—vyW)΍gL#9!{iҥfeWއYmA j13|''W}d:ߕ j33\*?ڮ1mC0r@Oq֩kg/D[4ňrzcڶvV̸#`>lZQRL pzPJK+U_(9Q"nn¾i6Ի-Z5TeWϯsΒwgM t}\it\8۽j@vd`,i:]ZwF IW <:X :sZ1fuaiII'3Y96=SuHs^gjMK6O,q5nfKp}=i\I,rګAҝs6RG+/?Guʬ'z+5'.g䍭ee2;A*૩O%ܟ'KAr܂ djo4OTWGsxnVE8pI+ǕRZeymjot`sm>D{hMs^8W9?$PϨ[sm%L*V CxgZ-hpY,S34yG'׍ i2dmGaS2FH=MF7IQC^m~ xuYŽͼ"cEPiX|S _O[H׭p$dr?H5:StmZ% $'X i {/玵7ئ8_5Vcչ+acc\1xM7kt;7_iTZu~DHiXI!s /4xu߉_syqi,ٰ}` #ڦmzpjok|%2!XG ta'*7fAQ3u{\)Ev[#kn>dɪ߈< T; \JbOGvڥzKᦿY?xBŤq*(k/eLv0 J޽;1|-zwWy2`+k可aԤ2Foj7CK忺jb 9Ҡ#Sz=F60c>S qA='p9ˊNT 89D͝]pX:дxb*H1D]OsEKgª9Zf?=Ah#a##Q}M1ܜ/-V'|@u+1 Vٌ0#^mc7'"Gei 1 3cffc5; O#:umcf@bV Bַ#m? o}$qkKź[zNcn- 6VA~$'+;A HCZj9WiFT^8Z$ŷ)j6ih>f:wͦI=z(=v+N=-Jê9"7%ӧvYrY"zӵ.?d2~` z8*I-,KheuFf,Rt{c uPA׾# @% лsy\jSFڝNd5MI j/ gg2FzS𝥀: *9XMlRwHG;@[Hgi^ɬhvyg=䐞b[`;vCȃ;ZlF>\u3E,m$hhN 2W=xz=?TAc%l@"IfܢC8R'n5j/<ګ#.OO0ƴ|EVmF4vdjyy1}8tt^ח>` BLׯ{kLfk{t{xDw@mbl$ju>zƳYYPO' ^+ j[i]/g# lE-[׈t6A7fLxJ#m*;9>M$5̚K $xx\P 0Ӈ*#8h7BYRٳF{[wl0 swkq6=Jx&RH Y]W. \i:Lm!`̤2YU-5x"6ua@۰hRFht"p8Gc5=°HMk ,RmH13Wx+O=V-SRؑIf)*WX|FQ2E1ctSC?Fsqvy/ռϥˍ")#Kx7Rw*!9\[FPc[IנK0][ǜy"θzV%1f%`k4|%2abehcO^wy Ū}VXMshG`3qkxeč#*A ѓಂJ 0WZ%fڮQ;i%-0Ǫ-m;ʒF WtMþ=W6p y$.DC.wu-T)'^%c)ik=~p;eB$zl*Ӟ[}?R0YI+lI$${zY~%դ5kx /rrGFJ)}:cj9 E'H:a<0lȧUHnJ"Vb5qAa!n\BO($ x+!v2~v#'JQKeWSR|?h_kS&?,_VeaGt,Ÿt`STTLR4ϲݖjXC&lP{<0܂=#o^Ӽk᜵><ȤRVH ̲j[:Feӭw/Ii0r3Jg_UBwUM_R ]i?>-}n11+Ih|T͕ AbO7 ' KVΩYܽĒ)f<^l`ں;edv9T9=־/|#ivzr@nMU{*`'Z+v{h̗ڍtdx$VERJb+LXnk_|1[OY>!5gth CHR&UȏσY'a1BF:gfj6THkIz]R\ǙʲI ##v"8p͜t:Hth>^ɦ^K[hG,7ƿ ~6jO֮n[/4~myH9m/++=OB7t9Imc lyrr{UС& eʕϸ<#kL%N1 pL:QsuneԼȯ<' ;HГO"ժIe#Ks=p"QfE@|c ᆅ&R7Wԭ4 -fBVH3#95?lFm]$GE.+Ԏ0Q]ݯddOY&v.[iM kÿj| &ޥO²V«na` /ŗ_m)Ԍ{r V.spgㅇwҬ ."*ka+cSJII]_O_YGlguyp҉xpF  9^OM<{kZ}DVhW p9_Mgğ Aqՠsbk%Yw|8>$n,`Q.tM_Gm="=چdV $/)ao؛?>,X'~$hGشѴ,wRA3` ^xSM_-ckh czƿ;)?iFmKEu Ԯ<[El 2:+ZT7\)FGxK^ҡ6{uܼ1*봐>(xŋ9mc-4E[)p+#˓aj2߃o%Ӭm-ݻf g}7 b Y}?R?gY-vF?P1qDQQͨ| <nnVX8SʁGN`y5~7_/OM{x'YR*۴^g%W#r1W? b]kRVmC=3| ? / iZhiҥ;YtzBKla .yJW}?ςgÝ,is >vaFXGt߼S_ǩo@ 3 2"62ijJ>q?j3z׆4/^B |IdEWMAvDc+(;+ECҵiI+'x_ 0J/=1KխA*sʫ"e{@DqUUQubFf|^.Oj.d6km{`r.2wg?Y>~$ri:ޗ{g[Ko+wY"O&7Am i#ʓ_•vPǵ51s 7?9olc 9”@⸏uVֿG"--64-Aeϱ|L>xĿٛŝiIX gm e@r<vg f~jvY dÃ_QC#?n^lV]'h#l{x\ILtTZsn_:{SV}`U/[=??+#ךuJw<\A%eU`? UpJjo#MGLu +b|cZg_jx$a:ю=jB=N 4q?Hrx2F*fM#<M) M'w*c|?7ٲq?ץH֢' Fсx_cxr+2v1ާ$)[<ӱ9R6̀cgՠ&LplBUZAm'iHxa2`'?NAreFXX`x*M~CY[ # w3ߚL["8Vw=I,txѴgĒ8?6&"}+*5N|Mmis,ή1Q޼݄8^$[fA]ö;v-l/w,$zw:2v݉Q^Os$:e6Rnq)qjIXL~_'[B `='ҽ}ŵ=l՝"۴r9w53P=XJg)-p'i 9-] ퟒb9b\M3_^$>'/.QN,2\LRl~םxǟdTx+<9qᯇ!Gr%hYIaR2Փu,X}l<yϪDѐZ9έǾk<%ցmI>ף܈VA|p@^[j֎e/gj3^im@ȯ6ֽeWN4ȯgI,gMB'җ F9Ěҽ|*Ьd|Mp~q )8W|9K{t{ wE}Fscou\rHwy/ LdO]yO6mFӯńȇZƛ>xzoD8=_uM?KRmc,K^$sϖP>K{'?yRDۙeI/ORqP^X]߈u%9TUYᡍ3Z ̥GAZű ^ׅ'. xN@zF~Nw8 _Vwqs$dcdhErN:0CӮbo/.Einr#/}k׾)jw?t} Z;H5%x4BTK9Px:."kmȷ3Dy{aexcR8dִmŦp֯q ArA[&1s׌xcăGKNDVZxK73eVuw(c`9o*+ew}cr%`MqiL;fCV ](m~hZOt-C]J?1eB褱]Skg4Mj_ǥ[钴 "b"RHAbUN>\QͽNA<%Bԭc(b.%F *`(e p@ 04'i{&X.Cs^4%ՄBSaamjm+%ղvJɯ]X&{, ' 7t&vs^N6zG>t,k )Hztz [nE}Jvkq$otɣ}^0v+I<0qkҴ$SM!!M홖§O噝†=Bk/>ɨZ|}yR՟>A=qtVy<` Wܣ[luRN ud+$|>[wk{}:d̃c]ǭ/H}u+}V9yߏ,'nIbuRUL tku9G^#bI8abT@ % T#}2 gxnr?!ڼC| +ڭ]\,w'>3\iF}-фŭ.uc&uu *d%Y|eerK:$8τo4WT>}_Sc<ǹ漳_{Vէ|Ai!sid"ʠ6=As+U9mv#NX_q|F3kɼ?'4ͳ\uAI5R5DhB@3_.A})˘4v$#$dwaG? T5o~-|*'NrHe<{(5ӟ 4-XYUq ㉚0B$A\؎#ji:"`vRk I_QeXz\+.REJzŸjCi O`JS_1Ş%A}}mov^@]e *1[ )ש'yI@Ιa32\ƲZ~Jxŗ^/㨭Ko%{k)\G(WD`U%W?/Oxvmq;yp2q,$~]/CмD`}yl LsJ|!H ^YV?ew~>" ?RNo&\o5Y _iǂpF_pq 3=z񗈼!ͭxOpI"JQ7o BR||~խB[[ BE8RIg`q`g?ovc٭OICʠ8q`q#/?ž{k[ Fak B7;@s2V",99I<_詿4LQ sUG6k?`_7ަiWN[G. 4Y3`돪g?ISOYs1ɯ9ysm:OF|Kq(Ėr(Z* uAt|SOٯZKB[ɵ/PfL!m;XX۷d{UUKu0x\CiduX,($v W'-_|IF_h5$F_CSѿdH>?[H+$Jf9fv,85mBWZ_YAIB2C4LT*BHqj/oEֵ&HPUo:u * ?2Bei砬\w+WOߍl~>[SبRkľ9|컫xCz'}Eg,M}d+ZJ $,~l _-r{'߅.&^5$[Μ<,sD<ǡ4{I4x>8d1k6pĂ1Vdt;Fr{; 6 dDo8Da5bQEVqx5ytUǜ9R0zdԃ9ϧ)fQq=(sQO=Osw2[w*K`8Rnֹ3FxNlbg?E U<3k^;fQOI!QFIf$; GhAw,&fRsu6CI.|GiO\+/>8⑓yۼIJ03۟jQob.5_ ^Df'B 죭x#ⷌu5'\ylaI䁌qھj_S>DkH[{$ߐBX~Pp؃II_|?,57Rʿ06y>f\l GnXS6McE`繫[ =+ wO(n}WR_u.K, f8L˹lg⼿gAu~&u8㱼m>tmHنVM7?X]m&?!R~W%?Є9${W89nsG9os_]YU.jKBL%,;A;@xNxΟ?HeKyT;ѻ3hZZ5ŕĒeh * Ur6GrjYQ"V>.K2FFybO_ʮ[VGC#:^ "+xُO|+HD.@b1z<=\Y7/C`.=: B}:t)ciTfn>AyiϠ&f+[WaxB|'"2: חae{}#`^}|eby!peYdʲ@ ݏJ|KoewɫVVE@qu7-V91[!8 Կŭ[<;8%q&T.Y˓ϟԜִ`&Fkq.Lom&$+ oC9V=:WSOjandlҺu{w7PTS_(| ]\uB˟$C_ [յK8,<ӊKhgEQ7Sꌐ~(5 _?y ɕoڡ&Y.--Ť3“UM˩w3,Nk}a}=|U+'ԐGYܰ<2FBF<F8fG!cʐ ĒzWxk—W>0#K"X*Aå}Uῇv+Xz[_K<(sGrkg_]>5¤$1(lH`a[I&\>cD'n[!R~V(g3kVF{MR?#\1ҽ}:ӧT@ޘ?)GNr+OGGXňY H.@f#۟'j =]aw/"3*3NϨt_ʞ"r0*|7Qys:6Н'ඔbX1`WcJO)~xRyݰ˃-dc8LއU6/N=9&h̆bf ySU#­ Gdx }S?mB*&A@ C-1'b`5嗁uUk?\ICk),d:\Ҿ[º5ةI3,ϐ`Hg3HĽryz|UamBz+A ʹ FW6&+Z⍵ķ_&G '%Uz*خKǗW:=Οg$B$QAe#%[}^'!) ˶ܜrkOtVPDI?h+ VMG̹QGڟD5(WwWO ]%e~9 ?Ƥ"Qxڊ gv^&D@H_R{V$*%]sdt0NҦoa&4 2ģMf[52ؼ{սs5)7;e$Jtk׭g TF'J$#78t/ۼSOQ)um2,d [IoH!6WKRH k˧M@Hd턈h+ Օ%i 1ah=xX]Džm>Nַ1b7ZoY%\*fT3:ߎk-e`k[9' &8'Qֻv]3PWiZˉb.DwGz2)wB Z_YAHcdt\sKDX۶[05(AIzkpBvAF 烑ڹԭu2"ʎۧj$kP ǫd'd 1xwPQd ޣG4N2HAk#SykKs̹/O qڙXi7F͑PGm-o%eo;;$CW=y ۛ"2i顺$Ecg;}<Lg/d9c@=?*T+;-Z`Dh rT]_]i[(=r0{Ocvq50cv^o/`ol"t .3m[{$?y)k$ygI5,^uK;g\󆯸<ɦcqQg9㚱tYLcUw)44MJʪB;*r)"9 [|$~˫\+>rj9)T 8(~jJY0 Gu)޶~6A7_m|!ŠWv>Q1 ry>Vhʖk-' \.c6 -c^[$*@+ȼ.?IGmӗtpsꏎt_6SX),iwg8R.JIu{o<$\<ڞ1[۞ָ<Љ#G?# Z-v^o./.Y%V+'*A;|wBDߛi. dbdY<^&8uv&{w'iDN)FC{~s 3\J-ݹ _j;əfԮB =s]Nqi01]+5T̽o{ *2ޫ#)S=)xkﯛ%$z 5Db$a!DPtUr1S(GҮu%i;ij00/C7Ve-]<N{ӳj ڼ3m o!- {5k50U#H 's!]ϯZ ?ǿ.xG[\KQG FOOx t =wMbY-B8CԔ"b`"8D<ixcৃǂ'=ŗ%k<%qߚDJz`MNƻWM+fk^ @ltB6DKpUѲ5SBѴ i6iY k ;Vu$̌@PT[3ĖR;DH$frq~1~zBtDf!l <ڿ`|<$Z_͸O7>3_Ÿz&<,V=G9B~=F}Z˫ HD=syRxE]\-d+oF)Xrh׭|;xSokUօGfS"Aɇw*5HԆ2E/EM͆Aݔ:)f  +EipkWXI/cCݠMSP Y >I~,x?tk ?j*Wjw6exrx7wbAg cL A'!ӯIb@z1;P{[ǀ6xPx41d1]ZNz9nQ$qԂv =Zǽ.CkvpOnKcлi57KҬ[RX#N꤬a,x(&;?O6fu {X"\m+|?;d$Ey|Az{[O!P¥}A<0'SĿmi~(f7+UJqRK˯ٟtrOdIՀSFpAt6s̉&CĺOji-ߺ9ݒv_?f/SDK'o L{6!!Z7&,d߂KD6-d\@oS&ƍXگ|9W=$h T|NI7c-΋Ş8~{9J3O&Ӹt_vRcM}0gۯ֓TtRq03g&8N8NA?)'*2@_wpX_SUqG^jb@3`sMTqcVk g9ɨfl>SG=:8?HGqu g뚯?U{-=gwO"0bPz+v^k:v=ض6/ $+- $^[,i`ԝā9 砯`ZVy6nVG%ihuafz81C"&p,1.(=ڨijnr*l:cj̪eωJr_Ju+I-28ՄRF&ؐtyi(KCX.5ʨr#H>Ƀxf5%nY2~m͆c 譼bG{yN<ޞ=OAԭ-Pm נeKN\ta8|*9x#Ztb[Xi ,Mm@ zΓ|HY#  }Kw3NOَAaEeiE4yְ Σ໥m"v$YDh*4[?Y\,?İq:`PivwmQ=bv &16x"5Ne,ṉ$dv⺠ݏ:+3SR$ E9qt?2˷wnfWJ=zҼSzC6 ]TW4]L6*W:yaumߪh,OR> Ⱦaz܆=۸<{Vk$=t%%Df84kimcvqчq_<]cmWLC#-̃<Ҿ7մ{=n%ġWjkkg-]²ht^kSRZ;%= 8Px|WxU \ib[k#KN\[[\o8\=Anz&mY\үSPh0#8(?!ssڼ⧄΄fNnJAP2% 8"6lu`*G#xN{t  لW9iv^a #$k#n<z5śpy#XhfmcX,1=8\%A?prG>C&N])j2\grMCv/DE[d{tun'B9"^Enek%T1+'y}Yé $Y1^eVo4k{hg*}k-5S1%7d߽rWVM<#0**PCƧYs[Ⱦҧ̓;ZFGn 26AY?:Ʊx&&: -ަc713s;vƵd2[Nٹg?뫸"n0!l{5_Ŀ/x=;QGe_bDcW! uImG)VgU%Jr0[ܞ8ɪr9M̥mjs\N^:.f2eޛp+ۿXHt%;@>E qu<>pe,ypnǣ<Z&2l*AOGv5ͫcޣvߑӌW# ']akdZ- s%Y9W|.Vehr;ZK Uv`Fx<?|/|d`!KyԣDVB7qqW8KlsKoj72%՘xGˆ=V@ 4Яn/[M`ǡQڽ~!O:I<6#Y1A'pm6Qx;;ɡy`IysԦmAi͡ qk0džC0wFp+幆h#s({랷KYĖH煊Jޣ #{={Zlnϭ[ȋ) e?ⷃ?=2N8^3L`Y`duMl;`#ƺ=c|we#"0g3 F'opsR*&ȧy <҆+Y'rO]kcR4[~+|>Y/P#L:aN9^{/(nxMP;Ly%ydc"ȠH84\7T$-@k3y[yiZIxA2Eg }+ M]1ë^۬ vlj 3*RHum_^5|CqelCiaOy (?2Iq,kY<j^/nMwF÷s\i-aFHۭ7 Q@wlxOgA|iۭ*t=ÇyL$e\C/}9:i+cVV%J<}ܴ,x?+U:n)ǿm݀Eyh? |5WM֜DH)m7)6n=k| u?ϊ?{߱wĹ~#|@3^ i i$۾V'zne`<_sxfU^k9UD'k1pUARH#|1# w]qk*xYG$$t-)τ x6ψYO׮䵵Un+G8ʰ-c3mK?k+v.ejf; , h=|00[u8ks4)$+ 䑜H\kFO`${ @ʣ͂{ P. y^v{X3dO{ߋ? ~"xUկ7D.]Rq NW܁!A'?>~̱᷊>=%V'c  ?w3 p#0>lħHil_5]UbI5/Aڇ~pI|J|cP 3m`3`+X($į¯]YXXIeym[i{גAn#+lr%?ǎMΣ|<[\ݭh!~i#f8F(īK? eSw\tohۣyvP| ߲&7< :XGa2i[nN7pH)?ك<-jMZ[P؆јrT~+ ·5vV0}>bx\~u~+Z7<]GI${+vpxYu@0XxKfm$w4E4G]20T 8C9h?okXt:ai?cRӾxMŭK(xP%ڏGTL H(d$w}:π<-f{RQJ@@f=[CZ>7^i*u˱~)wԞ?~AI?oO=;L5vrd>]&$m(k x`u9,xfPVZMfwHMm'KNIlomo"IT# / ^xRZ,Cs4+c ;NHAOoI~W>jrMt.mtCh{]pVx[~b5{=377\ M6[h$$6vхؠgjP;kӾl@#Fr8'j~/}ĥ!z1Ep:W՟ .;iXanyr3)"n|`|L3OX_H*B9,PuB9ngFŏxDK=kq,у$I~$l~@pW ;62\>]gWhK e[*r Mïo<S6|˩OpY8 [ܦ⿲~ ieNR6䢞ʾ`ӛq=i1TJW!?RO:~oQŅΙ{N˿fX)9*@l{m/$5;J0u[`wۗF6Y}jN|T:0 ~i:]iUVvJ{Rr3W.c[DƴtxycvyՆ~SWiwPr"iR"d*r=Mk/Oğ #6\kڭzXKgrI6X,'׼Oi/⵴pH.}H;wrsֿX8P5EGV$[2Z̳`S?o|-uFiէUJdj3N{Z) GRL/^#W~x^~=L-ʩv䳹ڈ9gfUC V&՝MFw^$Ȫި@ 1vՐ8~ɝJxԥkz ~? ?6.4/˥^*@i IUIF2+еHM CÕpqh  ɸn}=Pp?#A: \dA<׊GҜzp"|v47'ҙMI>_Tb5l{ߞ)I=s@z}sPnܻHt_zUc8jt+L۩֢ `r1lѿϕ>޹溾r O@j =FpB{ :ac-Kkr)`*A 󞣵wC%f{x',}5Œ8_OһxQMF:Zd&$kNvgOjC@a@mFЄN2=+e#ke K-yMqd܌2=n~yW[%c :Exũ7o]n ֳijxI#n|nH {E˩M3-nd(';329{Ww|Aꕸo+I6D7G%2k,_CkXVeTThGf,%c+?6"5T[ ~W]^<3[$ #pXH"z:sW:GFM3""ْANi Y2NO}+kZ~ŘɎ\|n'W ]2dt?z&zh=Gz:3E<# >wS_Yi?hAw,c5hkSmo/@bI.GRg} uXͷ  _Z,:s1'X|JUۚe&H.NHOcּ?tI2nUA9w]; ~z%26 !X$^UeaG9˺.N=;ᯂ_tkS\VdcPWg;\_L9) +KgW!ҹը^XB( ==3Z=W)XRry5 \c j:˻u8Ep^1wy!o7$G9cr*Y."Zr:Xo5!Hnc5^4>RCymeБ,q_jF>2spvqxEg 51v+OKcSnE.{{- ƺ.hJ !fdWY,q '_~%duQ.̅QW04q/~;%0lEVZmIGsm11Om\vpCX/w&W tFG+)OӤ8ۼ$ H>SlU&M`^6yhw-p2 ʞ֪\j nxft\a7c:ĩY\G@4ԞXLqFYTĎz".U8b]9hشno-Uٟ4|=1<([准b .ɶO,*\n9?kEѼ9mk\NjFOLFz[{GwdC'}cФc۸ čwJ$bĆPd8ЕٱCkU}jZF=BK;q61(=bmX>`QN>.>fc+-*MpiKyĮ/ֺ)+~#CΫZmdqv*o63 øj5/[au#m"Vbxp]1ڵ5Zj]km^2 Kct+?b}A[Vm+ču; :]10*@KlV8)G~ݢV3Ke+Oj͈H|p[lI-Al,GQIŤ1R-~`H\)sSZ#jO!6aչ t;[$}@tȮnIq4PEp]z&u^B6窓Z~+5iCkVo y119Wm^^j\Z .ze 3չxeo/o,%rv>xgwsWKfP ,D:"cu 5[3YQ&6޽]o x>ָ=lyvd,. 2 ` X'# XoּkXbLW~V7|o ÿ}=ٻ߬,~GWFB)lE/LokBȊ1o7ViKm4 V(m%#8>xW|!+0g)pH+̅k_M[5e!Gqvh_Kᦣ+hnep')䫩*Hkƿ&Oce(&iq 7tLrF ~x7~mtxIAV叹 Dҵ ^Z3Z$V܂y7-ͅ;lCOBimT@/YF{ɯχ_->Nlʣ ?*kID.m<-of,tY-4E3,Y$|nvPxUTx#E; Ck_2!`"q 4 ~_~#ڭfI fg5/~//ğrx|wi4R<9Q&Tឃo-$e=sPK'z4lU`pW~|Lx+M Ob\Aw2+VE',4rCŏo컩ri +HIRU+^;[KNZ;8LJdpUCu$k~(~߳ݿï&mFK!#ڒ h݁đ`=H=w1 w=Bs` PT&l?.i׷Ql'kk+NY&36s6kPik4rCB tyj?t$:|\#rW]7-Zϋ4t[]6iʱѐ7I6USI;n}TW?Q^?-߅:oM3[Zt^}TG#{W3Y Jdmi-ψR{:Hcg71̛;?(Wskoڼ,S[RB@XaPmQKq%bZs=&}0\XLYM3s%19<<=&-t] w8sVrm7GnYaU@OR?~jֿ|Yf$=H\jAlBH #p$Wlޡ%Ғ2ď"ßcivo,vnc)-wÂUHIv[u_Z"[tvS@=9s_u'zcO>nʿb:PNUB gmz} LW|Mj6`8m=5 c h^I>ּ7?_j'F,[7fOvHBb=ǁ4 F=;NXOryxK U&d6F2 I+<ͦ=aquc} 6%_`$RL_s*I.6^I¯vuo>K 0[gHW\GşmK%tMϛ:E u#9 }QwziSOG=v:lF+nS#IѨ'`:9_At#mPDfJ×HS5g2doQT+"m,d8ydt ,Y8oƏm⏁ڷ.Β M6[[4[ "r0+Mxt~5%ԮlIŽ[U&BWy+jy?-xokR$^LZu$s#8Q@:xևxkVN5f6@VRJN ?| 5XKO-_}#%KˬC҅d>iu|.E؝]/Oˁ8W?3ᇁ]Xhvq4p(i /H].?Eм)g /89ަ,Znox'VHRzjXq?~#؟%ܛ}Fh;ڟhO~>%4˛_iVQ0\P8_Nq= V>.~7L|IM휌[J + G{?h'06|Lwk#ymYb{~_j^(XieMr$L4ď1ppUy$tԟ[<nBB^&m (v+6gJRixA>͹Ǒ_?>!~ x_Ş)Sn۳ϒ0\\F'5c wP6,1s;q\L.ў:p)sT`уҌw?F)q2Lʙw`b?_~d-9zVAdX8Qg O#+Qb}[E2 ܰ"axּq}%Vc73_Unw5>%͞\١E;{P~ >H䎸ZM\0:\XxwMyݭQ4r !c,@f9Ž95ڀқT5̲1V-;#Da{c$d梺;t^pho$ *7ɸ ~i]@'  -)P6<dcr8z>oHԧ^D,謑O\UtO. ^GC;tVn4j[e#XڱL yL{/-FdΝF0^Fu u`S>PN}k,^҉ .cgϾ rTLMt85QHWC 2$GS]Ω5V|ZSx`B:5$B_OGE:pd&r3v{CKfjVSZ#Hӵ;P&FlMnw:{G?Js3]N?JiZEFeOWt*ĻF0ֵkw$qNaU?BkJ;R.U#;<ϕY=8?ZcD< H km% >R)H;?jiU0Re1 ZcuҒN$F`Wop`Ĕ9v 1ר}Om xq^A:GUsҴ/4Ž ClZVCmfnvc<=ּQ2342{p[y$js.6جQ#F+JP6<=%iCnf6/e4tn[G.;zT"؍& V32G$xI#ka\ }G!_x=Kd]]%I;@QTZi`:\}+q(G3o#U :֥{m ggɮB+U%kK +fL],vXhF!Tjj,tۋ>2bEg=A$=Nx~C OZmw B`EzO;\E=+ FV~{k֋6 EnaBz1 #߭zo@It^g7y?180@yW]8+d_ so+ >^"WR1$Y"v:lI5v Gd==2jI y,YKh]pq[fIZ n=pi]"Lqjn `Zx@o w{Di,Y9uƲg'E;Fq?ޝ(g.x#Ӷ89?0FaU?n߂~?6Oocqin΍;,D=WEĎ |}?EimTMkA8VU8euOR49,"hʱ+r2hl?| _I`uV˛qvjoUԆFrB1ſwo Raqp(bSMd=N+k9FRE2 ES4}#MXçii{t*_ 韷p W̛N\c/ xG> խ6nZ$\uʷi0ap[v?*7vZHNVot ɵ v:1$QX_k7mkXWy}cK s>8ŸjO3ip-Ưq%R,'8٢mN~z:,_s3h}!yױ]DŽlƣmbKu$"Vgu'7| i1:ψ Gf_}a<45/ >#xo54tDloeqp^2U9Z@{y/<#; ^v#[\&{0'7VڟeK%fIY[`Q_|7Z>뚕Ο}{kإ[6R6'`IQm= W~JEDfj3kDd̫nQX? мG^7]]#A#@c `Hcn#l.YWo+0N9I/TҺ:WL|콺K![1#{:hUEGƌVFO.<3Y9$5!<,d.{5l$̊qVIT#WC6-XjB;k^~6x{rVif ˸\Y\ N2nJ~ [|=I掚ϋ!4_$Wv܍[?it8h߳;[ᾶڍ-.t;f)$tV2[h>8W^(嵭廘3ܫBHh$uG82)d`櫡inw:v)X&d`2y q⿢w -:ᥒƒkmyo$ELl iZ"?(}ㅄ.U×)"C#Ze|1?g]B=Yim`l>n˙c}:d.w. v=U>!j:'*V`CNyO5+mXWgxcoEE|<-4kgksilm/bwd88`@ 5UsZ4Rr'Y32Soᨼ} eY 0g%{rk~Ҿ+|;)4{ @E̋˳" gN2%mvlm~3{%Z;{kL'xĺx_4&?G<=kP`?i7h>1оϷ|ւD qA'(Cx:)\:ı ?&2QV>|ipx3Y]`+fYJRyq$I?7R~Zm82] @Ƕv? pzb$(Z|44Ufm8 q5j >1xkzTKqln#x7 kuJc___xwh*b1i6B2 |Q7M:orMЭ.i\窈.ppJJf.pzks+ 3pJm]Xڏᦫ>v}b'lۼ܁r~9C?tSñXM\ܭĢO1;Ghp5ԎUճy1c^hU,RෆuׂHjU$u{G/ l<0+f0|?|W7zx8׎3Oj\4Fy>`<*_3֑R[׭Gɬ }@|FO~OoʤOsU;RN9=Dz~3󦎛At.IbHq5Tϯ9 lojNB`8'8릹]SiFׂ2p0(G8YEu^r}*R{wR)܃ZbHBr\q ]֍若\^^x,^2x xCPKa_&#RaY@lwj'fzݧn-|?]c2s׸vg]/tV6(3+\OaAK:+tV}ŽKel~jq6בa3Զprdh1z OSL[PtxGl]i%ՓCD1Iu B$&p<%s[Igm ѡՙˆR0 vjCW9Ҵѝ#egP~hT(c cQXE{6<I3;@oSl<_hzwly~k--6W \v<םY7{CG9b2ڬc$Oa@kx^-[͞+yYpy< qk6MVS&2xSU,N[ZiJN?08^֞Xb&7 oi6ǡZ K'0Zܙdk ȌN;0`3F;VPXmV䨌]kqSm6$R=i)bBXNyD06~}Ȥ쥹*\.yOa⼊M,tcnū6mC1J,C&'`+[PƯ XĈLp9=k_fѼqgԖs۔}mtqtޱIᱞHb̹U^9Ϩ\O}mn۬2\JӖ*{gZj[V+{ore<1ӧ 3u]X5q=YCGń<Zi6R~XӮg{$Yb03خgP)}nB,H'v_OzۗCS7,5kM&ЮuOKd LG-٥m,!o,lg ͯ|7imӭzm4sG<[<"s9/~"x{P"#7I8nD,=}뗿J&yaa7J|ǒ9ctEb#x:kVR_jS]ElZx  g\K&YC3޴|]?Pn|)~l^ٖ4f@ŗnW\g2O|K 􉭵k;7SG{iTZNIxnC1$pkgocX,Hi˃W"v:6o>ժrC,*>ջt/UKzSpȽ*W9 W'̆];u} ( \ϊ(c_H~nm;[~Tp~ >$כ?*-.s\'s:BQuoHDz& ~<.]cLZ[jv0鍣di{*}ծ%rU8nGҐoCR 8bzOV"f>lM`m{j,&h"0$g#5cg<tex=2G<۽1&#s0yv2797׾6oLg4 wׯȶNG8T>/xKwwo!";Y?(&C'BkkGUҎ!Kw Z zX\J=<Kޙli7T\OoCP}95WTӧt5 4jXeӤ(%(20JùH_/麊}kg/ ^6|UKENNB+<3:i0^Y=#5; g«uFЫ9q_~+U߅Ded: R1d欀~uۀ<}=7x|ܠfm¹kh]lA۝U2;⾌M/ZCᯈJHTmMGA c=M| &Ӿ|5-BXd]mxYUUukٿao ]:OY׼eo$e2lНk d9n9l+i{OpៀY!Qdk}:. *;eIWxuF}I!KpNg<$gW?__)/ҩH x`M~]j\Y:ƙڋ-7kS0F&g@<栉-],uoxWdT3|eVу&Aq'J:V. |~{0}3P9K ~1,MٲIi4?#ۺ 4l6pG k;h|ՖfeF/@Ò;u&M;ZV[&mL]<+p+/ۗ?x=QƉhF5 YcOn~d~ ~-0Ӫx3vZDWw0" 3$Fv*{+/|<[g'/um3Nm6wtnZHıIbU'x)S{g4O A .S5f!/}t~qMҾ 0K}u*@D2/Τg#ҿ/eS_o$ bR?坬1=r{:g!iw_N]-Fu]2|ivW>Phg{ `45r, %Pwg '~'N ijYR ^X>x?_}_Q2w!#>w/Ip3_k[ 1F DAUN֋Wn]ůX PtV@cV2FR$_w7I/s7m}x (EW-)JI J-D=x#47$bpAJ>|\/I~%cOĺ5嵽ѷ\ؘ &(wLy^3_ާO t4*2>:jz.})5x~okŤleOOҾ~Z;;c9%{g"ܠ- erUҰ&e itDΏ[;כi^7ݏ,v hTȅ53#@t 1b-q^iᰁHɦ1?B`s֣c#hǓҚ ݂}y'pGj*iqG)HdcS1֜qא;Rm@~"rΙϦ8w(89f$81U?Ov=zT{qPz('9N0 GLұ` *2A#t V`#r 7Pp3{TGy=i=W|Xq8u1> 3T~Gqԓӎ`).9re# ^JqH]q ʓ߁zS1^=PgקSLwB,,^u'&_Dخmhb9<Ǎ5˗![Od Re"9b&#uee>`K 22^ǭxFl${ǿ~\o OY->oS1$HJPyFcJRY_u bO̦Q${_)dILH^V2m'c]xAd(ftuI#xH?+͕e۷*:"8avX\^D;\ -͗='sv51:GBi3SZM&+0춰D@C8\B +tF}vy>abaQ׎kٛJX%YM"e#p:VeQT[M>! $vY^mhj{j+?ci4W:ɋ}EoWj^g#$y[1רk5doJNz=}K[B ɑ̹X#ѾZIg{x(D$Sbsrr0jVxSNMloRTDBQ6m:zbN O-)?w1^̗zd\W&ՒJg `sx溩4yғL _fZXrYX.1<֤Z|;L`E\"`gdwm{~(-Cut. ֐+%789Zx/5gdԯ8dmFA*ѓ#"$Dܞ_)*i{ׇ,W"5 vWkTHTs#0é{~3OCFY3`svCں[-in|Efbwln$_uHQ,u;Gm,@  m'G&v#MU|m6?e$g1ē8 c'^ͩ^rpI#zbUs +_:8aDkJ2Ҭ,`mb+5hڵU̲U U|x_pbjou%r,#~eU\B)B폐>Z\ZG R /('pɭZ(ӢCwgM[_EQv咠^9~[oe,o,cxg3Ě\8t[اy?pnjudz^[@y۩T 6[z)Ҳ< N" ]hMJٲ kv;G5 Y Y//5G;.b)≤BуFVu:0maq.Wx`en^WUUFE4<^0 FvEx|̂Se:gZ֦Hf/}Otcc."G'bioĺX0F. S 8!%y-ׇgu'a牢̫iqst'xq"(%\p@a /^e4\~R xwbyx Ie哝ǐ+/B -'w獆p$2Hľ[b9n~w$lҭ$o9<82ⱨrR SËFؔo0,K#CuFk<h$Y)BQ*;rA^ \Y[2.űS2@P׶+-RژVa T6|67ACP@lqRYUY2IZk8 Ed<W_:^z{ ?좓_3܀p+_qgSӯq|cֺpK ?SFdy N)tH {Vu븜 wtu uKMmaqx#f{rG}5($-~Uw %ƙ;ߨAϵwڽ>MƠ^D<+ټ?UZ&ag#+upOq c#$PQWcu,6%ϚO _f xN|;{m>a<3D.2 \R?Acݣ=}8^}WB֚\ZI v{GG5wV{XnU쫟, #`^oq]B C۶/mo]wo]|>oX} MEnBW>ٯ= l|A]E6aW]X敪V7<+$R0ҽ81JY{|>1$Ei{{%*|'W P6X<{j0BZ;v[L1nRMx3ÿd KZ  fcc̯"7u$W_ş3/l%L^X`9a͌D$cOڟO?_v=Ow8ӵK(yZ&IeX m 8损=>=E}PIm~reWWP6m( 0mugG]M7KoRqޥ5-O~ mKZQܞ`Y+UA#Jό߱bxŷ?~|1LWs[av -qm4X RyPO;9MUy Lcq- bI皇>ZqI4i<WLdfQrq}*@lI@ #Q{oMdWLmwb瀸-5#'߄/co 0iWm-2M4HB %K(,8QCe(3зgkp/bӢ񝽴n=݁wP<׫xO߆6N 鲏vrǢB!>ߍRz\o g=ʌ_>#>"]׀o֔Mqx'\1c|7]Cgƍ-V #̣Tp9r*[3~Swwk]b 6Y we3]8+q`9^hMsJ'JH$*UXG9õ59qHv{zW|e|\*ՀCsT|{^y:LGM[Kiϔ\ˎ?#.w_|T>#Bk{DKぴ $ڨNr ۆT c23~/h 'BcQrO$M_4xZu? xgbd|qm% ezdr?JK!G_+Kj*l ?!UFNW]F~~' ׋<+d-uqk;oh@z~3|Hm;"]^ZpD%\+n\ @_??h/p :KcxR9_j7&`\UMMvF0Ce3}Aˣ -xS׼8K\ < M%k+Rc~,R蟴~z+yc qVyU#i{ڜm-լ59j Nj'~Pۇ4@zOj"pz}(})i<ރϥ.@9?ҞnGJh :nTy}h%OZbd\Խ[,aAS48=@:.3SA1R(ڀ9-I! ^99>"cYqb 򠜴%>S޺ __^a$ FE`\Uךe73[?4nId2n j>gQ qiibɕI%vo\e:\5h^%ҳ+6s$־XƗi5 C,ɱԪϭ}Ai="t/LӖI<:]dž:JW:54MI5 7K#G 㓚 <=uD+GC0\#{p"[|-^`iVԅp9⽮LԴ-Q-:H #JϜ=GTx3Mu2$pY!faީ隊^Ϡakā o9Xq*o[Oge>g'%1#c;g~Ğ-|=ʺ{j, hjUT kP=zUV$<Jfњu<=9'aSM|]&ӣ{i$HS%%s]w:|cCO2䩋ʙ\H PS* m3_%aKب9n=+}]ZLڥֽ. I%ل@KcuC *uG JUի-NIZDndk7$sԯW_o`us&F'? OSS~(/^O;Mԣ-m]NPqn6O=3ROgPSG펱`YbVAqڷZDjP:ȸ2 2>?i!ӯ&g"+l%tkD8]>=iMSFȸ0@ᕿNMIbe{1 ) 6۾U0#[HbŗkJ D4^Tqp15R6ϫ:ť?iܱH9A1'kX밦WghZeƣ8&impV,n8dXnn˪<7nB"Y øT׼3]m$/!#Aq֮_xZ^ۈ-dx m@8d0ɏvu&p1oxB$ G%W8tpGg{qxn3ż3'9_ F&ms\ %°e2(#Mow\,6 qInvI8wnFpCUkDyڎ{MbEY98ݸ0J]ƥm z̖3L-hgMH#!vo#ny5xc=:ffHw@@<j {w =/"H u18^V=oO%d[4Tf38+XfM.p-n0 $H?wa ?6ܖ[k)[0>ha^F3x'|@kWZڅ՝Fv+%rȣ|gxz += !q2o oW X> RTF6g]bV|6VLZ{MKV!#[MsVIuH}"l= dwPOycpVO$TleZ(6˜;z~ץq$5m/LxI c+Nߔq^k^jP\ڑh 3F$u1|$.$I[, e2B (Wo&5=2jjw/Ffӥ.Ǿ3q[<=x1ĚVШdQV67SsaOhK_۸nn?!ZL+d)^F>l?[k/{td񕐆%%[[VDǖ$Ǖ&zivbb[ZRQUݺF>_1#nzVKxB+ۉ[5H>v\!%s") N1ާ>l>6f;`118+3bOcYX]X1(P\C? m;duyU$ќ7|]ZV_<9pϋ[Ak+•7@FϨĊ=jلVbຆ51^,74X~kVzv/ɷ$\ۆ`,߸(ƾsš|sqHbIaFe%IH, )8$ ;wsWIvᏈyfd8(ֲ>$w,'rFFy1?Z[j\s[E, BV 7QNc꺭M5'M: k`a ! 0烚ە>wK;+4w)$q1A`⋜"UiFarY 2:#5kzא;"3´qm='~oW7qۍsn$&@WkO& ;=Vc.=T3"bPBC׭E}OX\KjF#8%NHWњV6z2]됲sчҾv5-u%խ QA& 3د]'?hDžuR"o3/{` JS^6}Ϸ`g4x) 2JX$^ K|Ё[ayRZ2|ɂscxIoCWĂ00 )T3E=d]Xد2*?u'^<*^@TnڴIyGPx.O}Q*V{~OY DBq;Umrwj!JqyS6xgjHld}!8=q-I#@GlUDy iC4T(nMnʄeb =k$Q}zZij>$Es4k1 01rH#2(4+I3Yk5}>G*?T߬s U*|\HB1]w4_^[E-%xix jZu夡q\c* }s^l޺CMTy=BӶ+HemČFP2p?5\FAݽ#qs]$ԭoI#wΧ][GYFPpҴr.q:_‘6mmHфa+G<aҺGN3X Ag?63z֝ zyA P6~UӹQgZHYdXaQu?k̝FަViֵgpwte=C },m¾]%w ,4ߴ%NK{q Jyp/h6DΧlfbOh ڣッ]8$=@01N#րȠ risAޓ.:zM?zw3ڢ hz{:CӚ-NhRGI1w4џxÚ߄la-eS S*1Pc88V߈psߋo ]Z[v#3;_ljgzoō'f_.{tQp] 4ܴ?;|e>~]5/_ȶ\L8AVruVS3_26<_)*oxGJk4:m7HA8ϧ\tz.mSX i;o읥DK--mgg+HTw?og֚N: xn?xAsM`@F+/O ~.NmGvJ]۴swj"tlm I;fP?gK3}sCH.X&=yhTphct(Q'c~>/쏠|eokiixg6́)NW?6:W_9|{oXNsPW{/wwiX:Ź ÐDDxO*(bPUP8Q̒v}?> kz^0wq GC=XD؛Ez2yHg+ៈ<1jhh*~SYYpUU +w Y'1K{ǽLϵJ0y*#׀OqjNzǭ86Ol$dS}N >RHsL*s"d@^ P-> xS!cV IT;Wqk;Lӹ߽7`=”0VCR`Qq@Ü}i1) 039FBGjwqdgԄO@(#1_vRWp`J鴃>INTw9=9WYL1`sަn'1h^4Qx<;6%Tt s^1HG{V;##9ҪrE9=iGRpsuӔ8n:uӌyA׭99ѡbU "$d>l+}b]K{}O@}dP{'ۧ -8=zcB F vk+qOn٣TÎ@l}M0Hn۪ʊ ijkOG]{:h¾㸞XңlFm@(=7~=/R֠L,r勲mAƝ$k oZqD"|n #80 A}oWo0A=+)ޕGs}FoHg&dDrZzc+KJ!4xܴ@ɖ :麗_P%-ET29HCqYI*+e6)XѮ]T7P0~V83ʎO< V5=I=9%r"/.,ep9týKPkm*gǙ5ԋmm@xk1e5 NiaE/Nʨ\JR>.)uhhcaAsọb qrFr^CA𼚲ķ2^5CXLH!%?3 gnԏ|'$DlF2mE$nѴM-P&t|Je 2@13bx]>SC<.BrrGW)*L݄1-Ya%r0Q&Q5RũQƑ4 d;B1s\wkf1G^Zέ0NzsB-oM4Hm D~V^>\W|!帺 =a`>UHyUXh~-Yx4bis 4-%~^A#= M;EKIPUvh #4dF8.xO[6G]<$i.> |ˆ]OjgVhScsR+[̃d^C U$W5GUEk%kK)2N~R8h} wh5UZ|[d$|ʆ񿄮y{Bm5pCmYm&HAsRjk}oM2x'veIyh 9 hi:6S:s喆Sl Üw5>GGB$T$>wc!AȮFּ;o\!mZG6Ѣ8SP 3Uʫ͕- Sfx=͵J2r#;;Nil.ܲFmYTldgqϱ4FCQ:q%huXoE Ejk x#PyΉ10(F̆VJcr85Fo?H|?- ] yL͍ґʧwdU%kOWu=Y濤E=%Z+cmWbH䝬2 `~OGYt)x&,7('GY2BA֗RI)lyjH?ݸdq i4 >hOrK!fOhӒgɹ;Bul($Wßs+_C\Uco<[I"aAwZݏrA ,BkFNU8@?րxpM`0?u㤱 Y&J^c=O^b:B[/_ko=FV17%zG??\qs/Xej۱ϓ'~{ߊ۽"m:6MaG=yK^"lXHLˠHi`eAD*Z1=g; ".Lp!ZR* }Ԏx0 :LPOU<Dl¨煛}?"'sT7qzǐ4>SҀsҔ.O';w Bץڞ@ \zӊ)$<g=Jǯ?))R0*20*Fm4^c_ ?otO ? lY--샍֬aw 7y_ >;ǖ"̶Ws7,L"1U%P)v4~5j+4h\︿0-^Y7?|%f {'&l~_ e߄ c4ֵx 1]]Ec5S\s%=,u?&~ XmY5OzhB6sYGfY+0A gmwSRܸowof۴6Ҡ,zTwIi3jZŧ#wZj$wqQVH J9zW¯~=isxq3+72[}Ȋw*+u*}#NFnŃxGԼIeK9]E-b|yI޿@eٖ?(sFV(r,c~ : +T=j9cV@n ,ÓK=>2qb"&$)wLw7yR('p%kۗZF# fnrzR0Aќr9zKO@ }CRQ‘P  ,i>\LF88NiHqfANA>6֘&8ڀ~Ձu.z4F)z_oM9ϠЃM\uN'v'=ji!ǧ4rsy7 j4&$º^\ Dz# ,I(zJ?_ֹH߭1O'8C_jnh^ KY󟔎{Ca9 T<_L;yW'B@> w;A 8'קXe4?1-;k+|##~٧Ziu'p3Օ]`ST^P=GXsǷj׽!qj%y@ n E1X#,qT+NAsMteń ֒cG$s+VI?rr2#VbîhBu =t^FNI=T\p18ºWê#6"?lF,V<xޤIW%B\kZ%, EgFX8- zHB[麦>4{{iI 3Q' {e| sza 8f encc'܁3RQgaZ0ELeO,Ȱ.@.e³5oRUЦUl HG@Oaj6a[XK0 eYn6p03ߥbj:eF:[zzƬN,p-a{y 2Ux@d12oاx7IH.LdDb9+a0zVZYZbK[+H VF:,ǥXh}Q|ٮV7F;z p;#]roAԺ|dp;-? @>FQj1L#2^N$ofֶQd:Ѡ3!2ノiAo-仞cY"B7n>(NvdykR6:TKs!Wݗ,|w% ;:SK},tHa2KvF3ft?gKxgDnl)#<+u}"\j:Vb,~d18=H]{4Z>"V+koVwf|qCo-wX|LPiW7 "BtH=@li^]L꺮y01  yc^- BD1I PN8C]W@W'}"EȕM 1;΢mP$OlK,uʏD F ci̴+ќf^/cCW-B ')߅b>Ʒq0|Qي0 FEEi}\[l\3ҭڨIYd9x[}wι?0i'eID*".AWLy-PCIӮYFo,k-)ᐣ*ݹDZkɃi"$(t H1#g`o+ppn9Ac:-?I>*Ck>է\-^&epX>]ßA_zr퐱$č#m#$88?>uozkg70 lH@oĺt2[xIm!KD>7kItQѵ; {gq,RU`y?sw"HngՒKojrI@z~V9 w #a]vM#]3$.#,uT-R)peVQ\; Β@7,bCդS׀A:|Q=<@_gYj$eGI!dNFX`l2M:}~z!k^H$ j&麞;~fQ-(&2L+)Q:\'3ɂ:f\&/|W5[tP,/ YjB0d =2@S45XmkktOn"@Ҥ}sYQɨ{%Ě%C#5nD+yB8bQ[~Ci(*w%²0>|uDCxǣ tQ]cB?mà ܡXpC5RvW;0g$y%m6N@]C#[y\qfK`}Զ6;w;aC":'\eDi:=qjsȸfQc+nF1{^|Vo;bcn/Χ<:i (f O/J4%_C0:.Fn2?1^mO>R|?q Ěї&JAyP>=ksCpsqpr^\?(ir<ۮG{̇qF]4j#%WܴpdhRd9DDʖh|`1Bs`w8'9spO8Q@FXIIj#s !z}k&5ğۚ\ 1~ H=M};~T5{iW:o`J2(MIXޅgs_W-Ixftt Wqu[_AץxKcuucamk`EohV^[ +쯖(t˭)yfvgQ2t7R?4ьzPd gvhZo~:TF94Oa@ &2Gl~ӝM8g=hGN=sLldJNH {ӱۃNigaɥܧ.GOvhMƔ#ޝ0si?fB@wJo#9`p{Cg1@)ZWz68rq5:s\΢LzceWcJfH9 szS7)4IZ4N~gǯQ9@`2CQiSp=:Rf ͕\ZaI8V1ӌ`z|¤0'9 W\bakm 14rv=tҏ*qTp]Mej$b;qy+:p~Y`[{ў9T6 ͝^{WBv<צyVvoWS[ʌpwZ!ȰGn;FLckYۛ諐%a䓏Jş1hCן[Q{"D= $v.B:ec6ߢ'~wܴhVw=1}}krQ5{umn鮮n_tI3Op+>Xdܟl{{ .S*gҟ<(bb@(?9u.;4y~y᰽_vo*@:R9 oYU2GҾo3vϬl裯Agx63iZoD,uk&$J%d!cVl =kmlAW<r~Ce2 X܉/" QCFN=Wik^x+=hX9Ad cH;{26A<-A66w ƓpA;%N+,t}7_V`1}$I˓ h‘/ ʾD7ڝ隳<֋{kF&a$RC{}{Dhn#yTc23ZNrۅI(SIXUK&3$yniQ OX{1޸/IՆ}OJ[̴ 8pNEze_N@5; ξYL0[wp`Wp:pu;fӼY1!'Zp)4qFV3IcLXr&qt^>!Mq_y .wN<>4ZR|wb7)sAܧ'+`I'n<*4h-doRAI$&%{- $}x]ʌ~iݔ:]n^ ZUh$ÞN'ߊ ]gHi^-CRӱ+SiU,]G εѾxpyQ>>q 1r?T0=[EjrZ2X鷖}XR8ko3|{H+7p =$ )W ۸ kBh[x mx=z5ns`oCQ#2vmU@{ViR& ^+Y"}?8gڪAǎq2!g(z/=*?դ}tudfe 8WhӺ>A/B78>~MJUec;nZ !۹c?_F{yzz ?adکٲx?n/(?\`sjtH:VCM=ÒvԜVꀧ;HyVX ;⬡"wp=)6郞ml\1SzU1<ژWH>csҡ0'5^7hǮ;TɌqSjA:S>ԁ{uҀ2t~ sϥzֳw9G*AGOH`{dޫ' 6v829?^}39V<6 =cJceN$g^7 ;T8ϥaT;8AcXBZ@0w7Cl%3g֑ͷZW?_F[Ь-}8 q&sc*R>ď |2Xs=`Cm#HG-bht5@PTF}dq=knIdd]3I!'Ĝ~4ǧ~rXI ׷Go8U>y_]Iwt$6{N=9ڶ!Y8xW?έ#@Ͽ"zquؙ F,91ziKr8!!8r0r}*UV,J(AUX֨t?隌#!g_.. W덃k rzz+wwi3sR׃5+|r5N3Gߠ^,ZMvr*8~kű .AQ׏ֺ)L8B%H?5қg-um:Ğ֧j. 7LYXsR\ ºWZ<-h,&)*iyeG9 0r+`ˣcr GB=; / ks80?o[q_VHGq^ՙb!iEҀozs#WRjziZ< V%)&߈b¶WjF.Yi@/o;^H9789|\y"m_ ipMw>ցb1v+N; Ux叉;>ҧ];BŴ3L7凔5Ω'5inV<W+18Y[+Cǖw!t$K!wjpB֪72>'nbZIfr?92PyovpFk1 )&UJ$uz6yk&kJ34h@wU#{wZgW˖[bdhOI\8w2%^&rkm.!`||$DsohVz QڭˆWQՁ]!q"oZkr.U}ޚZ246⡸Fp׆/JV<%!M!8ў#ix\+rX9V*e;:ѕeee-N.#8d Fiוt?2duLiמ5>mqܞ` fxŏxJX"݉[uV}A&򜎙*-`Լ>mugm )}4 !mB6sBױ)%͹۸"m*;xnF >1`b5Ci3Jւ"N9UĨ01H^ڕ B=9J83ǧu4{2~njHcǶpsm:ڟ#dl4W$ gn~7@XzdW')|)xŠq5ZH Euz8"́ϓ\ dd1DBj8R3t^:ե93F@ր#8=:GJx zR:n ԛ6`M;Sw*3J1*%1ص&|!c+WKv9$8(^F{J>M^|@x ^s6`us\7GE -y/֓gڃ^ޜ"dqN^:` a'gAN'=)nLc SzMjy8RhiڏsMv}r=:R_@iN7\8㧽4=N3w0Sۑƌ?7c?֤u1F3ڟ׵ LRc1 R@483'SBUhu G#IxW Oo_ m*}М5owki~ОguFf[)uHG9g M#EmOGpAּors-fE^-c﹃7hdћ 9863J1 R2dzG52L@2O 79zM ׼S_·, ӡ8P|:^5P4~ʏd= B>r |gq_jWr޹G<\ YW(ڨSq g^< Yje]5Kkĺο=wm8 EkcuI# T.IYL\:~褒2hӳh/%n[ s]^@~ ;)'͍n$R+dϯT,)VѻT318G|~G1ӎz{4r.*Im='d[/ R@[ \OF }3 @ns?ZoAN2Oeoz`/[88'?g?O-f9b2=M|L'}'̮GwZ.Q0p0wwB\Z <|DM|'iX$C<)<%OS= !EnOttqrtvf;^n{e*Mݪ0K'%Y7*@<`ӵkicVDtR^O8m UOᖵs7˻(Lyyu]۔NVURZEFX Adrz ֛!]a^183ۂ0UsϽZ׭1xđK$ΰ]ŖhTgoq4ZrYXtW& \28h%4oK8deY„vS6nzdm)l`u) _Cymꁠv'lAu_ij2Ii95ZnPXV[ 3W9Gr2:&:^e۫Α+!'?#u{fԡ^Mt6LJ$aؘ )fXwh~ak@sog+@BBRiE5wZuw%]29,)ج4Y-o.5C4%f#[o>MzHO*`_+3C|?||wwY HE%@'ֽHcmKoy R\֢j \UALā{Vn%yv[?j Ф}!Ky;[x|=Y5_5?nrfxX$SԘA.σ";oWY`0-ԌW$30xóMuT5 idYN$`9qEǚFc<3RHR&ԞV gݑ]@v>֏8 uStS VٟTMޖond)#8<huƦ ,KopDȃw,FNx9_^%еmcIk=GXKT3 9HwQkV(TW]yETF/K#k}5O.Y-#08ʒxcOZ%G^f,:p[ݘ| r7@3X =kKvK vFFvLITz֓}&Α$+a ʀzklo4=f;9Cs w8N Njc\u6rW|7R10683],Kis]᭛͌:"s};$mZ^Ԅ7)&窩S^?B[om<[MЉd+?"vΟ+.9ekK XTy>jnY|K1׍>#~55h|*W?UX1R~rO]9c^37LO֡l(cfq&Fyoǚ$2A=3j0CR0'sրpqMN}i6.L9*̽}~0;ݞ2P¥$m*d=yʌ;ie]Ȥ#{SJTYbï5aypg3ty+'ҥ,M A%tJg玴 1/h!%3 w#5c[YXH\t5_=7jIA |,/ьf\mM|6.3Sֆr[7Fw?/R9 w28>S_3Zl[.h*ry,Gz}Am+xf ox"'<0)j%oQ~:e :N0zgXfc';;T{ ǧ|SqGz ozwCNH8F1F /^ >qED ¸o|)G>2yEjGnBLzGj?o'׌t[x׶Gگ9lr?;)1}N/|dĞ+%ijN 4u|v AW`~l nGo4;4/M<*"&3+񟄬}_x#Qe\m L ~_Sg/ql]VxVRDnѸc!XpH>讝C+_?5$ovJٿܸM_w0en٦ՂJ̥v@C`LUgw!U@ORE} tk}吱W& qY3T].NIGx `ÿ>2ju]>OEE7Hv}OCc}>÷Vѯڭh F|˸(ejՏP~_| 𮱣jz{xƊk/ZDDQT l$b/_ umfLȌ%坒=^Gz|f~Ϫi 髾 kCwe1ݣ`s`8C]Yp<*X2ObLaYx+ī:5ݛ3-x ~U;\ "i/Z~ ii7Kq/i 1\7 _þmniu'b~|Ҍord~<~[G?0{e@Cj0cM 9 0I "7 }{SA!*@i\p:mi34o )33M=j0O>_֔ugNRF2@=*,jhO(9-4y~|9\=0 \gT?.S6ҵS?֦ǥT61Ps4s!y$;ݤ9$r;\Vm <nƳdBCǹ[r0N@'_KRkQGnޟs zf2"'?γCa# @lS1gLNxsr}zII0Ϯqȋ v8Fzvt.w0Sǜqӷ:JtN9kR5D Ϩ$g'zhɽL#$p2?5a4B8'w2xQ920#WfNdn==7%p{H?7v:sǥElvGς08{)%WhF8gbcOvuVB2:z=zXd_!F8'ǚL3x{_ mҵ6XnP¿=9cI8Vߎ+O 9N3E~~S]+gi!$9<`|o.})lJ?q.Þ+!Ƒ |?JKʢ܂?)q?C]|Yqӿ>")boa9j6ytY^?90i0s'oҷ$%?J2zD*YJJгDBN59J,/Wˑs Hs?S> Kgk-ķ*n܅_3=$EOxYҎe6c#G#9힕Y^[QSe%f$u^ {KSQv^/|;z|hn#NfG-bo[;Z5hs%" $+ZK/l"˷`\im HYpW$d.z iQ4QSkhggySktuz]J+V>]Fiu[Q-\RtFM2݇+C v%Y[۽6-OL$6h*U?%H52xB&3%Ҽu|Wj#x~r:NHdGCo}i/DZ C1p@?S֛O0YD_h8>gHrC8"-R]J?H/#r*ft;pG `it]"Ap)`&U8yKGCKoc_Jy:rIu/H8%>5KM.fka#opF1JeR1׽tkK єQm擌 #d$ kyl F/A8\Ut=| nHGnePBrp]w|V6tuɸ]W`LOZO#Tutu-䷗O{0I=qX‘ˏ;>ھ0QH>fGvo2z :V;Nli.y֮^28g}֤L(^֎`e(V8x槌F=IT23U,ap9QozGjx*& ;0᳚vxu-aSU9O]i΃h#I@OCihd.~ ~zoG`m[~36rcʿ!m}&o~mZhd7YZ(aEŔ7\[q)KP]uFTzD0/٤uܪOxt8GVY%bkw ׆FUS+_n*bΒ]: a\eT1^A}i#D~Zsr_t[m(.2WJk;5֓V2.u\ÓB  1؟~!|"G?ZƲb7R-8Figpuڑ˘͑cЈ5e|>9 5|A+ xe~s6_5:~m-Ӵ}qoK!/qn$QfQ{-ў{ǚv[TP϶& vn_fׇ}nHu K{NXxƻx1]k:$"Dz= O>/CIr@0~VբFz-k&=’ :q$fV#s2Qce #c@#SUZRS]VG".Y0zgx#Cmolmn@He?, cqNFHxR;:Lw(dP7_b~+|g7xbVX[>y0f& P=A/d]Y'o? goid.5d|H'do|c=7TB͒;!<~L6(0b?c7ڿmHls(vM'Lmh6eaf"iE"{_ <~?x?JFSnBdg8pw#IקZiō#i JojQpsƐ L>#}(}J0;~"pO&oƓ8qϭ/8TcvŒܞ1@\qFԊ=?u./&PVc( M.281{ҶJLgf6<il'k=_jf/Œ$8NqUˁԷ1AC 6qyW#0@U@I'Zn`c={uu!A>jhc9 :'lj:08PHΥ w=ϭic2p#<6950;" T~y)"+y?Ju䌐9=iNwrvy'@ 26Hs1VExKYִB\0dO7̌{~b\OrHTFI#MJ.,څg &/4r-JN>Y2?z*)y`` {jrY&ᗈ ,n4!o" #Sr}=wk6ڮ"C6 %8_`])y{cUX_V0`HN}kX"t^ \aZjo0Vוpa @ڤc=WE/q|N92ѮN=ZY\h Q#qH@##烒F@X 9C۪5Y\鞽8%:M#hcSM.]xA5*ETX&kk#qdzϽZ7qlVyd&Y.\湇Ư[Ey7*1!yH-4ˍ*ŭvXɂJ>Vsgú"" ,?#m qwY?=GOn A'^O(WJ_|,OU IpAy%A5G' _[Kgd$g87Pմ-JA]9U W F +|q^ $6a`@zҫ˦YpFcoRG9wX֌9loQ2Pfݒ )R}@u [{^8'lʮckF0m3D2nUp~~̹BْD.CAY2'ȣ8Ǡ:I $ ;3r#CLP=y^HGw^1BI:G-VD O^08V 0yp3\t [e1Fp]qQ@skxS9XH$1R*J]ą>G 9<֙"љ7YT)6gjȰr03_2|\VE,ptO_FjȖvSI(Ts_x\ľ [ {WJqm#/JIHOþ+_Di~2߉$Q a߼d~#ENJ(D?޹"d&鴠FKc?EXm#s]%Ċ<<湲>a:ؙᔃԛ"%l UOz 9"4r3 YVP2i-{Z0FB[?H7;TGJd 0OjVff$ Td0HQ(-RcvJ( eRJV>jsHTqzTP`g[?&ycS2:1h&k1J>X]j4thGRGOr%_, 2sjn> Rhw~c|DvRBU{GiYFϡ5ەI6>z(ic'SIodJ6~{OmX̿d{xģ Flw RG9rar3uOS^Mq̧ν0.z:*OG]Zl\ʞ:O^(#o=*̀c1r ݪ08r*xt<pr ?x v@#❷@A,> U4o2mƾF~xwdMrbrE6)T|XA ~7žMmE݌C%Fq0~^Ǟ7pmCr6b6ѾGQ HVH5$X}|*?d_2š](_aĠngD=:$g;W/EZ7\x匬̈4/8(8]MziHɫ6Gc^ۮvm.ԁBz1] ڹ]?=x߳Sڗw]M1 ēM#ej;H%Xީ.ݴU5OW#l Kd2[4jQegM!3='LJ WQOKx'I?}k%)6j f Wq8 z+Ng##^ӯ%Ŝr=~\'4>Uc {e ƒ h#+W(xRĽ:|F QPsO7]+2x஧iC}xLMg}H@(~i[7II$P8k=A2%k b _h@9y?@'\ߵ~Ξ0BK KxV 9`$W䇃"jWG 2{hg?Woz{M.c6s-) uDGZ\wie3ɐhsi`'u1֡da$sHK:ecO>3x*_x,smu&Aʒ tgJ զ}ct]>@.2xhx VSX ٴ#Nr})ߡWmX $Q;^s _:|@֣'V+ ̠PH\w5⼷-.tZ^E4HZ'Y+sk/^~ΞvPsOJNkDYu#zf'Q B3;bx_7ccW>(//|u^[[Y]#)Y_aꤏaA)E|.{-f14s( Rqޟ#4qh$%`z1|A<=Ú}Wte7i#ts XCr+:M+C\>!еŤs^ KNpd+$RGr9Ƒš !r@Qk+X|;fm9q*1_տxQEM4b={`sǯN ?>GxX4ia&s9k'𷎼;mjk:E*&8e=)swosEd/   S?DOj3:{SzzS:k4]-l Sx5z ל>c4l~46gTʹk-K[4?^IWPg{?#6E*?9|3SJsOV-Ae؂y"}-s_OJψB8aC7dڂt 3q=^)HڮRxrGBT=1Rvȧx:t6xvL |*[Ȥ938#=YcX8=[F#u>Xլg^֍TX%ܕ֫~Yld޼w&#lO)=? 顕U2N=;VH`=}g*ߛn;Z{0s=2n q O ,LrGAQ13:m^O׮hV rAǦ{/&r'͞9 s:a_.g CpA 9Ic+`#'vx\ج4jÖGn *3GE^Ռ:2O ʬNAȫsJ$ ڿ#g2^D]FUBzWghS#Y62CKyBXnѿ1Q9c@6Ty y0.$cEuZ5TXpF'ٜ&R'*{I'nrGCM95v13r0;c0ggp6G#'|ݴ ,D/ 돡&RkP G9#Yg*=;j&i6HXc<ֺCifz99HI*!ݻ)+S`/0;RNO}+͵{AlfO=ps鷳-$dƑ)'a:1L+pw3uxK1ϥyy$Tצk9~^W".չ+#m\+O:6";c[O.̒Fvl#$swǡVm'lFxR9$f遃۞R{Do [hs~UkfKj @=[%v|[ -$:WnI^k7|ˆ%A?r?@@rMsFpq}ޡO);6;6(p N_#!xj-h@`ecbp29V$ L)$'B\L = D?ZbpqR) j(ƤP:qҘjW<N{xF]oQ쒲I pʜ=Qu xz8u {PVjo|˄-S lGl朠c\ga3>)GVe@<{z+^Yf*d<@#S$o6:T9!=jd3p[JZ5AsoxNxd4`}45oOI n>*;mV-eYT0*N+^.YDfxⳙDpNG<w>q5x|ã~?>xOYtoi4iYv⾯ heKidX2:0eaA7 nfTz>,m< v ?3Og&^n;r7R#6q*0$ʴ e!!#p 볯nH>J]xo஬tI q4-!#%Kɵb!T}q^8nO|K <ouop2DbdUcv\N m~ڟvGůYRڵ@%,,Y@>=~ؾGW ;+eXWˆX>Xw\=,(pᲫZ /g/>,|;OfyRlb)E*89kO|RKxSGIvMBrvzfaO|T^ HJ;Mw|B9 ᧌lB}m]?.7g2kaːyq:kc;m/, ĸGd "+^ 9ھ=-V_3`2Fʣz\Cm#]C)}]~ߵ]fIE{=6g䢏]W?c#!zżKciu*R@l`z4m=OmO"kVz,\)xYw'l?jهzN8,Ua6Ib|A]|/ Eg얳HD,Sgi> I{BN&^1١4-?=hكTjIl ax' RA[oݧ/er"/<1\jbLW2FFł7P6:Z.eiz-9/앾 s9D;+\l|Pck2^3w2FCF<o|`|i]H(UopMm'`aWP5'M"3KR3*{r>숉t1$5߲+&'m7?^6bHL9<~ƒ>2-f-&[Ͽ r<89M b~<)ɣx[ON`G >pF;{;&~|o|M'?bQQ6MmՋ F8tm ԵŴXkw <ڻWmix6_;*4>Dduyx>.m{rOƶr/}n}lm8EH7q}kfX%qXK=G+ c\Y!L? 5bl'1*F^pO7c>DNy=Q_ʥcsޙk/2|[888[=GT$(>mۉקjQJQ0:#8xFb~N@>'{PffJOqL!-ۑQzXs@F<`=An@`zǎSB%h>Bz `@?4 *X $^1֠Fk9ާ Lw?_ִw`q;Okq_01duV>^;}GN|çƳ~кm7XK'pnx@+Te\sP0zw_ ;Rwߊ7a9-]ʮ"BLe\2k_{m7bXI%A \qӃֿI|acoͥʴdb2Gcsfϵ6 G^OZx$(UMW;Ю%^QYXo#'OJ#2bݻ6#|9_j^4@Ԑ%PF;$xEyO6G$ǥ]ZlrXz3h{rF`ǜXw mk G i[^VmS0O'V^\܎8 $XeI)$qV;l7 vNy;OZ4gUbY( 9~=:hg*IO$sTho2C[rAMcɪ@ѰsϸX%գYif Uzΰ^-GO[D/){縦I6|LdoPݎP;W^ʬQ;q^[C(<:tWN:g7RA$vrryy,nGRwȠH'zv(A?J6oSQza8TyĸuTFXcX=}4Js1?*c[$sKV @$O5WS~49M ͎Ao<;#fVY;{wٞӯ#d_׭[ޑcqWb.vNGJܧ8L{e991f$Ȯ/Mq9S+`ugi7M|ugS_LT+ht2k JRا7?MGKY)T_ƿ>Zxwƚ;lpl1,EJ2oBHpI,Fq}g:ضX~\M00[^>S5o93q>x\ٮn'R[',<>_@ 0VO|Fٍ7]}HT\dU<悪z ߙ0Ft?Lj> k| Ь`IQu}÷Syg.v_ Zc7j6qy*jʨ/@ g]{Ѽc.߷%HGs@p8#?>Prs@ м]7G׌  9K p$(B@==kҼ1Ǟ>u黸C1$~ 0'FgįIWS~i" 3,6vw;T1j޳vΉ*ؓD,\%/|A}RR=hʨV<9ї+LW"9~_CGsInܚH!q_51B~Σ#[cֱF@ǻʠkߍuy#X/Y91玕iT7v[ϛ?j/WNOiybBH䌰\_==uMH񯃵2K{X^#1u\eQ+I!O5/B ebq>壘OKxHֻxL,WHCu$0 zAJ&OZED [l'Nsm S_ٳNjn,ڎ;qIڒm g<ת/v'|ѪrDkF;}iNw~VLT*ïAWg94}pk%o)[{'12lI]XrFAsgd?|Y OƫIq"_@1N΃n[? !*xF_iEkFp=khNt~v~7~/iXcI /LheLdq m9>/-েǟյ`?ѭ =WV}] wΟɢ|1SR(Y%ccAgAsWܨG;S>&OxP6CHvC ؕ'J~W4E}f,& W%w~xsƗOM%}=wk$bBB;>ph^HNXsQm,xvwNFH$bcOs1\g~ǁ1>EUY9 a0 ZJټ7+{Mrw [_ry}sWχ?`2WWgL<ąV#q\/+ >A7f}uK;CA7PY{p2Ȥj2&6G 5SX~ -Юq<¶D;@8/ Js7I\(W|zZw2bszVf-݈̫911OP+&X$!H/$ʡv"@(]æz31d$rq#)fS;\Lc9HTtX`9 Vzv^Er+$5~jF3o9 vt>qE #'88's Fd#}Zn.z}9ֆ23:#ӯ00#mܣNAOκ+VQz\\LcnSZM"6<0:b0L 119jθɘYq<`z׵5y<߈TtrZyޘ?t<ۇ~:8;+쒠OQp䜪2O+F*TeI99<@f#ip:v#+|P2͜YaXՔ sѲ1sV4͎0Hsf)rp :)(€qzc1e"vy'#49q-מLP4eNAMYԼ=~p]8Dx;>i=1Olw8$m, P 1;T JetϹ>Gk>f"Wm0|ܞE~1nWi'g½[5+DIVo׋ʓ}95O$s5q(=G_xlfY\mV.:dv):0218x{;3=Ncvq0wE`$t5{w3E5꓁VQٱEk-;Xƃ|dG{ֹBƊgW*Upqk!s+ü=]?V[,NFbP]${~(X,.yl;{r=>fǖ$o5݊Uv=?¨#;,Q $qfԏ8F:*Z-3>kBJĆ掱4^p0XB^֠/٘B+#5 @gc0 #[Iy Kg8mxۘg#x 6Ymb]%ysk $NA]eH%X1viWc9+^Xi pǂ+-nHrԺ-=̪F. Hi q/2 lQ>,"'>6 үH2<_oj՘\ƁNGSY|[fqڼŷ 3$ qz,$GG1^YL: ]Tc]yԉuy@ IҬq hOAy$X!7l&xd]QC$rwmz}+(-McL> Ouk䏊[_C&+v1i~$RZI%Y8H}z^ȯ[ #oĸrNwgJ ąs/C<{օF g'zrAjP=}wӨl`nf΍FJW3]_Sޟ=$"XA'>K2\K:CK{^y'Pdq UUB;#ՠLm*=z~Gr%44,}ެ[=1Y.t95j0@7gP$qPIǰFvO#q)9 8vPqNU]p@ԟzxG$<)l@9>i*N}x` ֝@<R!ABQR$rjBOp}8( 8)`4 @J4 2?^)=zp}vpzwG^j05x'ͧ]w%Ű_>VlNvCS#X` (xf^K}|S67s_^xxr \c{N֞a$~PtWi>KW%$\m _dD.irVKdm"GnUL Cn_c~[GܑY̭B -`"8R _ݿ~jz ^8즖Ki4yM6Ym?tZ{oWSB< so:b-X)Gu?K=/]/ZFEow, In7_HGCkkx;^B6xjHWZji(!t̊GUJ#7M➟%ԡ<76,RH;x_ƛ0 gCo  !X0rc9ʊ?%xA4 m$ڽŬFt_4,yx9 oo{gqmz.6֖s,@8Ÿm-O/ٳN[|YYE@s L=<͡s^9ֹx#Bs'R~ r7Vv=$S]yPPa4cŞ;}VGҭJ#\8D#;:@A_E O ܤBFs3(=_ZjsiŜWsC:,8= )__  ǀ|5c> >;]K8Gg-֠ y2T_c_)P9MgYo|  E?1cx?~xS6^6zDCn'd;yR rk7Z^?KmsmnbJd͍zyO<Kc+'|ngw Mݴ(o.T 2H Ez$!B{5|SHtYˣxbPEr`ܘ۹OE/\ E>ЯO4+u=JJj|d>)YxT]%4(<5hxcpYۚ74υ .xKSx"vY55վ n`\4@z=MfmCN K!cl nāZ(>G3@|.FV5`6@6>E\/%y6~JblT> F_G |a<)6O Zƒ]˵]oL ORW0M2pmw.7.z?|#/jڇjvxuR:уo)x3SVrx#rVUu2մ>ltf'Azݓ~<_wmWGFRo#?<06@PG*+?#ž0=ż~5s&!g# ^Xg.K6+0hJ~!㎕KtDBҁket{oUoy<|R:u+}^Gcs|'㏁'}/Eg{ dxX)-k| it bVEI;EN}ط\G?i}zNF68cQWiu&GG{~/F[K̏9\j>1x{ϡ7TIZ\.@<":l;g? ::ִu8&FO_~Nm;V=o&VY@>dB~,@\@Moj][DI?}83__!?<NӭSr]I`2;d`_.hӾ#|XHt=7v+W sτO/²Hc󏕊:l9L_ΉWIejYR O+\⟍>ֺ >)&fZr9pkǿo68LJRھ$dW#+T֍5 +J%7r_n]V^ߊ Q39[8,#rE,x=GbEW\m'i ^#Jb%3c^>y˜Ng^ywY?Up4dI8, U4ib6Q3s4#?+s FsP 93ϰ榅}s5|В@mHh32$7'pMBSMs@zAh8Ip3 eض,^sZV:F2:+9Np9oZ6Nåj5$qf=?WVRGNzTs98҉dHR&RI?/WPw*:S2}JO\+m *#=?l4^+r:?kK"d6マhۏ5wq?J&DS85 ?ʧ ֶ3 I20~Onх?2N~S{^N9+ u9*b=ܟPw;xo\Sw*y %%ՙL|9 @B)8 r=}Oz7]ʱ G~@q'hH R&FrI?R$ŒKg=;zҫ _,r8# ΀,~ϸHlmn~<$I:T_'9N PBO|u9ֽuM6),f D$zӯҼ!(݌O\\ݐx+ hs Kz_yHZM2)Ytg<% یˌt*}=JU$<2g1^/@}<1DivZ&yٻ=ɫS'?Dtmn4WvkӼWhKIAT)w |J%Q ;zݦqDn'9۞3zjP{ĭ>ӼA,.`?tW˸&j7J֥vaF~tךcs6v%^FIp UUUuvrLq\v.1#dO 9 ۽gЂ;زĘ'i9޲n Ї~u&;+V8l#npGMKE2b)/\Ek6m yornFP;֯`U20qj( lLd_jX帱@uR@d\wyL%#SPD 1K#o' $rx.=4M"w:wzg8MEc(Q2u *%%$zzY|%O񎠎;ՈoEAN?&!qr#~G[gH2y㚕BS)\Oo^ k\f[1}+CeOjw #I(7?K/rrGb2Jw'q5hS5ә'pdX>U(Ʒ5{{g1n8ƽL s:U:8WK |#)}T8 _ sp3ǿ1wOp>Z8U7B2G?E=#ۀ$S;SHL\68 hb|~SO~?5̰ԜUs";qڥM{Z_cǰe,M> U& UfEClT1@=(}ր! 2v9)Iװ6=JtfHphF] ޵OJc+{|ǯJ (4P:;qOlF JQ[n8":3u4USOA\~p C3#.PGU yQɪ)ڹd;;T2Hۼp^ .PG]ɍs*i55 z5kzU&Kڼz`⢚6e?8 3{*;OެpU$ӴxE]z-CMmL76(hAVj7*ڻ?\6RQ5%feR=O}rn/Pnj^`%$sľ/~ viXCqzQx֐/8bbrBrcHeZ/xcM텖 B ɭE aCGVH 5E~>Zּ-7JЄ ]y'ha}F* ǒq|)Aݧp~SN ~ֿ|yPxcV#3f@{2F@\z[^??f>'5 /|Wt#2E ,Iv<+K]YO|!u6GOb/maPI SK1u`gsWԖDԵ@,JLdT82x_į'NtaWVy\=Uw-K Đz{?w? Y"u_EIV/#YE愘mx}I<]4cvϞno>x/E|v Be $zKtQ,/FR7I|POqW??^\3Nem43(b6V8'k<|0➟oyou%ɒ@$S19h5|_~?&`ckf<ʚ0q 8aUAYe8!Wzx7wZU;ⷹ_y-Ĺc$8  sF*=Ke1(}:vcohQ^ `ȇV^{Hlz?4}CK;+Eq*z֙nIVL,~p޿ MĻt DS,j7m*;gma,n<ݿ@޿^6|7hnjͦmQG ֏*𖑧閞M@u4Ab?R4r5OBdO 9??gO>.įXgZkxU$ Tgp9G ,P5*vq`L Siܔ̟ nh&*uh,i2\߅ 4Bu7qm.1);n0Â+sX-(ܤ|Ca|0j棩DdL@hqzy<fg.u5;sҢi1qMɱ psWw?gǺ+/ĭ"ݴ KPF|KnB>`<G8>B`w8ӄ]HvBzHݞHׅ\~d R}B@zPƽ!gScH-MtPbx=Ue?Ǩ֐z㚯%1۸lӔ S~?rrj֓߭@O!Q>h͜t9{smz ?UlTc xs^YI;eI _#cdjÊ Ԏ-†8Gz&b qI?18ɑYw(A뎼*uPTgc >sRO,O!0"<# 303*Je9U5Xœ92CuXPH;g3㚝O9Aۑ88=ht! Î:~'ҝ8djS/sd#(Py}j1,03Ӄ?.H^yj8#,2Wq9( t@B``Γ+nd~R u Ӂ~Um#|Xs;u([26g՞ʷ7J O,÷z>2mD%'qFiq=ة*71#}NVXLp>\;cyr=Iz!yTrOZmlz388^]\,c%tϥn{G|.'~?5o/#vX, yTx0u>Qm`zk%A,Ju\,ar`>SkQ2]W n/>>!>YdnL|y_*k?|YzGlY'2?'v& ٤Kp$bOt:g1P՝?$W Cl/\?קyf.Ө?^c Kdc#߯ kH<^ VSwv17soW/@1u$ Cp<;?ƚ 㑑93I {h0A9~XzqПǽ7hUny P;{0';='#'8T<.q*H)ؿ88h (t#hFbFg 2v;w$n;7WGim#%|~E'x쥆蝓\ڠYd8'8=+TlD8ٓ=ck__ھ6D7_{-jĚKw;7S,]Wў9ռos3LuWYQ%*y'MM{طN_WV,aңsq$d f25 kjIj{MH+'3殻Kk@07pN3k/'M ]G]x* Pn_,~Wwm#'_I2k 艎&c!NBNۡc^ G Βks1֗xGΏ s"&t`GQ[FME ό~*x^N܄$g*0L~sm9o쇬i[;EI7rL198xk=l3#w]TtGRǵ~*aK$:|YA[_bqSV6pv~?_ |A[xOܥYSk.uHN-SO52C vfIЫd}ZBL 4?zƍxo'u>ͦn^x幞m=8~^??Y-sG@K: '79* vu~~?ݶX#H-G\W--VQ(UF6Z-߂x R+h"ȑPРt\8IIFGyݠKJ%>8 rG\:.*yZH6뒠gw;)[qd|]5Ѿ |^x{k+y ;Aè$['Iz*Dd9Yr[kx K:l!M)Sο"?e_>Қnxr/,&ImJ4r #E~0d'#>})V"7IՐ.8RA=qPHI"T##i*O& &|Cxbwr?H_g!+$"MѵŌD/<3@I$W ~_U/?{KTlv^f,{VntO>?3=Yh Hr qm3g>Ac~%O;mZ[ȑos'PN$ͥCe[nTKՏ_*N=E<#`Jb<݅ova\Ζj@d{{_{OZEbʓlO2eH'cHnpjLX_?U?េZ[ޡ{kUCsPzfGnJm 7<͍?Jqަ6Wgfb#7uM9_rV4pH[u_ g.oď<'2;;&s`+߅?Oܞ":5[rF8FiG N~꼧5~T,ҪsʁXyUpy!O 7>\Duc]QxǷ[H,AbƗS' LW \֟FvC.04b@ 5?mЂ? DjiXR{VVE12y=;WyK9ګ;VE4{|eA2HwUQ.㒡l{AWi8'QV篽Cm+Ft/ +qs޲Ӓ8c}FtVӉBw8wи* IsÐ}A[̡C\_+rA«7 8<Ӱb!31U%é;u8/33 H8czD 899#Sq=vS[}υăzgڹ`{Pc# _`O_ǵiYMSrr=+TȓI0cѿw>Je_pXw\]<8?Q[l@vӜszz)%ftR%;s؎1@EuUԆA'ᚲ aǽbD-OɏAEN=t LdIF;'vn-rgcjbv +<qPgNs^1yPwryRe<rO_^˓#8¥ɗ>$72zgt 8\p9<K:qTn} 㠦V=(}ǃ=h۸C!8 #w?uNj+LpN?Zl$z#ڪ:!1c|Sn- €ʣ'uj@ f ʧ8ݶ!z}zSLB 8cRka!a}}p:$vI`213UK[FqOCblI($N03犎^};Exrx•#su4>xq) n#>\d@:lRH\f1U#‚FKcTKf^zLNn{8>%$frGsܚ,MȲ~Haӵ2g69WR;3&88MW9ˀ۸g xƏ'$r9_ !ly'F3;SB#ņ+_>PI$azUByQ΀ a=JaNli0Ṷά"&ؐzFZ2(,pvX-gyS jZsgwf20$y9};#ܒS;NH㷧Wv g 9=Ʃ_V3ul.$PGLgz@:^@Kr?w3~ס> trHlA%8?_ d(~c?.|77Bґ]~X:#5g̶r銳k`Sd=vɏbF(OIv=TCW j0/B= Hϧ֩۝~#5`jCp}OMmqҳf̑a\lcI.,U?JI% A^F 8oJκ%TP3qT0&X.!ڛF?ϭyֱF%gw3~U+F.3+!؅ZYan2E3 5 y$UsDFyLe=6?JΖ1ć^U|̩wLe3xLXy]r@>R;F1+}R6ZF٫˼]G< 7 jLօOڷ ?~-n!ͩi^RyeH{r$L/8a3W^ $6oC Qˍd{WlҴNN:ҳѣ0"wڡw1#l*%/ᯃ?PǬEۈ+yU">ZvxSoqXUx hu?zZi^!ӣ Ui=Y?1'vyx׾Ť.E3N^H,Is# k|fv~x N/ ,EHUy^q+𾃭|\W,;5/;hsq!%>ũ~n5|_<7qZ][^8/:› r=1_.7??ӛJO+f[Ro';x?2t?>,jO/όxL 'w~)9m,<8Pd9RȒ/F:cOݺޱMu,ё%4sP̌yWDžuĞԼ7KxQa{]̖0³u#Dŧ?^G޽+f{t>en)_?.؟O-?Ǿ$<[,Gʯ|ggn"{{Iͥı.[ #y{}J;[m`R B* ¯}/ƞ W[״8& l2HNU~bsc?7|B =f.!g+cڼGқSU oCoUUX䙹?ڵQI3]/~;.LL|ѣ<@*vZ_~O x<)l_˒@"7p{WOE|?~+em.m.Il*co7[a$L㡮}h OiұNETj$ו7݄%1|l 泧Ϩ[z4! 11\~g{C~C˭%z䰣׻8Rǭ|u_[DMBo'`bT3p[|jT8zܟ_신7KfCZYS,0ɏNY7 c/<G_ޗ~Ϛ4sK.fE,d85G }]ovN}/1XƬ='] ky7@nu >W0*I  n2@b*j-Dz[b䂅1p*V̮_ ?k;'{{[z{q^,o9$_\"gBss׏_;i[Fvpҹ.v9N 6@M(Tԛ՞0Ƞ,F)(ssӷWQH{~5GX97),>aeq9<ץt=!xoL>_;bdvz|zICնc=jr } IkrޘB|r=)R1uI% FHSǽyگ?ze#\s31"vفy:Ε9眃~5ψ`9͝v1aSa⁀Γuӎv CylU *듎} x98cwn88J TrxGӥK(ܫV#UPNw㜟TF< ; " '|LJ@=I89j9\z_U0(ǏAUSB uM/AМer܆e*xϡqHgR8XKd>q\ GˌuA ?Oα\aCqxzs<Ҁ22a1 9e:y*Cg'w\49(Ww^I#Hxq@SH) S# \'-?Z}͔"L[^LzUwaUe4 :T5"HœI9V#js<.3_Gs== 2c8{jS&ӷK`d=/,= VdgIy 9 -JGm,>TK؋,1q=OVi8ۊIσE''[b#sRL)8 6$HPn1\z4Kgɑ<F\TH q@n;c2\$`{jI:4svzqc@%6YGJA'¯m ! :T(96O9=ȫ@>ݧم30\p20yU0 ;HFA94ZLlĜ?ӵD2N7eV$* g8=6V,X)u>؃C|3ɉpto\*HsOJ9@ۊ`FL2{n`ӷQ @@W~8"8W&3;tcEP D3'4K,^W0ޕ ((Gګ !ʀ jc `sy6*9=h7xg #ΨݻW#zё"\w闄rd@<YCunxi.'=~ߗF҇}. ӽHxE\g3:"52h0O|1"䢒9kԱySM23Y# ǞHR鶳` c*|`Yrvl?I?|>am8pr9ӵkPI_0R{K×88Dd{ Ҿ 2qYpcӁ8李1Ҟ:S>S"ƁqR(S@JvO q0iN=tȠ/>o4yS8=K㏉ZMR}m2Y ɽc=3C|lt0&<ok[x1 4 RUʔtpzdiu4}+|]? RS䶤av'dM|5:~6OOI5 $lĪXӹ_ݞ 2B֢~ ӡJX~F%+N~0 SkU{h/7k=btĊU.FT'sho`|Yy IpZEy׍.$B9߳/=GW|C{8t,YO$]&;[#$WH~־%>2~+"c;hs00Hy#~_ 3é0tygov<ҨݵOCkҏiG{m@HYc xx,"մ^ O 0 _? u3Nlmf- KEubÐA G=Wu߆_ xV:Ɯ#6&9XU $cADgQ^0ǀ'@yp<HP uON74t=™ɕ}z^ |X\jCZ+ sow } ?05(- AI|qVօd},W L#BoZH8_ռq .c"lե\|d+_^56;KbWeAe r}1H3ޫKͥy|5I/ɕfR[Yv ?c_[g_A%#pq5:/hÙ|m |Jy>i>"$OHgeQLfV 6Ѓ^%yj/z/ 1q -8\`Hz W*oSЍ c*EmÿهG|3QVEcq^Wox)=x; }RjʈE*K9=k׵OlɁҼX񭵲yr3YN6EDzFűW kŖ/޼3_m1$˷;W,Tg ,"FNBo })!d/AgYHV~0ϋqyY\m$[@-WT6Yy8?\.23g= -*'cIq򫟻]:VXN*eәF ïPA~n猚W ?:z8c$F=(KhIPF0F{՗f8?]KXn H ~#+]uM$QnOLڽ2KQfM~Go>e9q3X ZN%"@IUGgқ buRr?l"W?08{An\9AL #bR?ju[d̀n+wqT+j\K|%$_'1 i9ycZ‰H\:q=ZA0'zL 7:RqjFd&N sU hr@բxPHfd] % $$w):M9>p@`rzIj9\ާB$GgH'u '-•ʕ8"\Oltp^G~P˞z]60סϗ trh(?҆y \rI<Ur}R)<\6 ^݇Nҕ[#yqhwhB&F<ɩj8 g Cm-  OVl8 fWs8hOL9ޔ#{L978>3>2sq# c‘Fq~'`XJg+v'{*?\3ބ׏_i 8qΉ=4:iDsgiv57.)eD9O*ڻ"ޓ❷'=MyB280 }ҝh⍤r)\n:tgOڐi=8拀EZSלcAҖ0Xis"𭚭'WI8< v-'<(b9i3cr%kykxzݨ ĬrwR3aa UU8On t# ~ʼy]3K1Ky9+(co0ʹ1pE.RO|R2fv/쥏%NWťB;w3h[d ۃZ)3148$S퓡=k֕V@!=SSgslG ,P/NAe7oCWij\O;FiUɻkcަMTmֵS;a㿵\[`SjO\U(m82ziFg <(\'E6ӑXqŭp 'BPˎF{853W8H8Ckk<F^#m+1t?|8t =Fkz5vTskAVr#NA;9?:ǐ%1nz[C1z8SbN@΁"|SAA2[0Rnb }}49Q,( *b983prTӏO]͎cDCp9%rWkBN2>r:zÌBݫf"1W'ʪ.3NHS@yb9ʨ7=3Z8rqynⲶ#T|2>JXg*͹A8GZf13۞~ QF&8⨑p>`{*\<cޮ6U0r2q8)9Rs񎘠 Y@Ix^8j{wU`d'+s= 6`x%$sҚϵX@';Gl/:HNӎNeXgnTV$W/9O8$´Fx HN}GҀ4Ԥ]?xۭP2:t>n$c})]rP1{M09s0b gq>ʬ %H'wkũQ; :ؑ\GMc*gm$*[yb>N 8"Gu CFzz7&O7 <*XfuT`x+鞸Tyt.ʶAU;VP1 Ԧ8\냌O q,(AIeynGT; ;Np7RO506# nUGOPGCOJ2`I=jM:@ tyCb3 V@lcWLM#'<>VCǗ9zczRB#m$?րNme8^)6pGzՇcpx8~#'<}(۬q~8X[{` 9%q@݃~_D2} \SL$d p9OҲC6œ5 =G_L})`:qВN֐6R'<;s`T8ހ <pdoڼ9_Z9rAcL5tn@,hbO`NIެf݌'zylnFq׀N=z"X*{\wÔ{՗⍤TTZsSמ~TȬ$A"B2q}GL7aFAn$z[sʓ9 fzKVѲ#e߂Ui%v'VNCѤAݴ*4Z)ݟ1v hK ރja昒K>K(UXzŻ,t/u$9rmX <yVz zdכUTBH$r'+%Vg@q`2FJsFU57bz{WIgݲ#=ko4ybxޮT=8msyZ1#ŗ1:@#ácںsK>-G.3CEtL{zփ‡UKUxx _ƴס"Io$sZ)o0* `?Jӑ={VG-M˅(P2Q4 qڏ3#R9jyX\":sSo ֡ݵvg"$`$}GҫD;!w$} HBy>T28)탟C<ȥ7V^p>el/TĥqGְfJW-ٸ']q?үOvO{cFJW)O,f5#p(Z6`#@^+-aINA=VbIS@np!I'~u2qyƱcu PK :.q`3N@[?*1E#3}ҳ.yA`Mk FNcP:.eq:44%I'#r 翠/6T\exǭd=AϾqI1P$l#N3MUr^v=G?+Zh၂pp=}+'8݉Py ?Q"RҩA ``ֲA9qjH㑑wr9{f5wsЁQ֧k$?/^1fR7c8rAq߯J% 1ߜ#é)xlu gzSe}N@߸n<;ddszddv%8i6/qr=wSL7Fă@^HAUVx6:[o=NIDdPI|2q|߆;]I#w pH<Uy#`?΀vv|9–tH#揕Fn~^L~=I ǽWxwHA?ȉWp8Nקv|ӿ^X@e14ɺ599bJx3ЭKڿ [le1d88kbkDS6Vߵ*ކΖU>PT:!4y+Ҩݲ^+9E#/\ 9PeX pW8T@fy{q$-$Oʜ qy yfjje֠lR =:j5ǭO0<0=q֠: 5]jiR{Ҏx=iN<:SxhHR)}}h`6E\qGN٠ƁQמ@GDލN?4pzSa퉿F{[}!:y\g=:{U!ߑKF?w8_?3 )# OJI9wsSp}tc>SFr ;1\R}x C֝Qim"4g 2ĥSLv9-߈~FinfXc܁XX ǚjƱfPqj0Nmea4^m.K1 H]|Czäm~QjZ9f%w(88P|UU֝c+Ud1y0Ic'VjXA<|/=}}Z?zrxH|  uwKKttqg=Кy cqC1AugmyT&}F &gkx)me1H?vky\2)UsǙ9 x?U]ky#"̎5fKY^x ub]68HMdw7֞4t#$pBf`b{i wOi[vF7{ʿ&y47/- &/S@05o ɧx &jBg|y^?k F$n..5rJ/ Q4N J1ry# VfVs+-鷽wU|Yzcɤ).BݮcɚHb{@e$hsج; , "چ'3z7=( =ALrsC0=ֻw:[eY[d']d4;Vq֜hDI1+lŅNԬtQHM2x#p;umuhsF d] (Wlʵ!bB\=Ey%}=5HXf \Y<g־9m#ɤ]]%HΪV,3ڶM4e_]>".0|86~]%xp4qw[k>hx5bvr hNUp9%6c\l+LeGL|cV7ͩ,ހV| 4rTq ^\7NU,q +6kgK`8!ũ\em&o~t3p7ҠOZSt!zu8w.RMfYQ#sub?\S2#^y'?hJy}S P' ,qw+.K>_A^M}& T?k_XbI'ߗQ\ӖϢuiLq\ڽˡs҄0 Z5f(#Dۿ\g۱W`5^l|&Ìr ^ɆFssU!"ϿX*zv8^yV@[J+w8iB`%zq1r 8GZkL9#׭R iR3ߎG` :L;Fz )*H\zBl8Q9OR:q{bGNJFx8=3?j`I#Ƙ9tr4NH>ǁPYP'; TF[ 8|q3_|@2,űqߞ*8Č 1Ӯ3kj1p8u*"Ts m uϽ&᳑\ Pv,s8A g==Ta‘},#zr?>;Z( ddu=8T`vpG'?z98S^x<A@-v1~5"Fy-<YB8L_(H ir1GPq@nv%ax8ԪZ07pXu>3_xЗXTv<\tqxsRHT;n_ttc; tGsGȋod) $A|Moca@ feɌ:39{q~]'NI9nNާ#(qdsPjAqϿ?\VU8v9={zcz:!;XNդ]8$zolP$j :ێ=1V*בTAyAPƯ~X@XTy|N:J1h$W`Tp>hsJRڝn魐_(SE}W{hVmcHd^MJA=~u a=SDiqڱcJ.?[E.zb8QbJFqf zy}iw `zucC';&[s~5;">1=)0ϭW'-zc5E@f[~J )x10О)ݸ֣$OJy@ ەǥ)7ғH?+u*KdR;4yt_ 䶃H6Hp*2##twOPZ5[}Y\âXjVSq X'UWA<׭Dӝԋ9p;kOjg?u駚=#|4"Ty5xKb. 貒JmaCrqdSOK+zԹ&sz<-\\Zd72Ac3H/lJ޻$ГԹt{ۙ,gdڱxI>%OQW0jL!m|:k3YŘ̅~Aǜw>?u iھ%ŢG)q..[[]]j Im1o? ^MOS\ Xִ QPofKYH?0a=?w῅^ύg6z60RN$8k\ֺV$sZAN+u*W|i7 `Ji4ܦu-:O=Gu>KY{QsxL<i|wn{pkD:"9\*RFU-CYf`pw44wR{ -ک;WPcӑOMkOf ecSֱDmȏzJR'TJw#O A늱o=r;u*fE^H*$Ur}*ծ|gUp8?Vs1jFnęc/801ycsmx=A8m;ecsZʻ*2@$4'x]6Q9 Xd@JF}yҀ%\8>* dcTqy3QǯrF$ Wꛔq׷S~ZÒ"k8m+ϡҺPz8=;cpCʑ};01fV! rO^Q9ZX1 py z) n#^2ԀH \w|gZ?{gRa$ 8a1$tsǧNh'8?N*HJ89 Cё<=ȩTdlR03:,Tc;297*x=UR2v':&לCQ+(\@#?Ҁ*{nA3ɥ2<#<1$A$uZU>b89Z_) /ZI i1z*0O$c#{Ur?x>nq@-dt }~yb+XAW,7  'ֿ!"+ 2| `׮ij@@8DÜzSQޚ+4K1Mp1?/Azxp#4AHiQpxHG#8iR35@ )p{1Ԝ@М(o֬>IFxVRN`ZLjaxu &utN H9~Kd.QҢ׊0N>ݐޜ̃vTw \Q. Ӄ(9s(,Oy#(:9V98X_lf<"s%lp|I=is_tX~T}O9fONiw)s`nQ܎e 9n 91`mcFv=TwlF*e&ZD `pBmzϜdS槝 $Oӂ `ێO?~zac~|&}'/m/AT)/Rž+gsFZڵF mm:h7$˓qko;2%seㅗ&.g{{;2ȝWi|'⼍>kyu@ׁ־jUx[JmE);ѧ7}qdX|Lʒ~zV$>ǀx0 w7ǿ\(}Or~l1 ר5:qޭC,h):$<8O.1Uɰy2=MV Pc/jُ$+mRq#WJ,IUpHOjB@FL $QbT` kC\"YF?]H"=CVMmzցuXΎI1ӷWt8Y,d?ǑWb;9@alpmh zmf 'h\g}vz9zFzÚe$oU~+2pVŤ AO|XVUĽWcğ*``f$ZwȦIDfl >9}rab ʃһE$h*r0>]de:}=sXr{F+Au6Z1" l*ĸ` +UC:gzA:F~<V5O*cLE&;@׶:`*ON=kbYt۩N7+('gcCf& TW#8vX=f{W9Y=]ɵr;I\ǵmdr toNc9>cap@yj@obp_Y i鎧$ֲe0g$s׸׭k0y#'ީB$_wH Q|Hp1ԁXBvms=zn#30Oo_Z &evn*ԍ06T/V 8<419q$Uڣ['ƞ+cs;yS*N:㿽/O-sqJܐK铐8g*cم8~ڀ۽`U g'?ҕFO!=x(6q {4TRszp:`'=t8Cs2@=k =O8cFFv\S<{Sž{9c# |ǎO>Ҁc֭*($GOօqjcCk:WB}yk)G1@_OC|e H4v%.nGيuⰛ3|t?+<. g>pjs>:V gq jsq{}*ۗHcX8?w/ 2(3 3H@# ֤ۖ)9?y?Q5&2@?=i84 "㠧JWG׵4ҥ~4 @R5h1RҘ )d7>FB*>I89=pGj\4ϧJ3׽?>ttsހ zSSH⎃րXFyt{)F2En9<y5=Sf Ğ9ISv9 /#/+)׌wgE,4G]k.K`Wx("@1'of:ayk._}3yYᩙEl{Y5v}/6d>'N בj:ҍ0 py.g7axYjtZ[4pW u4#l9t ZJ[8oqd: ;#7sNA=*ƫ`(uW>U2@ z}kiQX 7H/Ę] 2Ptqn֭6t9whhf`r9_D`[<]%}vkC֩Dc r*{v p#'Gjꭕv,=*X}4l9;sjlֺ)- p g5{d|U\6qSir( ީ-}& mR1֠6#ո3pY CrF60Ry#)17k{A$O3. 7%N>Cl dsۨhx_WqvRUpm9\$vs#gE'VF<Aqpl$,2둒kb]#գ*]N(nOJ `nT8w| aGA^-xY1c+-P84.49{K%Y1<]XvmC sZDs &u.a-;A*bjD@(Y, f򠺆Kg'%p@O`+͵5q!8 :v+&ffaFr}3ߍswI$}85R,6)Tۥ"5g_jQJpW*x#?HxF2#sҪit d(IF:֫+u9j o%J,v@7 iX8zʱ'GpT}r3y=Ca[:woXd1郅F9P ǿlzHZvpߏPjE#$:Ҷ#uv'p29?^+"HI'$/YBX3Zbd#!z{dl#0}Hۑ\JG8ک0/{T+ $OnsUL8/zUq ?O׽P8ϱ*c+#@#vq6ͪp#GLgǥM2w2ܞ3?$N=1%m9j,}@ϵh0h {~M$`g:U I*XVĬN tO ժB ciwϿ5-ȻB3tjxB+QBPy ӌd 眞UN3h4đu'Ϯ0 8n!r3g”"C׷\}x1TP8>t .x皅ԀR3׭5Stހt#֦r 'pנ?)d֔rpNG| rrrxӎ7 %qװhZP0q?=:МqGܟR~b${aT&w8#URf;B1ڦ* 41ӟGH *7x}hQ[*sLΣAۏ= i[x&Į0~A 1 SVV6*@#x'#2T N-qI#k_dp`|0QcBfi;92Cw#l"=TJ*"3$G:5J=|3W݁Nƪ۰7g+ \2ӨmT$ǵ#fxAf@=8Nh3M'ZQM#Ldu֛>^;@I<c('|iL烎hz3C#?Ln1R{Q{U\m/~{ӺBxpE/t ڌƞF<Gڐ*$ gH:sG0 x.ڔzs擦:O4="phy'9` ҥO4ҸCZEqҟzCBev'cƝRsP;9$c Nri$ny3\l&ʊ,]șe9p-t7cGr}kom-̍߯_8kڽHĜ(7Znzv՗X2/<}koElLH k#}Srwg*od~Q5+8EOqr7N:wU ZlgB:`9n ?ʼjգ1lQԜVpO5YYFb`ztq[6zSƁ8QX㴫7}kXmIeϯqݼ#{nyb=,wl'ywyjХag=^Ky8K`G9R;-Fu>EwQĎ8{cs6J+]>:XTGOS \dg)euP='~?Zz2rO?K@@O4m:Vq|{SB"¼gi5 F{if!qЎV5g`~PaǧZUP Y8?2M13o"#sqQHÆ\7ִ.2*}uk~E61uK]W&F*U\}Ӹ~+NXE/Zj,lѣDlVJk":YHed*nk$[eh|Y>sJGZբmX-A=۶l`y`6l1'3}k.B&~RA$r?ȭٜO, r2u^*% ߃늵zv9ݪX?6N8dֽ ķ|t91ӏXV̦6d )V*AV$jƹao5~fqqkZf8l;z3n|s G?SCo)Vِ#1z>4r b'-&\ ss Ԓ} _caQ&ǩӿ=l;积CM@Ҧ18 L桜I^px ↀǑ 8G<}*soNr=u2<sRБ1r8:FBs A#K$nrf=9P!7>q#9jO N1RH1zE zgߘi0ԑm]8yU!%sqLUUۃz?=G1'# g׊yl Ϧ40A? A>Sǟƞvn p3:np#vN qjй1j7t95Qo8.yH~`q=$EFN??JImYP1,0 sf5냃ATꥈ$NNz}?uar{1߿^ [qW5b籋!sUTtXczz^PDX\msX !ǨcГ>S׌u9Nzќ_@Ƃ ;TdtRs⤑ FRAJUGx`Hry=@ޟϵ!{A^Ss4 q?sJpRzf\g h6SjaER;PA=)'~8=3@—)sy@ }(@\{ҞO= zS3 ԃ$zP=:ӈ秽 li'Cƀ8gt43ր~`v斁'lS'z\t̜}) c9.9crNOp+ݱº;ܟAW1zd0y qvuG׆zֽs֭{-c m[]#:kF%SpQf+Rִ"kJ6{>(?aRR"bn޽M* nW3,+oZq76I!C/85ig>W=F9g͹=k` sVtX0MtVp0^Nr֢ cKV#2\Ȋ xYz藁\TB8Hj'DJo`K$@e}9 '\ZUn qg;5Tb*N氕x:P~G^{ns 8$10+U&(T5u{bۏZ ! ' =J(<޵Pވf˨&9<#HSeƓW_Z.u-ԗp5j^?>0k'3=08V;UHc)WO±;?'ǟ 3 mҡ3%)Z̋b*?d>=IBǯrq3EDO?ZoIAirs'yp6Yi2ɤQyǥT`X &/>1v%)/Ư<sOC9TSUMZ%G<j_[xW_|Xm{5ğ??I^pUï`~ǧکKy [;*Ȁ?VnPG܃'nURMRsq~^81 P}!r=={4Xv3V#5W#G<ɲji^Mq$=?tANH`zcX*#Clm_p9չ'p+`'9a-[$#ノմFq)(!Mǐzj?gx 1U*&}ypxy2׎- ۞^lÑ`;hNpAޫ39FMVB3sbMAKMNI^t4wO~+խ<\lx\YgcnR3<*`X+} qE:%)wWzpq8%F,FAH_˽O X-OZb*Ä92K6GNGO0ù$RN3A:~_ZcbEbqOHь 2089ʀŽxϯ'@'<sW1Iq9m n bG$^^$;}yY:\pwOFz+8[;y8=:αqwu= ?j xJ`/r(S*cql2s`H$w=HڬUn A3TLSqQW'#8>jBFO=׿jc2|@S@_V}#'U,27zc=~TIPr;U\qqù4cX+wt})Pwp힟Z]f=7UcSן]*hp1>v) ޳cOH>zՑ#\ 0y v'FA9yu5~b~c`zz`R )Grg4eo ۧ8ޤ r@xu4d1#^_֞'kyqJr_gA?4d 5;Nrx ߁J9%H#E3] V[@= M!Ϡ= @@ pAZ1k6:ߧL+ `~ W'jRH =ߟaK0r2Ajv8S)7 'd~Ub58B:G߱ ߵ?5 [[9GQ@ek=6IV*v[;]Xz|{%v[g?r2qT_S@$ǽWLU@S@< jD@IZbGO])#iN{Zv 1>98ܞsI ԭsRš#TǮ=;т jN}' |o_0 i(=hc랔v?JqZ1R{})psSRҀ8Ҁ y*CzpI?t?Ŏh)N0GN*]'U;zPp~mc~7Ps@ 8?^HuGZ@@J=){K^ !۽<~gc'iw`c@ՄAw_4 #=ƜH~4wdqA"0}S'>FEDgEpWa:{ePgaq&|a[gks֯f5f7K`^:ߐd*'K\$ڬ"=Efj $eP`W.v֬K~C[sX<7M-lu5 yosᷞ}à+|GjssӡޢGhTNpۑ~f9# 8u "6Xf.BB<9AmcQpVw|z*R!I$J=N|X) jWwjN$6^2iQ_9=j'qۭK:|@ 5b+#'ֹWba̬rԞ{#Y Tp50Yi PBDNk&5\dL*v+c}kxĿ`˱w.΅oܶϻ(zҕ-Mnqm*G~χi#~_>=8=x=8S6OJ|6X_rSΡl폓qN}-,J8Uʌ9xB*f;9CHmItǏӱ?tEW(\cq^3p0ꭝs*!ƨ7  }|#3<]E3rp\$@OkgLj l}I=Jε93]emMˣ,NmgV 1#-899 q:Q\y)qYt881ɭr&PS'r߇n*a Ax?_Y2w'?/LcU]IgwG?Ŏ:}>JÂGAkBDR2IӷzD裐Nq9ȧ@w b+W8 d{qS,`9w x+*>Q3?1жzh`X 2Nzc8"6 r?p8U!H8ǩҸIcG0{5pۏ?\K@sD2x9q>mҨaus:ӜcU+m%xsREULq֥b 0wc}}{UHf`Fr Px9*Tmx$v9\]YrKawXpT֪;s3+@P< q*5D@=ӧ*mdnTŜy9Y*9H'R2#9$閬8!I\FKȬ9Zma1=4گ_֓otK Ȉֻ=3I|k·8">}q`R;Z6\m z7YOzg֒^hҌjVlz4+vqZgac`hm>LepA&̠p'E9cWp@`@>ӮO,*l+ӽ5b}~x ޿JF^GsRqޚI';o) mScҌtH*L0ϥ)i8P!j\`?0  )>ӃӑK*8&AbrOҒu<1p{`;AG69ǭ7i?ƌ~0i9QN'+ZB2=}>aJ4qIҁY rqSZghpqߥJ?z@9XgQ=֯21?Jpb+ZD=#W<H>rŭfyQ~I ukV2:źZN0ZaX]K;SVB,ǧܿ'?ҩO\4ː{f mcIb<鍣<~~c~~1o.Jq˷9>4P[7l1=*?^};bQ˟һ ?0 /EUCgI}& TY ö fI4υ^ Jk^+A"T Z>w+$~ f.mE^Ts$YBrƾ_GkFB'\Ot.૛{4u˜s VȟPvq:`.*iCd=R{#f>MO^+$뺬?CiAI$0JiOֲyu4Zw>V!{s9ɮ UBm-MUK2V'8ȯl[M.gSֹkPcs RJ- }FcqOҴce;ֹH|YdwsW2  gRR] %:Jق9Qg+ ۲Kg;]&ѦE#Lq՝m$sr $PuȔ~6ֺx %Εk ˡzcq!/?Jފ;﮿lK[%p =:c1$ ̖c6N;sj$rlV9S4x# >ă r}j.R%H#p;6z!K NJKwHgWvt;ui|¶DDQpRyP3kVh"DF{@d\gpz8Z`XB cd]5M',8nyҷfg[E1(j2€Wy|Z]j>ѹwbI{p*]  H*Wr{ڕsU,]G oqHb%6[wSX`1Ӿq8hDN $ƣj'pGO]s>#0qqq]䐽<098KlRc9Xcq iKa V(EK`IC[D k2mz(8vTd/Lv9 ~9>x#-TUzzX6=O'?C[Rqa #Aӷ U8msr8?JFʨ9GXheldTpzq.@@9zV&KN70 zwb|ar2;zt XSl 99= {ycssܷQԴ8 8I FV?8;Ty w2 S'xs䞼zV bn#ZHt8_1]OБGLh35*̌:8UW `NFEP4=rzn;q4{ʌy8n1>S0 I9_q~T $|܀OP?43\uZ1*>b0?I ʲ#$y':T2#x#<8<ޭIg#9Z=0wcOx7u =zP!`OkySJ F"TV=S\ƛ'OC8Ieoz}Y ^X#M(^#ߵL28S@]Y]xWzye9b;3ǭD>f RGsTb͖`=OүE8Y;θ(G9=V2а x^:@8ndw<*frSzVae4+'=hD/tqq@Uc徧ߦqM,ɑU8'X.8 ;QӹRDU%zt?@a޸=wd۽{pFn pʃ9 qgP `=?4Q*HNO#?Z1݀~)yW; Ҳow=xhY1N3>3dG{֦,yqù:*)ٸUsמ@R\|~<09#q֮|>` :rfU)Qf-;ϧV_$^@3=֬.qzT'\劓BǏL@r?ϭO %z{ӎjt (pɌRާ[>nq1 ?|gՐT%8=OӟJL W̐e'' W#,i$ʗxѸ-ڠlIGĖ2:Ԏ嘥;UpST ֢xm^B*NyZ<0'00ys =zaGkFUVo)]sѐu0|~㦅{H*C_#[+ 8a>ڙ#oqӟO_Qԥ9-%kGYH>ZWtf;e j*_1ZE^:۶ioEs\is(cfx"}8H00d~8_ By`x,F@qpL1u}qF?AॿxO+isy?ટDp9!$zdJ@"b~ȪeO Ǖ>3!_AKd9=OS 2LtzUik<5'ו\~\V=%训k2}6OWHB6Wp:{sN~ #1K=ͳ?௿p_ZLl?ԷsZ`+N%s0wqRX U(GEhG\3\>ఞ $, 2G"s_b3 qSޖsdbHx1֓:gZHRk92=[+w(I?5ʓc0͂99>zzzӷ,dPuS }8kYzwٺ૟˕O` 9cc+Rkӛa/5I ҋtt?iI+IeuFWg~p1>k4.X sҿsuʖ/rF<\c~"ȓKIEZL=8Ҁ?X21_̛f=A sǹ*.Jʼ wcľt[앨NS%PS4ڗfIgH2V0{x(oݞ@:ϷkXJ$P_$r{RPMc#ZA?hOǟ/~[?>2Bq_Ń$^iX1לgLQIJ/ FGOL] R]O-sՓ,iA>0W}O/jЪ7]ıy uo6' NB=r%cNHՅg{85f;Hٸe9Q⭄58ɪݐ9e+?JXE׀珻u m?gl87l=+jkBrd8[òy3nZ>%lrֶV]_ʆ/4Ȓ9Yk{/8kv>Ĭ>VOگN>&GH{!$ u++xW}H,*Y"T wUfHI#'Zv4,o8fU|1]7mSs:_?ǽzN:mg$nֵԉϮVX#ۯ;5ũ;KFi.Wj Znӿ U57qowk.E5'jCeY@>h6j`.W5tk"{W#?~K~Kcx'J3u\A]q}◰>]~jt*c+_cva|Do7G{8n| z>Gܖ#?a>vtiFx[{*ZazW|Mnd2zpGRT0O8{՛go3X$K9ۥ+c] 3\&=jGh QּW\9w8AV\X*U nȯOGa f}Vyg{{H'޻eY/ZA?|'a%n<̌[csאkKMJqמ˽#A"gڸN4}2ݰe\c%t`\^q鬮eݐ@}5r6RfV@ƦMAEOC֬ \e0:ztCYf|~$I?JjE#\F\?(Fq8f;p:ZOtWϭ\3ߚϔ,IFR#l"av i! 8 fT}j&M''ҧҷ@1Ħcq'5j#k0 z}zW;};S ϥ#n H9 2O!^BeH8t#UQF$浈*8@ vǯSD00Fc JPvdn#ޜ $*38'P6__}zpF#?_NSaeLA g'191( cg\&5!6\^N*cqyRd~q)b 'T;hA$v`d߫,r#wݟQ] 79 p>+:~l+m92 .rsn\7۱ǡbѻ $0''N3SNդf NBhֳnvPyYqZ>fP Iŏ={U'O9lAsw9a'XV#qՀc`C`1=}h]F U~]'I˕%rp;1HUNѐ2py$v翭U31u {Zlc?{> 3?7\=}h1 뎼^*mnFH JFvAs0AҀ&]rQyU]?/ WԇPG@9?ΧF`#y=xxM#ӟzNUTuGLg)taq+,o yLg'#ϡhX7[C3d~ʳÄ s׾=*7ӜH}#8@<O?4³0:sߌPwW9`AA]8GOOGz5{x@2͖[}:@̀c`Ҥ;|#׃.iNi; )%py:U$oI>ҥxڥ'Ha*#1#'j#~%XW m0ۂA" f%7'el'hJff㧓^mzW3 Fvz|cfS`sJ=s' 1^i1宠HߚS'.&]CJ2^/$'\9WWB=x.]7UMYmA3ܦpk%sJ[~xyuKk5/̌AUa˛#2Z";æEx<QޯGWتGJӔne Y |k179Quqpk7S;pF1SLDp*[ɸ* ޳n%F>9q ܙ,i7Q Aa2zv+B)oZ$ Oz@AWk&[@kWyUrZIO8a sZɼ<: -:=O[+4DItZϽe<ހzJ(& ПluPYmbR`vȫHɌggScҖTT $ z%RQN=ZX1'qz^ 9ضwg;O=qZR*6 `sZ 40Qŕ:ּ0njdDŊJs^AD@ sTNYsһ/ BŎ-yȮEFLkKd'Fzc1LfUXgG<󊀐 #=@*6pl:~ͱ$\ Fyk[gp ~֥JJ 9?@sˉrsy|RczlAh : n #~w\h2 <צ_ZF\d3ޫ2򳝞sRd0PNI'FG<~t7D_LÎVE+8s15#GܢBHۻi܎>A'GbݺumHqطYP4r>d<9J3@T\dҶHpqBHeY X8$Z%pbGqi,vOoR9(T@1>ǧ=2E$^Ab;2w`oPA϶3n3~Pr*saq 1PCDǮˑ3nN(Gb 3p6<Ƕp?~ve7$` 0qԎ TyWfF+0}qzG/uŻzy>v5Uc⺹SrP\x|ێa\nSqELNԫHA꣡8`Aj\$NAG5E2FؘlwZcfgqbfc1ߨ𦌳f3Qa<pG=8\T@!z n{z9s(\: :Pp2s֦y\.cpGPS b#y5!qVC(U%wx8py皶r8$ag2x0=OqXTF - >8h6܇fϛ$ jVДB73N1EpqU{c#Wv10 q?JgHǿo@)#;vC a8<}?, Pzǵ#*ÒH$H- n`Gn?P ֵ;223F2;ȹ(ʀG~}|{Ri*:yvOo@:nyN=)eeB~c8o0Z-$:=֟99juv1N$N?"?t*hvX)=p *cI< %#?>eUABArq&f dМ}NNpiVPJCrq^t =ӊ:A=pIg9c'" Gps'ڣ)_D.A'fPF:FOjAwsm]TE|4]L-v7U?7Ua6nV>@Fc)ޑK 3AzqAxpzy<X %I98~U$/#95,3 |Ǹ&_GaC@O08?>c~`9n1Z" yԓ o뎽E p[8jó(#}mHh98<,I'\n9M DŽʐA~kW:URVTz+P$*Όۯ^޿}# ֩ۼl pAJzfA<09~J0P@;qҸًE<ۆ 8*=\/) 3F?5 G$~ֈf 8ӎU[F!Q@9R>W2OL؎ F*A=cc^Njv7`aǷ֘@-ڴ`vu?k$>ŲOBqמyVżhbS͑b0 `g<A]˓=sF H6liȠ^y"+psӥaͷrs< r gu=}\@#~r dt}{H7"wc#cGr6*Tcv" vNVA՗!yIQpySX'%^zzAgP śv2y(\'*1Edgߘq#ӭZ 6@Ͽ= R˴ | n^g> Pn3xZ`ZYA_(.2244p ?75HX zx F#' ̣$uoQsŀ@ T!J l>MMlF܁=HyZ Svܩ99U-eژU;=8Wݷ>P{r@ҰTN@ap=9@I `sڮJ8 9U؂y$ gMMFT=F~8ٗ$|x \$lw#lT.!OJ9FWZ33R,xSkp0;sڠ&ҭNr5 7xn}*&+`2zЏhu|RsS?0>T:׷0 zz{z8|ǩ1ץ$R#iLp*9 ?H͝`?D_q׽=18{Ept\eտnS'WVP c#+fWHjZY0bHŎ=?>5 ?҈B>N?Cl%nҰ5h *OA&`n޾_w1xOi[0p[fO[<+2# /m>^qZ<1T&GWxiæ8Cr=94ҟ&gcӜ@\&zof0I= N1֦ ;=NYf1`On߀ZQPwA<zHG#Ozc*!INN֪Kr!!DjFT) Fu{pHC22ILFy8 x=V6\,ӧ䁜{0 x?H[7*ib>q"! S'*'ia֣ 1oF=:c8D A3׃Ϩ>B~OPld y9W߱>/}~ڐ^-M|?&vR:?|Chxgh@?s^^qG/ y}fI!E*s]φخY ]2&a=qTiƒg\Q»`\F&ЕYu>jikRn.Vկ秭sGt!cx^fLqU>uJE zTa3RXG47@@29w#`y,ާv:)E,$`۞jLxW$zzpaM4Bh~0ZB ^D. MM7˰g"- o#h`XnFӑOilFU~b Xm`@wI:}zq,#gv9 qjZvʑdn =k5W4e8DJ&Gy77ÏʲqDʯ:>J c 9#3^tBp+k#u%E]6}? Җd1,rvTr,r<`׎i†pr1>*6b*C 0hG1BET'jgi`N mXڬC(;}s83y9yԩ U'?JsGd.8Xq}_eO.ހ'X 0*99g[ޭ7^zzER9^yXӁ Ex|88;+E&=r>޹}J6?)9$/|gI__'~e,mV˂FOUd,vcH'cêH $}z5-H贲m2 px#=[ 0\G?qYZ\#;O'{qVʐl c=T"LG=zޢAoA@+9'9)e*88#9wHJ!F;s1d#nv9'w=M" Uw&NvׯJd)F SYC=3s֤ GoSW(Wf,OF8OlTLb]Ys*Ԫ>eF28't8AqPэw #fI휏?ưXD#i.>~:]MœJSF3V*H#bH'ғEew'hnI#~%ۮ+"{Ҭ[cvs0:|@k 9V۴AO=iYt~4l!g:𧢃!߂rH3^x#&LtVcc+c׶kI.V;S3Bv:OX(r2U6 >5Q(zNpy5+Idu+8?GEշ$܍ 8.άA1«1w#=#c Ԝ4 0 bORKJ-L}kHY bA<}z5JB0H3fE@ی5pIf;Lsܚp#xh`N9fY n鷷j 'ϨxR+ nFs,JIzg?v9tSv  & RrܒOLo\s yOj ?l"/x'# IZ>{ch Dv'f03NysL]`|3x1㏽*<}ppA=}OrMI̲('u#$9<=P /یzY[ˉyCVX nu9Rl+t ǥKnV8(nsQF2O<$Wl}I

)Tlds}Hۻuppx;F8?Q1ayP3]Pwǡ"b<ߑ1 4>qpQW+@,q7t1؎?c@y|==#8u#!v}pA('a=ii\Cd۷#8L;dn^,QYÀF: gҹ]F(ᙌ`z`q׏`Q7N{Q% beq+q냑Q++eqӦ~&@O<[T$ϯ^,ysy+ xkP'R9PhޤIO~G_Zp. NO8-=jQ +f/ 9;z/$ BKc5ǘR(.V2?(,洺S8|}JIh++X? 6Lck@0G``ʏs4t\LTk1B8ִP9y% z$_hq-qbդiKkuxzl_%?,iYz2PQ~RX)1S4X289 @䜏zvDy =8Zoz}cx-dg烞Zo" qw('<qyV톞yb㫌;XEZ s]+i+-KG)0.p}jXpFۀzұjd0CnR})&fUd8*@Čqӥ[hE a:PDF9;~7McN}?ҎQpA۷a`zgzɖ_$[Y;FpG^OK#GP{U+/ڻrF1C$ojц3(0P 8=2i~@Ucp֯*PeYI89#[6)rF8>?7; BG8<OqL.WovNqTc_$XvR+d'<ۜ3׵y7*%2[`uHʈ! #=1ךŅry1\6ƕ9>zULzyeX$swQkqgy3z֞L8عR_֠| 6 }VΑWBr`=֨ $(;ڻNy' 3N:gE Glr{8?HP<= cl C_PH9Ioe_W79Ğ}+˲\1ppGQ!ل˄npp1\mFc8#=I|]XF \}pGr`eޔ4 N8vmiܬ |]+p}ݸ8Ƕ{\Vfk"@w3XI ネc8]\1˨Np:S6H<`qv=kA>QЁ@$P $1sZQ[7RL19})^*U@^8ϡ#DLxSkDm鑒ՄpHR$};nYK&}ߔey8n:S~]l`%Fqqo jeP ۓm9ߧ=U%B*ns9#+2MV98 Z0 #'w}qZqFw LqF0(a$c38v ¯$u(܆;|Q@**0@$zdz4}1gy1Wx;OnLxIR+g+?#`]=h2n@3&p|A'~Nq>`zV%:c֝h00y9u͹N3mncOxG5o"2>#*2 `h yﲂ(xF@|m;֤yÒ3s~4a9/bMW<+<ǥR݋X zEr'oN(M- ^(erN11YbQ5P1{}\*. 篾?@QϽ j@~`{:4I$a#3YFs!P#je )Fy#Ӿyj$ u8W0 ,su'$|@6xBi nPC| Z|aP^1Pլ-ct"{r3ԁ|TlH<;Yrx$z:H~Q1Iq\d OZPs¶Ӏ1(,; s4NQc:А0ܛ8R9RENZX+O֫ڽ?T):<6}%f1Nz3($68LA=} tQvq `0z瞣=T۷cvJ̪H=O֘0aГ\PYHS%} HpL񓃞7H <"NO#tXU=zyLUIH3HFlqRap z U^7u<;*-rO7^FNq)&]t` 1cOžl8SP/q,x<_LdEI P 60ׂOz3Xڌ{4j:sϡąWz^hˁ|cN-ǫ]SN ۜpxEaOnR\/ngsڬ\2͝\uQn#3'Jd@nggTF 0 xێ0b18w׊#ansϯ(8O|Z_~=#B|qJ %Ò2A<ܜ9=G4PO'(p@!}1= nNLr䁐Aq&nL-_E(]CI WrH$)3i4q T! CR;d+/$?jr pO8@ Y gIOqQ,!$YNAxݪԫa zqUCN2p9#i5r~~̿Ɵ 4HɛQk:y;g}jKy ֿcoK]xMYO4<$`d}TWp[s_}fy}$Onʄm"׷i <~Fԓ{|\QGN s.|@V/o,mww^_IӦ_RzjD)Eκ|y/Ol?{ia)広6CRJ'E%\]G*~5:"zSSsVhRFa\r~\ ɜ%ޤ9 H`OZŒtfiZy 'z{YEffR8ޡ2 $, xW"c5kE9II;#zԊ[›bFr=4r; gǷB90@RHsOʙI #?w9 c<]eWRp$φzU#g^ 31cqӽV|O͌㜌1ڐg^06 8b1X9=:~=kvߵ{ sz 1s8z 3 2(rj7+`OYĘP H:d|8<ހ:8E:p1gnp'oN}9g!ǰp$MAKgsC֠C 1uӌVdpW=p7ghzGNJ単|^vO{;rc'5䳁ԅ޵?`c /}z`| # 9#8=X Λ6X㌌): Δcnx~_^{N9ݞۧj>RJBs}( k%mQ0FFrp9$ju  >%x#NAi@s~#Y $/Չ?w?Yd8=8?ʵ.K!Oq=+6e v$~nA =֫\y2;s ۊXq.=q?<#Ӂ(UAyϡ95 mѐBciO2~MHcW!*s;ғϦ}*cBv9'Ҙ鳃 gcU\9┸TGBO^Td (=sucW'i0Hgr8$v 'zJ>3CQJ'>`A+P~nGzk`|$~eIS܏zyc2 gOoSHX~lpq?՘#*AdR 80A?֘pGP1V6wd;;$l26<~5-yNYq?|xןZ.nvqҹig^sݾE'8lb~aOljlY w;u'=E(ĂF2Xt$zP62np1I8\p0 >Y9brsoʗ9mʤ~PsGms Ԏ,%⁤Fq\a3Y1$pprx$1젞ĞvNq:th/zR`MуuǸjOlGʿ >kCþ?u I&ӏS ~Z~lGr$;6}6CVG[Jvq)qOOzn{T ;䞽^%fmL׎xF- %H+u)6!;׉7״kmI.N2WOS-t: x@qQ_of[n1>{օ"Xqӽamjc N3o-g$d[Lַk3+fgz:ϴ: #? Nd72qޮrTpqve[<`zw_0b!v=u[9vaj[(_=Gz il*f 4FG;鞙xTdPhd޻sRDn݀LV~6:28=rQK9?EdBN{~Q6ZHcp$Ji PHO8dFMy׋E<6`l= #ϥz *BtT|6ksDy@9R%R^I+׼!gipcuL*_B=5 Ηm XYW^B )X"ڌWT4ʻqr8ԓ]&-#>%=cAުD >T҂cؾw}J97;ps3LqᜁW=ڥ!ng`qRx6.q:x׭lYէQ=Ҩ\2@$v c=]bÁ`u$瞂n|'<~l8d1Ÿ|=9^DtQ(8= $DL7@WшcӮx&4qH6^K{(V?tI#SZ:/Nr޸皧dURvsY(`1;*JCr ۚ܇ikN'TɂW$Ll(#ELl .on@= PEXzF?h&@P|)_'S/B8ާ$oB&l rG˟ށܲ H9'v>0PI/8͌}xw|xrF1; q`29n*0Y_#+`OJ ̭[ '[)077>m\F>QFsX*NFNZ`1;I2A<h(Y38gz7YF=O= im.3Ɗ{n1>(q]ĠaWǶ2?ɔ =^QL&Žc":*{VM"KTAjBF^ܧ{zfw/,IO H 1O_zo//\t OP7;="ReqwGl{gޮ!a `{ީ[wg޴d|FU!x zSSg:5w8`@<O9ڢg8?0'׸xǥ f xNO&ecAx`җq;mǐX`o4w_JLձjdlcY8 ^+T6vzL{zUY\Pdܒx@=:uV`9$4鴕*ArA'8sRn@ pxEErNz +.7=r??Δr~1ʬ 8nXcPȸ ^5C4l8>Nh%C=b;j{F3pJ~vnO s玴(>U*QNz~d6Iwz?Y@N#zwLAe'Nzvv\cҤ'9aS .֝B\vB* 6ݩ\Xw\`dFTc?_)-iTǷrzqȮ:}sq\G93Qi0I#88=km@$gVV30䑜q{VҤ!PH<=:ՈN*7O9V` 2zgNHc$sǠjP@=qtPd6H<\:ԡ9d6N9#QNx?is0\O=:<}j,&V{ =sJx$`\6A =s߁MX>SзRE ۆpI>L d;g\zvgui^HSLfwe{ a-吀9R@r=sx! NqOΫ)EJ2`znkX t̏Â[e$ H8%a mo1sgnz!n`у;WA!`;? u;K0zc<~UBq=MßO, r:0Q@{S۲`7cjlju0_,p q.\pOl?y3_񾙥;l`zU\4=VzG_%X_*cc֢t T #{|5ɦ"Efғ{3Ԑ*޴ܓuua#)V,P=k7hG(tƑIpvI >P}*ֹ=v5T[?cV iNsA&¾b Tc`ﻜp>r,; Asr# aO8G^wop^" =< V=xUAo81V傹 1'~Qښw' sG-*y1a;zLd0c+<_5ִбܰ (#TuՖӎ3ĩ$6'ftg|X0nSGyeKeߘ^ˣ#JJ5C0 7 $VT\q 9d%1c 0xǯjw 9{>׋le qY3[S!O=*)6);F3\t8sI רd|aqe &6ugF*/drP:R@8==A/ČReWb͟OoC׷^MČobW׿=J#Hoc IaF34B֩9v[3 AV+8קҺ)w$b%I!=Y@Ed=TFmn 23q8*FΧ8z˸x3z&p˓q] (HےOr=+R[r1j$]q2w tklgsb{7I`rGN}ues>V'Wk#jHCr g*`s w$0{,U`cy>>\RVB ހIB챧 y՝ͱF:=:~ @1ҁ܅F>c9MsН;'C78=jRNь~j^zig{mqeqӓOQȠ =j7~TsR\;M( %z=)4@0ay zFw0qҘcepvz?JUjrN=:t ˜tsPˆ϶>~u3 1a~'LGw*)lu2hIZ9>\p$7?ҚQtI'cMullu ُ'sP ש)93p۔qٿoK$zvȣ$ {> } =O*[}ўÁӶ{#A!|3ד=}2>zR6 ;uޕm$F;`׸<vgOhƒy?˿BJ 3ZMR9F9֐s$=< I'9>:zJ9m®s^^?:޽ N“{ t7nǺt5,α.8.VL9o="-W';xpj񁓟9 #d.#gԮW#US8)ev { fxd\*pJWO9<}+  $=953|q'֋'U9'F3cq :R#32TWZ"g$Ǯx?j "DB8GJ{R3,ĕP9=ǧRȬ݌ N:@*ps5!2͍8#|t*w)܀Ҭ?ez As֝RF8=3AB K ?N) ex)W'{֤g84\a 8}zҰTmFђy8}Joi8{ S!4a?0a?{ 00pϡʍ3r d䞜jq#xTXeF|8!H$:=Zw`8˟?ځ[ wyq1jҢyĜלw=15ry昦P :W|ozVa3P]%3u OZ>l." o^Q8C .ԧ&:nme9FG9#ھԚHU$9n0O9|2sY{кAFGs^RkX;d^ CǧNƾ3G>!ZzmN2׾3\mrwm^Ztˑʤc$uϿj{Ʋj0S' 9"WLQ6f N~fOJ+Ffc!z*,!8Sc#.I#?H@;TGz ƪIlz3:ߟ-y?w_[mXTNY/` g=A+/Yz1lZHo-V/_ճc^fu_εm}ƻYi+HHҺ>=+dggq> cl~R̫ncY#?7ׁ^$YO'uoU3BOECZgA r q+mDHryr3yVWC?df d:Pdz[3'`G89ϩoO4ǣO3$j|s:qyX*1qk/mBHYFSyV=!cA5r_M n:9zWc9\ˎ]}?O\~5f7|2Y 7N3ץt\HW2  ϭs~t#[?O`K =y<`~5$qC?ǚɃgkH C-ľsID-N=}&]Pp:__#jt# ѐ0[ay&L9#S|uʩ[bN𽳓j$0@NTm_ /300>^N*]d*}O Z X7}0jENqns=YMi"®Q@8~RW^ 1fۿ>0oV`=OO'`@eo,>mʡZ?3  ӷ<, 1 `/5/A4E cRٻ9?O7Y>dP;~IcfPNxIW?Fq,اy8Yryi! ?AC(;׹b Tp1˞U?\Z uf?.VNO=8OUVJ]3=j28̧  c}GYb]QN@>$y8@3L4T1?_f9C?wv?#J 2_SqQ\Eݦ'?_hU/ڝA;zcqvo+x{"EEnh9\q01uj?u_?:T*UAE/ۯ SgԭhۻߑlS!H#Jkt/bT: 5~mĞ9|zT5#VP-'֐lc=1ۂjI~_O܏4 ªR_瓏j2w''nOӃGGȿ{)i#5%yV+vZ/HZTr˹HTx qIi:_ Lm'8A8WJJG WA=+_YZmy NF7sډW8;G=q>XOG+2D_`d}y(ݻ:CM}?jU_jۺq#s?Z;I*mHV[Nsd.ZGUүoOQk*'׽x_^ACPAN-Audit-20240215.001/images/briandfoypoboxcom-gpg-key-selfie.jpeg.gpg0000644000076500000240000000150114563561422024244 0ustar brianstaff-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEhn1TsI5DPfQBoG70mpwP5/ZIdr8FAmK6Jr4ACgkQmpwP5/ZI dr9Sgw//bv/PWvriREjEDs9ZXL6V7i8nWKkLRGFn430woPLqqrKvaWCWSsDX+zP0 R5FToIUyybZY3ro8Abw3FsjDyBV7Ifc8T00s7Ko4AYA1wH6HyIjkaiiwsWbpHhGf U+Usi9MEu5syk3cvodtbPWr+SuC2FvYoffxG1pPhVqgnL0yJabZXVixxBw86h/SR g4ztHwHSzgVH6xHNciN1eyAFtnzyf7SyVPIxIqkwIHqORNww9CZOT9WxGEsEBNAY q5CLqD8mp0hP5Sq0hvpy+ZMOCZ5zg3HbfTSEyWqT/UDVjuD2tYHKsLWZSXrYaKHY OCngj3KIM7VWbE3ox2+h54NLrzUOT+eTGJcUpb4A+w9h90VSk8KIsOgtqy7XQeAS JDLrG7w7sDsCELJzzZ5l+rfgOuuOq2PHT6nCZmPHu29Gdy8r5LMdb8/ATWn1AkWq T9nvUvTKhJ5+yZrCAvNuYUYJrEs+QivvVLNf+ZWiYw40v1ahOMdgNiF66vN6ioAY yQTsd2t7aiwfzgbAZv1LBLYtAUl0/p67C09hHITEs8oooqT5PKlnXq8IJZlNoPyf IAbEHxY3Hzbmist6wvbA9UVn4tqFfy4y6vTH/NONWSxUYdcUQtdVbjlo/TuHFu8q e/vZajPtDVNRLqh6phGC7V6f3qCwfkg9A/P//nPtmNNh/ZBAX6g= =XQ9B -----END PGP SIGNATURE----- CPAN-Audit-20240215.001/images/bdfoycpanorg-gpg-key-selfie.jpeg.gpg0000644000076500000240000000150114563561422023175 0ustar brianstaff-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEdaq0LLoNfzfw1oht+D+NXoeLYEEFAmK6JtsACgkQ+D+NXoeL YEEl8w/9EPo1UEPYB7cHhxAnAx9tP8Efui+6ZavTyx74fKXc3cT9xBwD92K5zKaJ kenTzqvYFLSANN/unNZ7tzS0BxR3fTI5S85fP13qSuM6FwEpw/eeF4nfh0Fp1KvM sZ1ht4vVgwjPWuPz2r3MuxhLeA2btIKWe0VGjgRoFtmAvakJHL1hK3P+8OqIcLKM s6/Sq8mDM2vj817okNpm2lmUOgia8Q90KDTHwCeSdSbVQgnz5f7M9UiyXTSvd7EE LxRhnoPbixZL9PyvXKdBu2E/jdv0fV8CtsUXhOlyxgtHb8PnNhrrwW1zC78dbf7G +Oz2PMfJtTXgc6sv25PFHN/Smk2hxDYTFYQ5JsAg3rMYBVCV7pc7C3f/wBQVdxti c1I62Be+1ZuPMFtPe8VqDaFEwuVFVGiXzxJJAMPgOYIEcSiHtMdywpNzRpgOJ34a JG+tILREi9C8zV621LgyfsaywiPA97x17/deEQZbjWvjat4xfhB29XJRQIA6dREg BIUVwINV2TAPTFTp4WS05zsIRz+tl+ySKeq/vUdwpxAeKRp8SpNIT+bDleSfHb7n DEdXMtjhRiT8cLVTuMK2uJ4jOJER+7+JNt1WMqlXuJu/eBAnnNMtq9BGeYzNHCK9 9QGmmIqcV1mfhnpkF/V1WjITTp/eyZJfPWAk6D1zsYrfLsCuJg8= =0pLH -----END PGP SIGNATURE----- CPAN-Audit-20240215.001/Changes0000644000076500000240000001760514563561422014331 0ustar brianstaffRevision history for Perl extension CPAN-Audit 20240215.001 2024-02-16T04:10:22Z * data update for 2024-02-15 * add --exit-zero option to always exit with unix true even if there are advisories (#57 from Mario Minati) 20240209.001 2024-02-10T06:44:21Z * Fix docs for the --fresh option (mariominati22, #56) 20240117.001 2024-01-17T18:00:26Z * Update for Spreadsheet::ParseXLSX XXE bug. (GitHub #134) 20240110.002 2024-01-10T21:33:57Z * data update for 2024-01-10 * A CVE was assigned for Spreadsheet::Parse::XLSX, so a report was updated (briandfoy/cpan-security-advisory#131) 20240110.001 2024-01-10T16:22:34Z * Data update for 2024-01-10 20240103.002 2024-01-04T02:55:45Z * Update database (#55) 20240103.001 2024-01-03T18:23:43Z * Database update for 2024-01-03 20231226.001 2023-12-26T12:58:18Z Data update for 2023-12-26 20231129.001 2023-11-29T20:14:52Z * Update for 2023-11-29. This includes the CVE-2023-47038 and CVE-2023-47039, both on perl. 20230826.001 2023-08-26T08:48:19Z * Update for CVE-2022-48522 (perl) 20230709.001 2023-07-09T23:24:24Z * Renée Bäcker added 'queried_module' to the JSON output so yoou can tie what you asked about to the distribution the report gave you. GitHub #50. 20230601.002 2023-06-02T15:43:55Z * Fix a problem that masked some reports from Mojolicious * Fixed a report for PGObject::Util::DBAdmin that used the wrong namespace * Moved MojoX::Dispatch::Static report to Mojolicious * Data update for 2023-06-02 20230601.001 2023-06-02T01:21:17Z * Database update up to 2023-06-01 * Many improvements to util/generate from the Perl Toolchain Summit and garu 20230309.004 2023-03-09T12:01:45Z * Fix the GPG signature 20230309.003 2023-03-09T11:52:21Z * Fix the GPG signature 20230309.002 2023-03-09T10:13:33Z * Data cleansing for HTTP::Daemon and App::cpanminus. Thanks to Salve Nilsen and Robert Rothenberg. 20230309.001 2023-03-09T06:44:23Z * Make the 'dist' option do the same thing as 'release', from Salve Nilsen. * No updates to the database 20230308.001 2023-03-08T23:49:32Z * Latest database with some new reports and some fixes to existing reports. Thanks to Salve Nilsen, Robert Rothenberg, and others for the updates. 20230205.001 2023-02-05T14:20:15Z * fix test that checks for exit value of advisory count. Max is now 126 so we don't bump into 127. 20230202.003 2023-02-03T02:48:17Z * Advisories for Apache-Session-Browseable and Apache-Session-LDAP 20230125.002 2023-01-26T00:55:49Z * fixes a test and a missing method. The previous 202301* releases are no good. 20230125.001_002 2023-01-25T19:18:38Z * Github #34 - missing message() method (Robert Rothenberg) 20230125.001_001 2023-01-25T18:03:16Z * Fix json testing bug (Robert Rothenberg, #35) * no updates to DB 20230104.001 2023-01-24T19:56:41Z * January update 20230104.001 2023-01-04T20:58:18Z * Add --json to get output in JSON (Renée Bäcker, #24) * Updated for latest advisories 20220817.001 2022-08-18T22:27:26Z * Added the --exclude-file option to cpan-audit (Graham TerMarsch) * No database updates just yet as we straighten out some things in cpan-security-advisory 20220729.001 2022-07-29T06:29:54Z * Added feature to exclude reports, mostly for those persistent vulnerabilities, such as File::Temp, that won't go away. * Added a freshness check. You can check if your database is old. * There's no database update in this release. That's coming soon. 20220713.001_001 2022-07-15T16:38:39Z * Try out a way to exclude some reports (say, like File::Temp) from Graham TerMarsch (Github #5). This feature might change. * No database updates in this release. 20220708.001 2022-07-08T08:51:14Z * Many more reports (thanks to Robert Rothenberg) 20220705.001 2022-07-05T16:44:45Z * check for simple "freshness" of DB with `cpan-audit -f` * weekly update for the data - too many additions to list (thanks to Robert Rothenberg) 20220629.003 2022-06-29T17:56:53Z * This is the same as the last release, where I forgot to update the version in CPAN::Audit to match that in CPAN::Audit::DB. 20220627.003 2022-06-29T15:44:34Z * Updates for CPANSA-App-revealup, Mozilla-CA, Plack-Middleware-StaticShared, and CPANSA-Socket (Robert Rothenberg) * Starting to track which problems are embedded, non-Perl libraries (Robert Rothenberg) * The lib/CPAN/Audit/DB.pm file is now GPG-signed, although we don't do anything with that just yet. See GPG_README.md. * There are several discussions on GitHub where people can note their preferences on future development. 20220625.001 2022-06-25T19:44:05Z * Updates to File::Slurp and JavaScript::Duktape(::XS)? * New reports for Crypt 20220624.001 2022-06-25T00:35:07Z * reports for JavaScript-Duktape-XS, File-Slurp, RPC-XML, CBOX-XS, IPC-Run, XML-Simple, Sys-Syslog, WWW-Mechanize, LWP, Imager, GD, CryptX, Mojolicious, all from Robert Rothenberg. 20220622.002 2022-06-22T23:33:43Z * I put the docs in the wrong file! 20220622.001 2022-06-22T20:59:18Z * Advisories for Plack, DBD::SQLite from Robert Rothenberg * Refactored and documented util/generated - can now output JSON, although that probably isn't useful yet 20220620.001 2022-06-21T03:14:25Z * Add CVE-2020-8927 for IO-Compress-Brotli (Robert Rothenberg) briandfoy/cpan-security-advisory#18 * Fix to perl versions so they don't appear as if they are in the future (#4) 20220613.001 2022-06-13T18:10:47Z * Fix DB for Perl versions by specify all versions as semantic versions (noted by Robert Rothenberg) 20220611 2022-06-12T22:58:50Z * Use GNU tar instead of bsdtar. Upgrading macOS apparently breaks the established way of avoiding weird Mac tarballs. * Added a couple of ancient security reports to CPANSA. 20220608 2022-06-08T15:08:53Z * Update for the latest CVEs * Now also tracks CVEs in perl too * now maintained by brian d foy 0.15 2019-03-09T09:47:36Z - regenerate database fixing Plack-Middleware-Session distribution name 0.14 2019-01-26T10:23:21Z [ADVISORIES] CPANSA-Dancer2 CPANSA-HTTP-Session2 CPANSA-Plack-Middleware-Session-Cookie 0.13 2018-11-22T20:38:09Z - --no-corelist option by MCRayRay - test fixes 0.12 2018-11-11T19:43:25Z - require Module::CoreList latest version 0.11 2018-11-11T18:57:53Z - check core modules by James Raspass 0.10 2018-11-07T20:17:30Z - --quiet option - small refactoring - require the latest version of Pod::Usage 0.09 2018-11-05T21:17:35Z - do not hide db from pause (#7) 0.08 2018-10-17T18:10:41Z [ADVISORIES] - CPANSA-Net-DNS - CPANSA-PAR - CPANSA-PAR-Packer - CPANSA-RT-Authen-ExternalAuth - CPANSA-Tk - CPANSA-UI-Dialog (updated) - CPANSA-XML-LibXML 0.07 2018-10-16T21:37:20Z - test fixes 0.06 2018-10-16T19:19:22Z - use name instead of fullname - fix installed modules discovery 0.05 2018-10-15T19:36:39Z [ADVISORIES] - CPANSA-MHonArc - CPANSA-Module-Signature - CPANSA-libapreq2 - CPANSA-mod_perl - CPANSA-Compress-Raw-Bzip2 - CPANSA-Compress-Raw-Zlib [IMPROVEMENTS] - kritika.io and metacpan badges 0.04 2018-10-14T10:56:27Z [FEATURES] - install command accepts path to installations [IMPROVEMENTS] - get rid of Carton dependency - more test coverage - CI integrations - perl 5.8 compat 0.03 2018-10-13T12:59:36Z [ADVISORIES] - CPANSA-App-Github-Email - CPANSA-Crypt-OpenSSL-DSA - CPANSA-Crypt-Passwd-XS - CPANSA-DBD-MariaDB - CPANSA-Dancer - CPANSA-Data-Dumper - CPANSA-Email-Address - CPANSA-Encode - CPANSA-ExtUtils-MakeMaker - CPANSA-FCGI - CPANSA-Fake-Encode - CPANSA-Fake-Our - CPANSA-File-DataClass - CPANSA-File-Path - CPANSA-HTTP-Tiny - CPANSA-Imager - CPANSA-PathTools [FEATURES] - new installed command to audit all installed modules - cpan.snapshot support by Takumi Akiyama (github.com/akiym) 0.02 2018-10-09T08:24:36Z - support perl 5.8 0.01 2018-10-08T06:39:07Z - original version CPAN-Audit-20240215.001/MANIFEST0000644000076500000240000000214614563561460014163 0ustar brianstaffChanges CONTRIBUTING.md cpanfile GPG_README.md images/bdfoycpanorg-gpg-key-selfie.jpeg.gpg images/briandfoy-gpg-key-selfie.jpeg images/briandfoypoboxcom-gpg-key-selfie.jpeg.gpg lib/CPAN/Audit.pm lib/CPAN/Audit/DB.pm lib/CPAN/Audit/DB.pm.gpg lib/CPAN/Audit/Discover.pm lib/CPAN/Audit/Discover/Cpanfile.pm lib/CPAN/Audit/Discover/CpanfileSnapshot.pm lib/CPAN/Audit/Filter.pm lib/CPAN/Audit/FreshnessCheck.pm lib/CPAN/Audit/Installed.pm lib/CPAN/Audit/Query.pm lib/CPAN/Audit/Version.pm LICENSE Makefile.PL MANIFEST This list of files MANIFEST.SKIP META.json README.md script/cpan-audit t/cli.t t/cli/deps.t t/cli/installed.t t/cli/module.t t/cli/modules.t t/cli/release.t t/cli/show.t t/data/carton/cpanfile.snapshot t/data/cpanfiles/cpanfile t/data/excludes t/data/installed/perl5/lib/perl5/Catalyst.pm t/data/modules_excludes t/data/queried_modules/cpanfile t/discover/cpanfile.t t/discover/cpanfile_snapshot.t t/excludes.t t/installed.t t/json.t t/lib/TestCommand.pm t/queried_modules.t t/query.t t/test_manifest t/version.t util/generate META.yml Module YAML meta-data (added by MakeMaker) CPAN-Audit-20240215.001/t/0000755000076500000240000000000014563561457013300 5ustar brianstaffCPAN-Audit-20240215.001/t/discover/0000755000076500000240000000000014563561457015116 5ustar brianstaffCPAN-Audit-20240215.001/t/discover/cpanfile.t0000644000076500000240000000056614563561422017063 0ustar brianstaffuse strict; use warnings; use Test::More; use CPAN::Audit::Discover::Cpanfile; subtest 'discover' => sub { my @deps = _build()->discover('t/data/cpanfiles/cpanfile'); is_deeply \@deps, [ { 'module' => 'Catalyst', 'version' => '5' }, ]; }; done_testing; sub _build { CPAN::Audit::Discover::Cpanfile->new(@_) } CPAN-Audit-20240215.001/t/discover/cpanfile_snapshot.t0000644000076500000240000000100014563561422020762 0ustar brianstaffuse strict; use warnings; use Test::More; use CPAN::Audit::Discover::CpanfileSnapshot; subtest 'discover' => sub { my @deps = _build()->discover('t/data/carton/cpanfile.snapshot'); is_deeply \@deps, [ { 'dist' => 'Apache-LogFormat-Compiler', 'version' => '0.35' }, { 'version' => '1.32', 'dist' => 'Class-Inspector' } ]; }; done_testing; sub _build { CPAN::Audit::Discover::CpanfileSnapshot->new(@_) } CPAN-Audit-20240215.001/t/version.t0000644000076500000240000000344214563561422015145 0ustar brianstaffuse strict; use warnings; use Test::More; use CPAN::Audit::Version; subtest 'in_range' => sub { my $checker = _build(); ok( !$checker->in_range() ); ok( !$checker->in_range('1.2') ); ok( !$checker->in_range( 'abc', 'def' ) ); ok( !$checker->in_range( 'abc', '1.2' ) ); ok( !$checker->in_range( '1.2', 'def' ) ); ok( !$checker->in_range( '1.2', '^1.2' ) ); ok( $checker->in_range( '1.2', '' ) ); ok( $checker->in_range( '1.2', '0' ) ); ok( $checker->in_range( '1.2', '1.1' ) ); ok( $checker->in_range( '1.2', '1.2' ) ); ok( !$checker->in_range( '1.2', '1.5' ) ); ok( $checker->in_range( '1.0', '<=1.1' ) ); ok( $checker->in_range( '1.1', '<=1.1' ) ); ok( !$checker->in_range( '1.2', '<=1.1' ) ); ok( $checker->in_range( '1.0', '<1.1' ) ); ok( !$checker->in_range( '1.1', '<1.1' ) ); ok( !$checker->in_range( '1.2', '<1.1' ) ); ok( !$checker->in_range( '1.0', '>=1.1' ) ); ok( $checker->in_range( '1.1', '>=1.1' ) ); ok( $checker->in_range( '1.2', '>=1.1' ) ); ok( $checker->in_range( '1.2', '>1.1' ) ); ok( !$checker->in_range( '1.1', '>1.1' ) ); ok( !$checker->in_range( '1.0', '>1.1' ) ); ok( $checker->in_range( '1.0', '==1.0' ) ); ok( !$checker->in_range( '1.0', '==1.1' ) ); ok( $checker->in_range( '1.0', '!=1.1' ) ); ok( !$checker->in_range( '1.0', '!=1.0' ) ); ok( $checker->in_range( '5', '>= 1.1, < 6' ) ); ok( !$checker->in_range( '5', '>= 1.1, < 4' ) ); }; subtest 'affected_versions' => sub { my $checker = _build(); is_deeply( [ $checker->affected_versions( [ '1.2', '1.3', '2.0' ], '>= 1.2, <= 1.5' ) ], [ '1.2', '1.3' ] ); }; done_testing; sub _build { CPAN::Audit::Version->new } CPAN-Audit-20240215.001/t/query.t0000644000076500000240000000246414563561422014630 0ustar brianstaffuse strict; use warnings; use Test::More; use CPAN::Audit::Query; subtest 'advisories_for' => sub { my $query = _build( db => { dists => { Foo => { advisories => [ { id => 'SA-1', package => 'Foo', affected_versions => '<1.1' }, { id => 'SA-2', package => 'Foo', affected_versions => '<1.2' }, ], versions => [ { version => '0.9' }, { version => '1.1' }, { version => '1.2' }, { version => '1.3' } ] }, } } ); is_deeply [ $query->advisories_for('Unknown') ], []; is scalar $query->advisories_for('Foo'), 2; is scalar $query->advisories_for( 'Foo', '1.1' ), 1; is_deeply [ $query->advisories_for( 'Foo', '1.3' ) ], []; is_deeply [ $query->advisories_for( 'Foo', '5' ) ], []; }; done_testing; sub _build { CPAN::Audit::Query->new(@_) } CPAN-Audit-20240215.001/t/cli/0000755000076500000240000000000014563561457014047 5ustar brianstaffCPAN-Audit-20240215.001/t/cli/deps.t0000644000076500000240000000073714563561422015166 0ustar brianstaffuse strict; use warnings; use lib 't/lib'; use Test::More; use TestCommand; # exclude CVE-2011-4116 explicitly. It's a known issue in File::Temp wrt symlinks. # It should be safe to use the module the way we use it though. subtest 'command: deps' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command('deps', '.', '--exclude', 'CVE-2011-4116'); like $stderr, qr/Discovered \d+ dependencies/; is "$stdout", ''; is $exit, 0; }; done_testing; CPAN-Audit-20240215.001/t/cli/release.t0000644000076500000240000000262714563561422015653 0ustar brianstaffuse strict; use warnings; use lib 't/lib'; use Test::More; use TestCommand; subtest 'command: release' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'release', 'CPAN' ); like $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: release, with excluded result' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'release', 'CPAN', '--exclude' => 'CPANSA-CPAN-2009-01' ); unlike $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: module, with excluded results from file' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'release', 'CPAN', '--exclude-file' => 't/data/excludes' ); unlike $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: unknown release' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'release', 'Unknown' ); like $stderr, qr/Distribution 'Unknown' is not in database/; is $stdout, ''; isnt $exit, 0; }; subtest 'command: invalid invocation' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'release' ); like $stderr, qr/Error: Usage: /; is $stdout, ''; isnt $exit, 0; }; done_testing; CPAN-Audit-20240215.001/t/cli/modules.t0000644000076500000240000000543714563561422015705 0ustar brianstaffuse strict; use warnings; use lib 't/lib'; use Test::More; use TestCommand; subtest 'command: modules' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'modules', 'CPAN' ); like $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: modules with two modules' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'modules', 'CPAN', 'Mojolicious;>8.40,<9.20' ); like $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; like $stdout, qr/CPANSA-Mojolicious-2022-03/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: modules, with excluded result' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'modules', 'CPAN', 'Mojolicious;>8.40,<9.20','--exclude' => 'CPANSA-CPAN-2009-01', '--exclude' => 'CPANSA-Mojolicious-2022-03' ); unlike $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; unlike $stdout, qr/CPANSA-Mojolicious-2022-03/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: modules, with excluded results from file' => sub { my $file = 't/data/modules_excludes'; ok( -e $file, 'File that should be there is there' ); my ( $stdout, $stderr, $exit ) = TestCommand->command( 'modules', 'CPAN', 'Mojolicious;>8.40,<9.20', '--exclude-file' => $file ); unlike $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; unlike $stdout, qr/CPANSA-Mojolicious-2022-03/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: modules, with excluded results from non-existent file' => sub { my $file = 't/data/not-there'; ok( ! -e $file, 'File that should not exist is not there' ); my ( $stdout, $stderr, $exit ) = TestCommand->command( 'modules', 'CPAN', 'Mojolicious;>8.40,<9.20', '--exclude-file' => $file ); like $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; like $stdout, qr/CPANSA-Mojolicious-2022-03/; like $stderr, qr/unable to open exclude_file/; }; subtest 'command: unknown modules' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'modules', 'Unknown' ); like $stderr, qr/Module 'Unknown' is not in database/; is $stdout, ''; }; subtest 'command: unknown modules (mixed)' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'modules', 'CPAN', 'Unknown' ); like $stderr, qr/Module 'Unknown' is not in database/; like $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; }; subtest 'command: invalid invocation' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'modules' ); is $stdout, ''; like $stderr, qr/Error: Usage: /; isnt $exit, 0; }; done_testing; CPAN-Audit-20240215.001/t/cli/show.t0000644000076500000240000000137314563561422015210 0ustar brianstaffuse strict; use warnings; use lib 't/lib'; use Test::More; use TestCommand; subtest 'command: show' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'show', 'CPANSA-Catalyst-Runtime-2013-01' ); like $stdout, qr/CPANSA-Catalyst-Runtime-2013-01/; is $stderr, ''; is $exit, 0; }; subtest 'command: show unknown advisory' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'show', 'CPANSA-UNKNOWN' ); is $stdout, ''; like $stderr, qr/Invalid advisory id/; isnt $exit, 0; }; subtest 'command: show invalid invocation' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command('show'); is $stdout, ''; like $stderr, qr/Error: Usage:/; isnt $exit, 0; }; done_testing; CPAN-Audit-20240215.001/t/cli/installed.t0000644000076500000240000000047114563561422016205 0ustar brianstaffuse strict; use warnings; use lib 't/lib'; use Test::More; use TestCommand; subtest 'command: installed' => sub { my( $stdout, $stderr, $exit ) = TestCommand->command( 'installed', 'lib' ); like $stderr, qr/Collecting all installed modules/; is $stdout, ''; is $exit, 0; }; done_testing; CPAN-Audit-20240215.001/t/cli/module.t0000644000076500000240000000365614563561422015523 0ustar brianstaffuse strict; use warnings; use lib 't/lib'; use Test::More; use TestCommand; subtest 'command: module' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'module', 'CPAN' ); like $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: module, with excluded result' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'module', 'CPAN', '--exclude' => 'CPANSA-CPAN-2009-01' ); unlike $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: module, with excluded results from file' => sub { my $file = 't/data/excludes'; ok( -e $file, 'File that should be there is there' ); my ( $stdout, $stderr, $exit ) = TestCommand->command( 'module', 'CPAN', '--exclude-file' => $file ); unlike $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; is $stderr, ''; isnt $exit, 0; }; subtest 'command: module, with excluded results from non-existent file' => sub { my $file = 't/data/not-there'; ok( ! -e $file, 'File that should not exist is not there' ); my ( $stdout, $stderr, $exit ) = TestCommand->command( 'module', 'CPAN', '--exclude-file' => $file ); like $stdout, qr/CPANSA-CPAN-2009-01/; like $stdout, qr/CPANSA-CPAN-2020-16156/; like $stderr, qr/unable to open exclude_file/; isnt $exit, 0; }; use Data::Dumper; subtest 'command: unknown module' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'module', 'Unknown' ); like $stderr, qr/Module 'Unknown' is not in database/; is $stdout, ''; isnt $exit, 0; }; subtest 'command: invalid invocation' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command( 'module' ); is $stdout, ''; like $stderr, qr/Error: Usage: /; isnt $exit, 0; }; done_testing; CPAN-Audit-20240215.001/t/cli.t0000644000076500000240000000307314563561422014227 0ustar brianstaffuse strict; use warnings; use lib 't/lib'; use Test::More; use TestCommand; subtest 'help is printed' => sub { my @args = ( [], [qw(--help)] ); foreach my $args ( @args ) { subtest "help is printed with <@$args>" => sub { local $ENV{PERL5OPTS} = do { no warnings; "-w $ENV{PERL5OPTS}" }; my ( $stdout, $stderr, $exit ) = TestCommand->command(@$args); is $stdout, ''; like $stderr, qr/Usage:.*cpan-audit/ms; unlike $stderr, qr/^Argument "main" isn't numeric/m; # GitHub #41 is $exit, 2; }; } }; subtest 'version is printed' => sub { local $ENV{PERL5OPTS} = do { no warnings; "-w $ENV{PERL5OPTS}" }; my ( $stdout, $stderr, $exit ) = TestCommand->command('--version'); like $stdout, qr/cpan-audit version \d+\.\d+/; unlike $stderr, qr/^Argument "main" isn't numeric/m; # GitHub #41 is $exit, 0; }; subtest 'Github #34 - no message method' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command('installed', '--verbose'); # should exit with 64 + N, where N is the number of advisories. # there shouldn't be that many. It certainly shouldn't exit with # 255. ok( $exit >= 64 && $exit <= 126, 'installed --verbose does not have a run time fatal error' ) or diag( "exit value was <$exit>" ); }; subtest 'exit-zero option sets exitvalue to 0' => sub { my ( $stdout, $stderr, $exit ) = TestCommand->command('installed', '--exit-zero'); # should exit with 0. ok( $exit == 0, 'installed --exit-zero exits with a normal exit value (0)' ) or diag( "exit value was <$exit>" ); }; done_testing; CPAN-Audit-20240215.001/t/json.t0000644000076500000240000000505714563561422014435 0ustar brianstaffuse strict; use warnings; use lib 'lib', 't/lib'; use Capture::Tiny qw(capture); use JSON; use Test::More; my $class = "CPAN::Audit"; subtest 'setup' => sub { use_ok( $class ) or BAIL_OUT( "$class did not compile: $@" ); }; subtest 'json, corelist' => sub { my( $stdout, $stderr, $exit ) = capture { system( $^X, '-Ilib', 'script/cpan-audit', '--json', 'deps', 't/data/cpanfiles' ); }; unlike $stdout, qr/Discovered \d+/; is $stderr, ''; my $result_hash = JSON::decode_json( $stdout ); isa_ok( $result_hash, ref {} ); isa_ok( $result_hash->{meta}, ref {} ); ok( $result_hash->{meta}{total_advisories} >= 1, "found one or more advisories" ); }; subtest 'json, no corelist' => sub { my( $stdout, $stderr, $exit ) = capture { system( $^X, '-Ilib', 'script/cpan-audit', '--json', '--no-corelist', 'deps', 't/data/cpanfiles' ); }; unlike $stdout, qr/Discovered \d+/; is $stderr, ''; my $result_hash = JSON::decode_json( $stdout ); isa_ok( $result_hash, ref {} ); isa_ok( $result_hash->{meta}, ref {} ); is( $result_hash->{meta}{total_advisories}, 1, "found exactly one advisory" ); }; done_testing; BEGIN { use CPAN::Audit::DB; no warnings 'redefine'; sub CPAN::Audit::DB::db { my $db = { 'dists' => { 'Catalyst-Runtime' => { 'advisories' => [ { 'affected_versions' => '<5.90020', 'cves' => [], 'description' => 'A sample advisory for a test', 'distribution' => 'Catalyst-Runtime', 'fixed_versions' => '>=5.90020', 'id' => 'CPANSATest-Catalyst-Runtime-2013-01', 'references' => [ ], 'reported' => '2013-01-23' }, ], 'main_module' => 'Catalyst::Runtime', 'versions' => [ { 'date' => '2021-01-01T18:10:00', 'version' => '5.00', }, { 'date' => '2022-01-01T18:10:00', 'version' => '5.70', }, ], }, }, module2dist => { 'Catalyst' => 'Catalyst-Runtime', }, }; return $db; } } CPAN-Audit-20240215.001/t/installed.t0000644000076500000240000000137714563561422015444 0ustar brianstaffuse strict; use warnings; use Test::More; use CPAN::Audit::Installed; subtest 'installed' => sub { my @deps = _build( db => { module2dist => { Catalyst => 'Catalyst-Runtime' }, dists => { 'Catalyst-Runtime' => { main_module => 'Catalyst', advisories => [ { id => 'CPANSA-Catalyst-2018-01' } ] } } } )->find('t/data/installed'); is_deeply \@deps, [ { 'dist' => 'Catalyst-Runtime', 'version' => '5.0' }, ]; }; done_testing; sub _build { CPAN::Audit::Installed->new(@_) } CPAN-Audit-20240215.001/t/lib/0000755000076500000240000000000014563561457014046 5ustar brianstaffCPAN-Audit-20240215.001/t/lib/TestCommand.pm0000644000076500000240000000071414563561422016614 0ustar brianstaffpackage TestCommand; use strict; use warnings; use Capture::Tiny qw(capture); sub command { my( $class, @args ) = @_; my ( $stdout, $stderr, $rc ) = capture { system $^X, '-Ilib', 'script/cpan-audit', '--no-corelist', @args; }; my( $ran, $signal, $exit, $coredump ); $ran = $rc > -1; if( $ran ) { $exit = $rc >> 8; $coredump = $rc & 128; $signal = $rc & 127; } return ( $stdout, $stderr, $exit, $signal, $coredump, $ran ); } 1; CPAN-Audit-20240215.001/t/queried_modules.t0000644000076500000240000001051114563561422016641 0ustar brianstaffuse strict; use warnings; use lib 'lib', 't/lib'; use Capture::Tiny qw(capture); use JSON; use Test::More; my $class = "CPAN::Audit"; subtest 'setup' => sub { use_ok( $class ) or BAIL_OUT( "$class did not compile: $@" ); }; subtest 'deps queried_modules' => sub { my( $stdout, $stderr, $exit ) = capture { system( $^X, '-Ilib', 'script/cpan-audit', '--json', 'deps', 't/data/queried_modules' ); }; is $stderr, ''; my $result_hash = JSON::decode_json( $stdout ); isa_ok( $result_hash, ref {} ); isa_ok( $result_hash->{dists}, ref {} ); is_deeply( $result_hash->{dists}{'Catalyst-Runtime'}{queried_modules}, ['Catalyst'], "Queried 'Catalyst'" ); my %check = map { $_ => 1 } @{ $result_hash->{dists}{'Mojolicious'}{queried_modules} || [] }; is_deeply( \%check, { 'Mojo::File' => 1, 'Mojo::UserAgent' => 1 }, "Queried 'Mojo::File' and 'Mojo::UserAgent'" ); }; subtest 'module queried_modules Mojolicious' => sub { my( $stdout, $stderr, $exit ) = capture { system( $^X, '-Ilib', 'script/cpan-audit', '--json', 'module', 'Mojo::File' ); }; is $stderr, ''; my $result_hash = JSON::decode_json( $stdout ); isa_ok( $result_hash, ref {} ); isa_ok( $result_hash->{dists}, ref {} ); is( $result_hash->{dists}{'Catalyst-Runtime'}{queried_modules}, undef, "Did not query 'Catalyst'" ); is_deeply( $result_hash->{dists}{'Mojolicious'}{queried_modules}, ['Mojo::File'], "Queried 'Mojo::File'" ); }; subtest 'module queried_modulesi Catalyst' => sub { my( $stdout, $stderr, $exit ) = capture { system( $^X, '-Ilib', 'script/cpan-audit', '--json', 'module', 'Catalyst' ); }; is $stderr, ''; my $result_hash = JSON::decode_json( $stdout ); isa_ok( $result_hash, ref {} ); isa_ok( $result_hash->{dists}, ref {} ); is_deeply( $result_hash->{dists}{'Catalyst-Runtime'}{queried_modules}, ['Catalyst'], "Queried 'Catalyst'" ); is( $result_hash->{dists}{'Mojolicious'}{queried_modules}, undef, "Did not query 'Mojo::File' and 'Mojo::UserAgent'" ); }; subtest 'modules queried_modules' => sub { my( $stdout, $stderr, $exit ) = capture { system( $^X, '-Ilib', 'script/cpan-audit', '--json', 'modules', 'Catalyst', 'Mojo::File', 'Mojo::UserAgent' ); }; is $stderr, ''; my $result_hash = JSON::decode_json( $stdout ); isa_ok( $result_hash, ref {} ); isa_ok( $result_hash->{dists}, ref {} ); is_deeply( $result_hash->{dists}{'Catalyst-Runtime'}{queried_modules}, ['Catalyst'], "Queried 'Catalyst'" ); my %check = map { $_ => 1 } @{ $result_hash->{dists}{'Mojolicious'}{queried_modules} || [] }; is_deeply( \%check, { 'Mojo::File' => 1, 'Mojo::UserAgent' => 1 }, "Queried 'Mojo::File' and 'Mojo::UserAgent'" ); }; done_testing; BEGIN { use CPAN::Audit::DB; no warnings 'redefine'; sub CPAN::Audit::DB::db { my $db = { 'dists' => { 'Catalyst-Runtime' => { 'advisories' => [ { 'affected_versions' => '<5.90020', 'cves' => [], 'description' => 'A sample advisory for a test', 'distribution' => 'Catalyst-Runtime', 'fixed_versions' => '>=5.90020', 'id' => 'CPANSATest-Catalyst-Runtime-2013-01', 'references' => [ ], 'reported' => '2013-01-23' }, ], 'main_module' => 'Catalyst::Runtime', 'versions' => [ { 'date' => '2021-01-01T18:10:00', 'version' => '5.00', }, { 'date' => '2022-01-01T18:10:00', 'version' => '5.70', }, ], }, 'Mojolicious' => { 'advisories' => [ id => 1, fixed_versions => '>=8', ] } }, module2dist => { 'Catalyst' => 'Catalyst-Runtime', 'Mojo::File' => 'Mojolicious', 'Mojo::UserAgent' => 'Mojolicious', }, }; return $db; } } CPAN-Audit-20240215.001/t/excludes.t0000644000076500000240000000250214563561422015270 0ustar brianstaffuse v5.10; use Test::More; my $class = 'CPAN::Audit::Filter'; my @class_methods = qw(new); my @instance_methods = qw(excludes ignored_count); subtest sanity => sub { use_ok( $class ); can_ok( $class, @class_methods ); }; subtest 'no args' => sub { my $filter = $class->new; isa_ok( $filter, $class ); can_ok( $filter, @instance_methods ); }; subtest 'one args' => sub { my $warning; local $SIG{__WARN__} = sub { $warning .= $_[0] }; my $filter = $class->new( 'excludes' ); # diag( "Warning was <$warning>" ); like( $warning, qr/Odd number/, 'Odd number of elements warns' ); isa_ok( $filter, $class ); can_ok( $filter, @instance_methods ); }; subtest 'two args' => sub { my $id = 'Some-Package-2022-001'; my $filter = $class->new( exclude => [ $id ] ); isa_ok( $filter, $class ); can_ok( $filter, @instance_methods ); subtest 'nothing to ignore' => sub { my $rc = $filter->excludes( { id => 'xyz' } ); ok( ! $rc, 'excludes returns false when it does not exclude' ); is( $filter->ignored_count, 0, 'ignored_count returns 0 when it does not exclude' ); }; subtest 'something to ignore' => sub { my $rc = $filter->excludes( { id => $id } ); ok( $rc, 'excludes returns true when it does exclude' ); is( $filter->ignored_count, 1, 'ignored_count returns 1 when it does exclude' ); }; }; done_testing(); CPAN-Audit-20240215.001/t/test_manifest0000644000076500000240000000030514563561422016056 0ustar brianstaff./discover/cpanfile.t ./discover/cpanfile_snapshot.t ./json.t ./version.t ./query.t ./cli/deps.t ./cli/installed.t ./cli/module.t ./cli/modules.t ./cli/release.t ./cli/show.t ./cli.t ./installed.t CPAN-Audit-20240215.001/t/data/0000755000076500000240000000000014563561457014211 5ustar brianstaffCPAN-Audit-20240215.001/t/data/installed/0000755000076500000240000000000014563561457016170 5ustar brianstaffCPAN-Audit-20240215.001/t/data/installed/perl5/0000755000076500000240000000000014563561457017217 5ustar brianstaffCPAN-Audit-20240215.001/t/data/installed/perl5/lib/0000755000076500000240000000000014563561457017765 5ustar brianstaffCPAN-Audit-20240215.001/t/data/installed/perl5/lib/perl5/0000755000076500000240000000000014563561457021014 5ustar brianstaffCPAN-Audit-20240215.001/t/data/installed/perl5/lib/perl5/Catalyst.pm0000644000076500000240000000014414563561422023125 0ustar brianstaff=pod =head1 NAME Catalyst =cut package Catalyst ; our $VERSION = '5.0'; # No BumpVersion CPAN-Audit-20240215.001/t/data/carton/0000755000076500000240000000000014563561457015477 5ustar brianstaffCPAN-Audit-20240215.001/t/data/carton/cpanfile.snapshot0000644000076500000240000000116214563561422021031 0ustar brianstaff# carton snapshot format: version 1.0 DISTRIBUTIONS Apache-LogFormat-Compiler-0.35 pathname: K/KA/KAZEBURO/Apache-LogFormat-Compiler-0.35.tar.gz provides: Apache::LogFormat::Compiler 0.35 requirements: Module::Build::Tiny 0.035 POSIX 0 POSIX::strftime::Compiler 0.30 Time::Local 0 perl 5.008001 Class-Inspector-1.32 pathname: P/PL/PLICEASE/Class-Inspector-1.32.tar.gz provides: Class::Inspector 1.32 Class::Inspector::Functions 1.32 requirements: ExtUtils::MakeMaker 0 File::Spec 0.80 perl 5.006 Invalid-1.0 pathname: Invalid CPAN-Audit-20240215.001/t/data/cpanfiles/0000755000076500000240000000000014563561457016155 5ustar brianstaffCPAN-Audit-20240215.001/t/data/cpanfiles/cpanfile0000644000076500000240000000006614563561422017653 0ustar brianstaffrequires 'perl', '5.8'; requires 'Catalyst', '5'; CPAN-Audit-20240215.001/t/data/excludes0000644000076500000240000000023614563561422015741 0ustar brianstaff# Comments are ignored # as well as blank lines (previous line) CPANSA-CPAN-2009-01 # trailing comments are removed, as is leading/trailing whitespace CPAN-Audit-20240215.001/t/data/modules_excludes0000644000076500000240000000027114563561422017470 0ustar brianstaff# Comments are ignored # as well as blank lines (previous line) CPANSA-CPAN-2009-01 # trailing comments are removed, as is leading/trailing whitespace CPANSA-Mojolicious-2022-03 CPAN-Audit-20240215.001/t/data/queried_modules/0000755000076500000240000000000014563561457017377 5ustar brianstaffCPAN-Audit-20240215.001/t/data/queried_modules/cpanfile0000644000076500000240000000011114563561422021064 0ustar brianstaffrequires 'Mojo::File'; requires 'Mojo::UserAgent'; requires 'Catalyst'; CPAN-Audit-20240215.001/script/0000755000076500000240000000000014563561457014341 5ustar brianstaffCPAN-Audit-20240215.001/script/cpan-audit0000755000076500000240000002637314563561422016317 0ustar brianstaff#!/usr/bin/env perl use v5.10; use strict; use warnings; use IO::Interactive qw(is_interactive); use CPAN::Audit; our $VERSION = "1.501"; __PACKAGE__->run( @ARGV ) unless caller; # The exit code indicates the number of advisories, up to this max # since we have a limited number of exit codes. use constant ADVISORY_COUNT_MAX => 62; use constant EXIT_NORMAL => 0; use constant EXIT_ZERO => 0; use constant EXIT_USAGE => 2; use constant EXIT_BASE => 64; my $output_table; BEGIN { $output_table = { text => \&format_text, dumper => \&format_dump, json => \&format_json, default => \&format_text, }; } sub format_advisory { my ($advisory) = @_; my $s = " __BOLD__* $advisory->{id}__RESET__\n"; $s .= " $advisory->{description}\n"; if ( $advisory->{affected_versions} ) { $s .= " Affected range: $advisory->{affected_versions}\n"; } if ( $advisory->{fixed_versions} ) { $s .= " Fixed range: $advisory->{fixed_versions}\n"; } if ( $advisory->{cves} ) { $s .= "\n CVEs: "; $s .= join ', ', @{ $advisory->{cves} }; $s .= "\n"; } if ( $advisory->{references} ) { $s .= "\n References:\n"; foreach my $reference ( @{ $advisory->{references} || [] } ) { $s .= " $reference\n"; } } $s .= "\n"; return $s; } use Data::Dumper; sub dumper { Data::Dumper->new([@_])->Indent(1)->Sortkeys(1)->Terse(1)->Useqq(1)->Dump } sub format_dump { my( $result ) = @_; return dumper($result); } sub format_json { state $rc = require JSON; my( $result ) = @_; return JSON::encode_json($result); } sub format_text { my( $result, $opts ) = @_; my $s = ''; foreach my $distname ( keys %{ $result->{dists} } ) { my $advisories = $result->{dists}{$distname}{advisories}; $s .= sprintf("__RED__%s (%s %s) has %d advisor%s__RESET__\n", $distname, ($result->{meta}{command} eq 'installed' ? 'have' : 'requires'), $result->{dists}{$distname}{version}, scalar(@$advisories), (scalar(@$advisories) == 1 ? 'y' : 'ies'), ); foreach my $advisory ( @$advisories ) { $s .= format_advisory( $advisory ); } } $s .= "\n" if length $s; if ( $opts->{'no-color'} or $opts->{'ascii'} ) { $s =~ s{__BOLD__}{}g; $s =~ s{__GREEN__}{}g; $s =~ s{__RED__}{}g; $s =~ s{__RESET__}{}g; } else { $s =~ s{__BOLD__}{\e[39;1m}g; $s =~ s{__GREEN__}{\e[32m}g; $s =~ s{__RED__}{\e[31m}g; $s =~ s{__RESET__}{\e[0m}g; $s .= "\e[0m" if length $s; } return $s; } sub output_version { my( $class, $exit_code ) = @_; print "$0 version $VERSION using:\n\tCPAN::Audit @{[ CPAN::Audit->VERSION ]}\n\tCPAN::Audit::DB @{[ CPAN::Audit::DB->VERSION ]}\n"; exit($exit_code); } sub run { my( $class, @args ) = @_; my( $opts ) = $class->process_options( \@args ); unless( ! $opts->{interactive} ) { $opts->{ascii} = 1; $opts->{no_color} //= 1; } $class->usage(EXIT_NORMAL) if $opts->{help}; $class->output_version(EXIT_NORMAL) if $opts->{version}; if( $opts->{fresh_check} ) { require CPAN::Audit::FreshnessCheck; CPAN::Audit::FreshnessCheck->import } my $command = shift @args; $class->usage(EXIT_USAGE) unless defined $command; my %extra = ( interactive => is_interactive(), ); my $audit = CPAN::Audit->new( %$opts, %extra ); my $result = $audit->command( $command, @args ); if( @{ $result->{errors} } > 0 ) { my $message = join "\n", map "Error: $_", @{ $result->{errors} }; unless( $opts->{'no-color'} ) { $message = "\e[31m" . $message . "\e[0m" } print STDERR $message; exit 255; } my( $output_type ) = grep { $opts->{$_} } qw(json); my $sub = $output_table->{$output_type // 'default'}; my $output = $sub->( $result, $opts ); if( $command eq 'show' ) { $output =~ s/\A.*\n//; } print $output; my $advisory_count = $result->{meta}{total_advisories}; $advisory_count = ADVISORY_COUNT_MAX if $advisory_count > ADVISORY_COUNT_MAX; my $exit_code = do { if( $opts->{exit_zero} ) { EXIT_ZERO } elsif( $advisory_count == 0 ) { EXIT_NORMAL } else { EXIT_BASE + $advisory_count } }; exit( $exit_code ); } sub process_options { my( $class, $args ) = @_; require Getopt::Long; my $options = {}; my %params = (); my $params = { 'ascii' => \$params{ascii}, 'f|fresh' => \$params{fresh_check}, 'help|h' => \$params{help}, 'json' => \$params{json}, 'no-color' => \$params{no_color}, 'no-corelist' => \$params{no_corelist}, 'perl' => \$params{include_perl}, 'quiet|q' => \$params{quiet}, 'verbose|v' => \$params{verbose}, 'version' => \$params{version}, 'exclude=s@' => \$params{exclude}, 'exclude-file=s@' => \$params{exclude_file}, 'modules=s@' => \$params{modules}, 'exit-zero' => \$params{exit_zero}, }; my $ret = Getopt::Long::GetOptionsFromArray( $args, $options, %$params ) or $class->usage(EXIT_USAGE); $params{quiet} = 1 if $params{json}; \%params; } sub usage { require Pod::Usage; require FindBin; my( $class, $exit_code ) = @_; no warnings qw(once); Pod::Usage::pod2usage( -input => $FindBin::Bin . "/" . $FindBin::Script ); exit( $exit_code ); } __END__ =head1 NAME cpan-audit - Audit CPAN modules =head1 SYNOPSIS cpan-audit [command] [options] Commands: module [version range] audit module with optional version range (all by default) modules [version range] audit module list with optional version range (all by default) dist|release [version range] audit distribution with optional version range (all by default) deps [directory] audit dependencies from the directory (. by default) installed audit all installed modules show [advisory id] show information about specific advisory Options: --ascii use ascii output --fresh|f check the database for freshness (CPAN::Audit::FreshnessCheck) --help|h show the help message and exit --no-color switch off colors --no-corelist ignore modules bundled with perl version --perl include perl advisories --quiet be quiet (overrules --verbose) --verbose be verbose (off if --quiet in effect) --version show the version and exit --exit-zero always exit with 0 even if advisories are reported --exclude exclude/ignore the specified advisory/cve (multiple) --exclude-file read exclude/ignore patterns from file --json output JSON Examples: cpan-audit dist Catalyst-Runtime cpan-audit dist Catalyst-Runtime 7.0 cpan-audit dist Catalyst-Runtime '>5.48' cpan-audit module Catalyst 7.0 cpan-audit modules "Catalyst;7.0" "Mojolicious;>8.40,<9.20" cpan-audit deps . cpan-audit deps /path/to/distribution cpan-audit installed cpan-audit installed local/ cpan-audit installed local/ --exclude CVE-2011-4116 cpan-audit installed local/ --exclude CVE-2011-4116 --exclude CVE-2011-123 cpan-audit installed local/ --exclude-file ignored-cves.txt cpan-audit installed --json cpan-audit installed --json --exit-zero cpan-audit show CPANSA-Mojolicious-2018-03 =head1 DESCRIPTION C is a command line application that checks the modules or distributions for known vulnerabilities. It is using its internal database that is automatically generated from a hand-picked database L. C does not connect to anything, that is why it is important to keep it up to date. Every update of the internal database is released as a new version. Ensure that you have the latest database by updating L frequently; the database can change daily. You can use enable a warning for a possibly out-of-date database by adding C<--fresh>, which warns if the database version is older than a month: % cpan-audit --fresh ... % cpan-audit -f ... % env CPAN_AUDIT_FRESH_DAYS=7 cpan-audit -f ... =head2 Finding dependencies C can automatically detect dependencies from the following sources: =over =item C Parses F file and checks the distribution versions. =item F Parses F taking into account the required versions. =back It is assumed that if the required version of the module is less than a version of a release with a known vulnerability fix, then the module is considered affected. =head2 JSON data If you request JSON output, the data looks like { "meta" : { ... meta information ... "dists": { "": { ... distribution info ... } } "errors" : [ ... list of errors - if any ... ] } =head3 Meta information The meta data contains information about the run of C. { "args": [ "Mojo::File", "Mojo::UserAgent", "LWP::UserAgent" ], "cpan_audit": { "version": "20230601.002" }, "total_advisories": 19, "command": "modules" } These information are shown =over 4 =item * cpan_audit The version of C that is used for the audit =item * command The command of C that was run =item * args Arguments for the command =item * total_advisories Number of found advisories =back =head3 Distribution information For each distribution where at least one advisory was found, the JSON looks like: "Dist-Name": { "queried_modules": [ "Queried::Namespace" ], "version": "Any", "advisories": [ { ... advisory data as in the audit database ... }, ... more advisories ... ] }, The advisory data is basically the data from the database. So this depends on what is known for the given advisory. The distribution information contains: =over 4 =item * version The version (range) that is checked for advisories. If there's no version specified, all versions are checked and the version is report as "Any". =item * queried_modules The actual namespaces queried, either from the command line or another source, such as a F. =item * advisories A list of all vulnerabilities found for the version range =back =head2 Exit values In prior versions, C exited with the number of advisories it found. Starting with 1.001, if there are advisories found, C exits with 64 added to that number. The maximum number of reported advisories is 62, since values over 126 are spoken for. If the option C<--exit-zero> is set C exits always with a normal exit code (0). This allows to use C in build environments together with bash exit mode activated (C). =over 4 =item * 0 - no advisories found =item * 2 - problem with program invocation, such as bad switches or values =item * 64+n - advisories found. Subtract 64 to get the advisory count, up to 62 advisories =item * 255 - unspecified program error =back =head1 LICENSE Copyright (C) Viacheslav Tykhanovskyi. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =cut CPAN-Audit-20240215.001/README.md0000644000076500000240000000715214563561422014311 0ustar brianstaff# NAME cpan-audit - Audit CPAN modules # SYNOPSIS cpan-audit \[command\] \[options\] Commands: module [version range] audit module with optional version range (all by default) dist|release [version range] audit distribution with optional version range (all by default) deps [directory] audit dependencies from the directory (. by default) installed audit all installed modules show [advisory id] show information about specific advisory Options: --ascii use ascii output --freshcheck|f check the database for freshness (CPAN::Audit::FreshnessCheck) --help|h show the help message and exit --no-color switch off colors --no-corelist ignore modules bundled with perl version --perl include perl advisories --quiet be quiet --verbose be verbose --version show the version and exit --exclude exclude/ignore the specified advisory/cve (multiple) --exclude-file read exclude/ignore patterns from file --json save audit results in JSON format in a file Examples: cpan-audit dist Catalyst-Runtime cpan-audit dist Catalyst-Runtime 7.0 cpan-audit dist Catalyst-Runtime '>5.48' cpan-audit module Catalyst 7.0 cpan-audit deps . cpan-audit deps /path/to/distribution cpan-audit installed cpan-audit installed local/ cpan-audit installed local/ --exclude CVE-2011-4116 cpan-audit installed local/ --exclude CVE-2011-4116 --exclude CVE-2011-123 cpan-audit installed local/ --exclude-file ignored-cves.txt cpan-audit installed --json audit.json cpan-audit show CPANSA-Mojolicious-2018-03 # DESCRIPTION `cpan-audit` is a command line application that checks the modules or distributions for known vulnerabilities. It is using its internal database that is automatically generated from a hand-picked database [https://github.com/briandfoy/cpan-security-advisory](https://github.com/briandfoy/cpan-security-advisory). `cpan-audit` does not connect to anything, that is why it is important to keep it up to date. Every update of the internal database is released as a new version. Ensure that you have the latest database by updating [CPAN::Audit](https://metacpan.org/pod/CPAN%3A%3AAudit) frequently; the database can change daily. You can use enable a warning for a possibly out-of-date database by adding `--freshcheck`, which warns if the database version is older than a month: % cpan-audit --freshcheck ... % cpan-audit -f ... % env CPAN_AUDIT_FRESH_DAYS=7 cpan-audit -f ... ## Finding dependencies `cpan-audit` can automatically detect dependencies from the following sources: - `Carton` Parses `cpanfile.snapshot` file and checks the distribution versions. - `cpanfile` Parses `cpanfile` taking into account the required versions. It is assumed that if the required version of the module is less than a version of a release with a known vulnerability fix, then the module is considered affected. ## Exit values In prior versions, `cpan-audit` exited with the number of advisories it found. Starting with 1.001, if there are advisories found, `cpan-audit` exits with 64 added to that number. - 0 - normal operation - 2 - problem with program invocation, such as bad switches or values - 64+n - advisories found. Subtract 64 to get the advisory count # LICENSE Copyright (C) Viacheslav Tykhanovskyi. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. CPAN-Audit-20240215.001/GPG_README.md0000644000076500000240000000526414563561422015010 0ustar brianstaff## Import the keys I have two keys, a personal one and a project one, on *keys.openpgp.org*. At the end of this doc is a pic of me holding up these keys handwritten on a notepad. If you need more trust than that, get in touch. % gpg --keyserver keys.openpgp.org --recv-keys 75AAB42CBA0D7F37F0D6886DF83F8D5E878B6041 867D53B08E433DF401A06EF49A9C0FE7F64876BF If you trust these signatures, sign them with your own key. This way you avoid a local warning about verifying files with untrusted keys. Likewise, if you do not trust these keys and want to tolerate the warning, don't sign them: % gpg --sign-key 867D53B08E433DF401A06EF49A9C0FE7F64876BF % gpg --sign-key 75AAB42CBA0D7F37F0D6886DF83F8D5E878B6041 ## Verify the database I've started to sign lib/CPAN/Audit/DB.pm with [a GPG key I made for this module](https://keys.openpgp.org/vks/v1/by-fingerprint/75AAB42CBA0D7F37F0D6886DF83F8D5E878B6041). The file *lib/CPAN/Audit/DB.pm.gpg* is the detached signature for *lib/CPAN/Audit/DB.pm*. % gpg --verify lib/CPAN/Audit/DB.pm.gpg lib/CPAN/Audit/DB.pm You may get a warning like: > gpg: WARNING: This key is not certified with a trusted signature! That means you didn't sign the keys, so your local GPG is reminding you that you don't trust them even if it can still verify the signatures. ## Help others trust CPAN::Audit We can enhance this trust for *lib/CPAN/Audit/DB.pm* by including more trust in the key that signs that data. You can do this by signing the key to say that you trust it. You can sign my personal and my CPAN::Audit key with your key: % gpg --keyserver keys.openpgp.org --recv-keys 75AAB42CBA0D7F37F0D6886DF83F8D5E878B6041 867D53B08E433DF401A06EF49A9C0FE7F64876BF % gpg --sign-key 867D53B08E433DF401A06EF49A9C0FE7F64876BF % gpg --sign-key 75AAB42CBA0D7F37F0D6886DF83F8D5E878B6041 % gpg --output ~/pobox.signed.gpg --export --armor 867D53B08E433DF401A06EF49A9C0FE7F64876BF % gpg --output ~/bdfoy.signed.gpg --export --armor 75AAB42CBA0D7F37F0D6886DF83F8D5E878B6041 Then send those output files back to me at *briandfoy@pobox.com*, or some other channel that you'd like to use. I will import them into my keyring and re-export my key to the keyserver so other people will see that you signed the key. ## Github Actions When I push to Github, the "gpg" workflow checks that the files signed in the repo have the right signatures. ## The selfie Here's a selfie with me holding up the two key fingerprints (google images of me to see if you think this is the same person). For the more cautious (not a bad thing here), we can arrange a way to verify that these keys belong to me and you are sending them to the right place. ![](images/briandfoy-gpg-key-selfie.jpeg) CPAN-Audit-20240215.001/MANIFEST.SKIP0000644000076500000240000000227314563561422014727 0ustar brianstaff #!start included /usr/local/perls/perl-5.18.1/lib/5.18.1/ExtUtils/MANIFEST.SKIP # Avoid version control files. \bRCS\b \bCVS\b \bSCCS\b ,v$ \B\.svn\b \B\.git\b \B\.gitignore\b \b_darcs\b \B\.cvsignore$ # Avoid VMS specific MakeMaker generated files \bDescrip.MMS$ \bDESCRIP.MMS$ \bdescrip.mms$ # Avoid Makemaker generated and utility files. \bMANIFEST\.bak \bMakefile$ \bblib/ \bMakeMaker-\d \bpm_to_blib\.ts$ \bpm_to_blib$ \bblibdirs\.ts$ # 6.18 through 6.25 generated this # Avoid Module::Build generated and utility files. \bBuild$ \b_build/ \bBuild.bat$ \bBuild.COM$ \bBUILD.COM$ \bbuild.com$ # Avoid temp and backup files. ~$ \.old$ \#$ \b\.# \.bak$ \.tmp$ \.# \.rej$ # Avoid OS-specific files/dirs # Mac OSX metadata \B\.DS_Store # Mac OSX SMB mount metadata files \B\._ # Avoid Devel::Cover and Devel::CoverX::Covered files. \bcover_db\b \bcovered\b # Avoid MYMETA files ^MYMETA\. #!end included /usr/local/perls/perl-5.18.1/lib/5.18.1/ExtUtils/MANIFEST.SKIP \.?appveyor.yml \.releaserc \.lwpcookies Test-Manifest-.* hacks/ \bMANIFEST\s\d \bChanges\s\d \.icloud$ \A\.github\b .perltidyrc .proverc Build.PL minil.toml CPAN-Audit-2* .gitmodules cpan-security-advisory/ \.gitattributes\b CPAN-Audit-20240215.001/CONTRIBUTING.md0000644000076500000240000000137614563561422015265 0ustar brianstaff# Contributing If you have any questions, no matter how big or small, [raise an issue](https://github.com/briandfoy/cpan-audit). ## Updating the advisories The advisories are actually in a separate GitHub repo, [briandfoy/cpan-security-advisory](https://github.com/briandfoy/cpan-security-advisory) that's a submodule of this repo. Follow the instructions for that repo to add or update advisories. ## Updating the module If you don't have the *cpan-security-advisory* directory, you need to set that up: % perl Makefile.PL % make submodules If you already had the submodule, you may need to update it before you start work: % git submodule update --remote Once you have the submodule set up, you can regenerate *lib/CPAN/Audit/DB.pm*: % make generate CPAN-Audit-20240215.001/META.yml0000664000076500000240000000205414563561457014311 0ustar brianstaff--- abstract: 'Audit CPAN distributions for known vulnerabilities' author: - 'Viacheslav Tykhanovskyi ' build_requires: Capture::Tiny: '0' File::Temp: '0' HTTP::Tiny: '0' Test::More: '0.98' YAML::Tiny: '0' configure_requires: ExtUtils::MakeMaker: '6.64' File::Spec::Functions: '0' dynamic_config: 1 generated_by: 'ExtUtils::MakeMaker version 7.70, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: CPAN-Audit no_index: directory: - t - inc requires: CPAN::DistnameInfo: '0' IO::Interactive: '0' JSON: '0' Module::CPANfile: '0' Module::CoreList: '5.20181020' Module::Extract::VERSION: '0' PerlIO::gzip: '0' Pod::Usage: '1.69' perl: '5.010' resources: bugtracker: https://github.com/briandfoy/cpan-audit/issues homepage: https://github.com/briandfoy/cpan-audit repository: https://github.com/briandfoy/cpan-audit version: '20240215.001' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' CPAN-Audit-20240215.001/lib/0000755000076500000240000000000014563561457013603 5ustar brianstaffCPAN-Audit-20240215.001/lib/CPAN/0000755000076500000240000000000014563561457014324 5ustar brianstaffCPAN-Audit-20240215.001/lib/CPAN/Audit.pm0000644000076500000240000001660114563561422015724 0ustar brianstaffpackage CPAN::Audit; use v5.10.1; use strict; use warnings; use version; use Carp qw(carp); use Module::CoreList; use CPAN::Audit::Installed; use CPAN::Audit::Discover; use CPAN::Audit::Filter; use CPAN::Audit::Version; use CPAN::Audit::Query; use CPAN::Audit::DB; our $VERSION = '20240215.001'; sub new { my( $class, %params ) = @_; my @allowed_keys = qw(ascii db exclude exclude_file include_perl interactive no_corelist quiet verbose version); my %args = map { $_, $params{$_} } @allowed_keys; my $self = bless \%args, $class; $self->_handle_exclude_file if $self->{exclude_file}; $self->{db} //= CPAN::Audit::DB->db; $self->{filter} = CPAN::Audit::Filter->new( exclude => $args{exclude} ); $self->{query} = CPAN::Audit::Query->new( db => $self->{db} ); $self->{discover} = CPAN::Audit::Discover->new( db => $self->{db} ); return $self; } sub _handle_exclude_file { my( $self ) = @_; foreach my $file (@{$self->{exclude_file}}) { my $fh; unless( open $fh, "<", $file ) { carp "unable to open exclude_file [$file]: $!\n"; return; } my @excludes = grep { !/^\s*$/ } # no blank lines map { s{^\s+|\s+$}{}g; $_ } # strip leading/trailing whitespace map { s{#.*}{}; $_ } # strip comments <$fh>; push @{$self->{exclude}}, @excludes; } } sub command_module { my ( $self, $dists, $queried, $module, $version_range ) = @_; return "Usage: module [version-range]" unless $module; my $distname = $self->{db}->{module2dist}->{$module}; if ( !$distname ) { return "Module '$module' is not in database"; } push @{ $queried->{$distname} }, $module; $dists->{$distname} = $version_range // ''; return; } sub command_release { my ( $self, $dists, $queried, $distname, $version_range ) = @_; return "Usage: dist|release [version-range]" unless $distname; if ( !$self->{db}->{dists}->{$distname} ) { return "Distribution '$distname' is not in database"; } $dists->{$distname} = $version_range // ''; return; } sub command_show { my ( $self, $dists, $queried, $advisory_id ) = @_; return "Usage: show " unless $advisory_id; my ($release) = $advisory_id =~ m/^CPANSA-(.*?)-(\d+)-(\d+)$/; return "Invalid advisory id" unless $release; my $dist = $self->{db}->{dists}->{$release}; return "Unknown advisory id" unless $dist; my ($advisory) = grep { $_->{id} eq $advisory_id } @{ $dist->{advisories} }; return "Unknown advisory id" unless $advisory; my $distname = $advisory->{distribution} // 'Unknown distribution name'; $dists->{$distname}{advisories} = [ $advisory ]; $dists->{$distname}{version} = 'Any'; return; } sub command_modules { my ($self, $dists, $queried, @modules) = @_; return "Usage: modules '[;version-range]' '[;version-range]'" unless @modules; foreach my $module ( @modules ) { my ($name, $version) = split /;/, $module; my $failed = $self->command_module( $dists, $queried, $name, $version // '' ); if ( $failed ) { $self->verbose( $failed ); next; } } return; } sub command_deps { my ($self, $dists, $queried, $dir) = @_; $dir = '.' unless defined $dir; return "Usage: deps

" unless -d $dir; my @deps = $self->{discover}->discover($dir); $self->verbose( sprintf 'Discovered %d dependencies', scalar(@deps) ); foreach my $dep (@deps) { my $dist = $dep->{dist} || $self->{db}->{module2dist}->{ $dep->{module} }; next unless $dist; push @{ $queried->{$dist} }, $dep->{module} if !$dep->{dist}; $dists->{$dist} = $dep->{version}; } return; } sub command_installed { my ($self, $dists, $queried, @args) = @_; $self->verbose('Collecting all installed modules. This can take a while...'); my $verbose_callback = sub { my ($info) = @_; $self->verbose( sprintf '%s: %s-%s', $info->{path}, $info->{distname}, $info->{version} ); }; my @deps = CPAN::Audit::Installed->new( db => $self->{db}, include_perl => $self->{include_perl}, ( $self->{verbose} ? ( cb => $verbose_callback ) : () ), )->find(@args); foreach my $dep (@deps) { my $dist = $dep->{dist} || $self->{db}->{module2dist}->{ $dep->{module} }; next unless $dist; $dists->{ $dep->{dist} } = $dep->{version}; } return; } sub command { state $command_table = { dependencies => 'command_deps', deps => 'command_deps', installed => 'command_installed', module => 'command_module', modules => 'command_modules', release => 'command_release', dist => 'command_release', show => 'command_show', }; my( $self, $command, @args ) = @_; my %report = ( meta => { command => $command, args => [ @args ], cpan_audit => { version => $VERSION }, total_advisories => 0, }, errors => [], dists => {}, ); my $dists = $report{dists}; my $queried = {}; if (!$self->{no_corelist} && ( $command eq 'dependencies' || $command eq 'deps' || $command eq 'installed' ) ) { # Find core modules for this perl version first. # This way explictly installed versions will overwrite. if ( my $core = $Module::CoreList::version{$]} ) { while ( my ( $mod, $ver ) = each %$core ) { my $dist = $self->{db}{module2dist}{$mod} or next; $dists->{$dist} = $ver if( ! defined $dists->{$dist} or version->parse($ver) > $dists->{$dist} ); } } } if ( exists $command_table->{$command} ) { my $method = $command_table->{$command}; push @{ $report{errors} }, $self->$method( $dists, $queried, @args ); return \%report if $command eq 'show'; } else { push @{ $report{errors} }, "unknown command: $command. See -h"; } if (%$dists) { my $query = $self->{query}; foreach my $distname ( keys %$dists ) { my $version_range = $dists->{$distname}; my @advisories = grep { ! $self->{filter}->excludes($_) } $query->advisories_for( $distname, $version_range ); $version_range = 'Any' if $version_range eq '' || $version_range eq '0'; $report{meta}{total_advisories} += @advisories; if ( @advisories ) { $dists->{$distname} = { advisories => \@advisories, version => $version_range, queried_modules => $queried->{$distname} || [], }; } else { delete $dists->{$distname} } } } return \%report; } sub verbose { my ( $self, $message ) = @_; return if $self->{quiet}; $self->_print( *STDERR, $message ); } sub _print { my ( $self, $fh, $message ) = @_; if ( $self->{no_color} ) { $message =~ s{__BOLD__}{}g; $message =~ s{__GREEN__}{}g; $message =~ s{__RED__}{}g; $message =~ s{__RESET__}{}g; } else { $message =~ s{__BOLD__}{\e[39;1m}g; $message =~ s{__GREEN__}{\e[32m}g; $message =~ s{__RED__}{\e[31m}g; $message =~ s{__RESET__}{\e[0m}g; $message .= "\e[0m" if length $message; } print $fh "$message\n"; } 1; __END__ =encoding utf8 =head1 NAME CPAN::Audit - Audit CPAN distributions for known vulnerabilities =head1 SYNOPSIS use CPAN::Audit; =head1 DESCRIPTION CPAN::Audit is a module and a database at the same time. It is used by L command line application to query for vulnerabilities. =head1 LICENSE Copyright (C) Viacheslav Tykhanovskyi. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. =head1 AUTHOR Viacheslav Tykhanovskyi Eviacheslav.t@gmail.comE =head1 CREDITS Takumi Akiyama (github.com/akiym) James Raspass (github.com/JRaspass) MCRayRay (github.com/MCRayRay) =cut CPAN-Audit-20240215.001/lib/CPAN/Audit/0000755000076500000240000000000014563561457015372 5ustar brianstaffCPAN-Audit-20240215.001/lib/CPAN/Audit/DB.pm0000644000076500000240002446402514563561422016226 0ustar brianstaff# created by util/generate at Thu Feb 15 05:58:27 2024 # cpan-security-advisory f9c08fdd918410ab8e7982734f4b0c14a3395f2f # package CPAN::Audit::DB; use strict; use warnings; our $VERSION = '20240215.001'; sub db { { 'dists' => { 'ActivePerl' => { 'advisories' => [ { 'affected_versions' => '=5.16.1.1601', 'cves' => [ 'CVE-2012-5377' ], 'description' => 'Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\\Perl\\Site\\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. ', 'distribution' => 'ActivePerl', 'fixed_versions' => undef, 'id' => 'CPANSA-ActivePerl-2012-5377', 'references' => [ 'https://www.htbridge.com/advisory/HTB23108', 'http://osvdb.org/86177' ], 'reported' => '2012-10-11', 'severity' => undef }, { 'affected_versions' => '=5.8.8.817', 'cves' => [ 'CVE-2006-2856' ], 'description' => 'ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib directory with "Users" group permissions for changing files, which allows local users to gain privileges by creating a malicious sitecustomize.pl file in that directory. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. ', 'distribution' => 'ActivePerl', 'fixed_versions' => undef, 'id' => 'CPANSA-ActivePerl-2006-2856', 'references' => [ 'http://secunia.com/advisories/20328', 'http://www.securityfocus.com/bid/18269', 'http://www.osvdb.org/25974', 'http://www.vupen.com/english/advisories/2006/2140', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/26915' ], 'reported' => '2006-06-06', 'severity' => undef }, { 'affected_versions' => undef, 'cves' => [ 'CVE-2004-2286' ], 'description' => 'Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow. ', 'distribution' => 'ActivePerl', 'fixed_versions' => undef, 'id' => 'CPANSA-ActivePerl-2004-2286', 'references' => [ 'http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html', 'http://www.securityfocus.com/bid/10380', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/16224' ], 'reported' => '2004-12-31', 'severity' => undef }, { 'affected_versions' => '<5.10', 'cves' => [ 'CVE-2004-2022' ], 'description' => 'ActivePerl 5.8.x and others, and Larry Wall\'s Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. ', 'distribution' => 'ActivePerl', 'fixed_versions' => undef, 'id' => 'CPANSA-ActivePerl-2004-2022', 'references' => [ 'http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt', 'http://www.perlmonks.org/index.pl?node_id=354145', 'http://www.securityfocus.com/bid/10375', 'http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html', 'http://marc.info/?l=full-disclosure&m=108489112131099&w=2', 'http://marc.info/?l=full-disclosure&m=108482796105922&w=2', 'http://marc.info/?l=full-disclosure&m=108483058514596&w=2', 'http://marc.info/?l=bugtraq&m=108489894009025&w=2', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/16169' ], 'reported' => '2004-12-31', 'severity' => undef }, { 'affected_versions' => undef, 'cves' => [ 'CVE-2004-0377' ], 'description' => 'Buffer overflow in the win32_stat function for (1) ActiveState\'s ActivePerl and (2) Larry Wall\'s Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character. ', 'distribution' => 'ActivePerl', 'fixed_versions' => undef, 'id' => 'CPANSA-ActivePerl-2004-0377', 'references' => [ 'http://www.kb.cert.org/vuls/id/722414', 'http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html', 'http://public.activestate.com/cgi-bin/perlbrowse?patch=22552', 'http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities', 'http://marc.info/?l=bugtraq&m=108118694327979&w=2', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/15732' ], 'reported' => '2004-05-04', 'severity' => undef }, { 'affected_versions' => '<=5.6.1.629', 'cves' => [ 'CVE-2001-0815' ], 'description' => 'Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension. ', 'distribution' => 'ActivePerl', 'fixed_versions' => undef, 'id' => 'CPANSA-ActivePerl-2001-0815', 'references' => [ 'http://bugs.activestate.com/show_bug.cgi?id=18062', 'http://www.securityfocus.com/bid/3526', 'http://www.osvdb.org/678', 'http://marc.info/?l=bugtraq&m=100583978302585&w=2', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/7539' ], 'reported' => '2001-12-06', 'severity' => undef } ] }, 'Alien-PCRE2' => { 'advisories' => [ { 'affected_versions' => '<0.016000', 'comment' => 'This Alien module fetches libpcre2 sources from the network. It tries to get the latest unless you set environment variables to get a different version. ', 'cves' => [ 'CVE-2019-20454' ], 'description' => 'An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \\X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. ', 'distribution' => 'Alien-PCRE2', 'fixed_versions' => '>=0.016000', 'id' => 'CPANSA-Alien-PCRE2-2019-20454', 'references' => [ 'https://bugs.php.net/bug.php?id=78338', 'https://bugs.exim.org/show_bug.cgi?id=2421', 'https://bugzilla.redhat.com/show_bug.cgi?id=1735494', 'https://vcs.pcre.org/pcre2?view=revision&revision=1092', 'https://security.gentoo.org/glsa/202006-16', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/' ], 'reported' => '2020-02-14', 'severity' => 'high' } ], 'main_module' => 'Alien::PCRE2', 'versions' => [ { 'date' => '2017-06-30T23:18:21', 'version' => '0.001000' }, { 'date' => '2017-07-01T02:48:02', 'version' => '0.002000' }, { 'date' => '2017-07-02T04:51:35', 'version' => '0.003000' }, { 'date' => '2017-07-02T06:53:29', 'version' => '0.004000' }, { 'date' => '2017-07-02T09:21:41', 'version' => '0.005000' }, { 'date' => '2017-07-03T01:03:23', 'version' => '0.006000' }, { 'date' => '2017-07-12T17:40:07', 'version' => '0.007000' }, { 'date' => '2017-07-13T07:43:28', 'version' => '0.008000' }, { 'date' => '2017-07-15T10:31:20', 'version' => '0.009000' }, { 'date' => '2017-07-17T04:44:54', 'version' => '0.010000' }, { 'date' => '2017-07-18T18:30:06', 'version' => '0.011000' }, { 'date' => '2017-07-19T05:07:21', 'version' => '0.012000' }, { 'date' => '2017-07-23T04:43:01', 'version' => '0.013000' }, { 'date' => '2017-11-01T02:50:14', 'version' => '0.014000' }, { 'date' => '2017-11-08T00:42:33', 'version' => '0.015000' }, { 'date' => '2022-05-08T20:22:53', 'version' => '0.016000' }, { 'date' => '2023-02-04T00:21:59', 'version' => '0.017000' } ] }, 'Apache-ASP' => { 'advisories' => [ { 'affected_versions' => '<1.95', 'cves' => [], 'description' => 'A bug would allow a malicious user possible writing of files in the same directory as the source.asp script. ', 'distribution' => 'Apache-ASP', 'fixed_versions' => '>=1.95', 'id' => 'CPANSA-Apache-ASP-2000-01', 'references' => [ 'https://metacpan.org/release/CHAMAS/Apache-ASP-2.63/source/README' ], 'reported' => '2000-07-10', 'severity' => undef } ], 'main_module' => 'Apache::ASP', 'versions' => [ { 'date' => '1998-06-24T02:10:51', 'version' => '0.01' }, { 'date' => '1998-07-11T01:48:14', 'version' => '0.02' }, { 'date' => '1998-09-14T11:13:32', 'version' => '0.03' }, { 'date' => '1998-10-12T07:50:56', 'version' => '0.04' }, { 'date' => '1998-10-18T21:29:19', 'version' => '0.05' }, { 'date' => '1999-02-06T06:04:50', 'version' => '0.08' }, { 'date' => '1999-04-22T08:30:57', 'version' => '0.09' }, { 'date' => '1999-06-24T20:04:52', 'version' => '0.11' }, { 'date' => '1999-07-02T07:05:05', 'version' => '0.12' }, { 'date' => '1999-07-29T10:58:20', 'version' => '0.14' }, { 'date' => '1999-08-25T02:02:31', 'version' => '0.15' }, { 'date' => '1999-09-22T20:54:01', 'version' => '0.16' }, { 'date' => '1999-11-16T04:44:48', 'version' => '0.17' }, { 'date' => '2000-02-04T02:14:14', 'version' => '0.18' }, { 'date' => '2000-07-03T13:08:54', 'version' => '1.91' }, { 'date' => '2000-07-03T22:43:45', 'version' => '1.93' }, { 'date' => '2000-07-11T01:44:02', 'version' => '1.95' }, { 'date' => '2000-07-16T07:17:39', 'version' => '2.00' }, { 'date' => '2000-07-22T23:31:36', 'version' => '2.01' }, { 'date' => '2000-08-02T00:11:15', 'version' => '2.03' }, { 'date' => '2000-11-26T19:15:48', 'version' => '2.07' }, { 'date' => '2001-01-31T04:03:17', 'version' => '2.09' }, { 'date' => '2001-05-30T01:37:39', 'version' => '2.11' }, { 'date' => '2001-06-12T00:41:33', 'version' => '2.15' }, { 'date' => '2001-06-18T02:35:48', 'version' => '2.17' }, { 'date' => '2001-07-11T05:27:22', 'version' => '2.19' }, { 'date' => '2001-08-05T23:01:50', 'version' => '2.21' }, { 'date' => '2001-10-11T07:54:39', 'version' => '2.23' }, { 'date' => '2001-10-11T23:34:01', 'version' => '2.25' }, { 'date' => '2001-11-01T01:11:12', 'version' => '2.27' }, { 'date' => '2001-11-19T21:41:12', 'version' => '2.29' }, { 'date' => '2002-01-22T09:52:49', 'version' => '2.31' }, { 'date' => '2002-04-30T09:12:20', 'version' => '2.33' }, { 'date' => '2002-05-30T19:47:22', 'version' => '2.35' }, { 'date' => '2002-07-03T21:11:15', 'version' => '2.37' }, { 'date' => '2002-09-12T08:16:20', 'version' => '2.39' }, { 'date' => '2002-09-30T06:35:47', 'version' => '2.41' }, { 'date' => '2002-10-14T04:01:36', 'version' => '2.45' }, { 'date' => '2002-11-07T02:03:41', 'version' => '2.47' }, { 'date' => '2002-11-11T07:15:21', 'version' => '2.49' }, { 'date' => '2003-02-10T21:11:34', 'version' => '2.51' }, { 'date' => '2003-04-10T16:27:14', 'version' => '2.53' }, { 'date' => '2003-08-10T07:39:57', 'version' => '2.55' }, { 'date' => '2004-01-29T08:30:48', 'version' => '2.57' }, { 'date' => '2005-05-24T05:52:39', 'version' => '2.59' }, { 'date' => '2008-05-25T23:07:57', 'version' => '2.61' }, { 'date' => '2011-10-02T19:18:10', 'version' => '2.62' }, { 'date' => '2012-02-13T23:15:04', 'version' => '2.62' }, { 'date' => '2018-03-15T05:28:37', 'version' => '2.63' } ] }, 'Apache-AuthCAS' => { 'advisories' => [ { 'affected_versions' => '<0.5', 'cves' => [ 'CVE-2007-6342' ], 'description' => 'A tainted cookie could be sent by a malicious user and it would be used in an SQL query without protection against SQL injection. ', 'distribution' => 'Apache-AuthCAS', 'fixed_versions' => '>=0.5', 'id' => 'CPANSA-Apache-AuthCAS-2007-01', 'references' => [ 'https://metacpan.org/changes/distribution/Apache-AuthCAS', 'https://cxsecurity.com/issue/WLB-2007120031' ], 'reported' => '2007-12-13', 'severity' => 'high' } ], 'main_module' => 'Apache::AuthCAS', 'versions' => [ { 'date' => '2004-09-15T19:17:43', 'version' => '0.1' }, { 'date' => '2004-09-15T20:11:40', 'version' => '0.2' }, { 'date' => '2004-10-05T22:51:50', 'version' => '0.3' }, { 'date' => '2004-10-13T00:45:52', 'version' => '0.4' }, { 'date' => '2008-03-23T23:03:16', 'version' => '0.5' } ] }, 'Apache-AuthenHook' => { 'advisories' => [ { 'affected_versions' => '>=2.00_04', 'cves' => [ 'CVE-2010-3845' ], 'description' => 'libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log. ', 'distribution' => 'Apache-AuthenHook', 'fixed_versions' => undef, 'id' => 'CPANSA-Apache-AuthenHook-2010-3845', 'references' => [ 'https://rt.cpan.org/Public/Bug/Display.html?id=62040', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599712', 'http://seclists.org/oss-sec/2010/q4/63' ], 'reported' => '2017-08-08', 'severity' => 'critical' } ], 'main_module' => 'Apache::AuthenHook', 'versions' => [ { 'date' => '2003-06-20T19:05:21', 'version' => '2.00_01' }, { 'date' => '2004-04-06T01:20:10', 'version' => '2.00_03' }, { 'date' => '2005-04-14T12:57:55', 'version' => '2.00_04' } ] }, 'Apache-MP3' => { 'advisories' => [ { 'affected_versions' => '<2.15', 'cves' => [], 'description' => 'A security bug allowed people to bypass the AllowDownload setting. ', 'distribution' => 'Apache-MP3', 'fixed_versions' => '>=2.15', 'id' => 'CPANSA-Apache-MP3-2001-01', 'references' => [ 'https://metacpan.org/dist/Apache-MP3/changes' ], 'reported' => '2001-01-01', 'severity' => undef } ], 'main_module' => 'Apache::MP3', 'versions' => [ { 'date' => '2000-03-20T13:00:07', 'version' => '1.00' }, { 'date' => '2000-05-27T04:19:21', 'version' => '2.00' }, { 'date' => '2000-05-27T04:34:42', 'version' => '2.01' }, { 'date' => '2000-05-28T16:17:59', 'version' => '2.02' }, { 'date' => '2000-08-23T13:46:23', 'version' => '2.04' }, { 'date' => '2000-08-25T14:45:54', 'version' => '2.05' }, { 'date' => '2000-08-26T03:41:07', 'version' => '2.06' }, { 'date' => '2000-08-31T20:28:28', 'version' => '2.08' }, { 'date' => '2000-09-03T18:31:17', 'version' => '2.10' }, { 'date' => '2000-09-09T22:12:04', 'version' => '2.11' }, { 'date' => '2000-11-21T22:15:07', 'version' => '2.12' }, { 'date' => '2000-12-31T04:29:03', 'version' => '2.14' }, { 'date' => '2001-01-02T03:37:33', 'version' => '2.15' }, { 'date' => '2001-05-01T02:43:47', 'version' => '2.16' }, { 'date' => '2001-06-10T22:02:46', 'version' => '2.18' }, { 'date' => '2001-07-17T01:39:59', 'version' => '2.19' }, { 'date' => '2001-09-26T01:14:42', 'version' => '2.20' }, { 'date' => '2002-01-06T20:38:33', 'version' => '2.22' }, { 'date' => '2002-05-31T01:12:04', 'version' => '2.26' }, { 'date' => '2002-08-16T04:18:25', 'version' => '3.00' }, { 'date' => '2002-08-18T17:41:46', 'version' => '3.01' }, { 'date' => '2002-10-14T03:26:03', 'version' => '3.03' }, { 'date' => '2003-02-15T00:51:19', 'version' => '3.04' }, { 'date' => '2003-10-06T14:12:34', 'version' => '3.05' }, { 'date' => '2006-04-15T01:26:38', 'version' => '4.00' } ] }, 'Apache-Session-Browseable' => { 'advisories' => [ { 'affected_versions' => '<1.3.6', 'cves' => [ 'CVE-2020-36659' ], 'description' => 'In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. ', 'distribution' => 'Apache-Session-Browseable', 'fixed_versions' => '>=1.3.6', 'id' => 'CPANSA-Apache-Session-Browseable-2020-36659', 'references' => [ 'https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f', 'https://lists.debian.org/debian-lts-announce/2023/01/msg00025.html' ], 'reported' => '2023-01-27', 'severity' => undef } ], 'main_module' => 'Apache::Session::Browseable', 'versions' => [ { 'date' => '2009-10-31T08:09:42', 'version' => '0.1' }, { 'date' => '2009-11-01T09:10:13', 'version' => '0.2' }, { 'date' => '2009-11-01T16:21:16', 'version' => '0.3' }, { 'date' => '2010-08-16T15:26:19', 'version' => '0.4' }, { 'date' => '2010-12-06T21:08:25', 'version' => '0.5' }, { 'date' => '2010-12-08T15:45:21', 'version' => '0.6' }, { 'date' => '2012-06-24T07:14:37', 'version' => '0.7' }, { 'date' => '2012-10-13T16:15:41', 'version' => '0.8' }, { 'date' => '2013-02-28T06:05:09', 'version' => '0.9' }, { 'date' => '2013-08-28T04:42:23', 'version' => '1.0' }, { 'date' => '2013-08-30T04:47:02', 'version' => '1.0' }, { 'date' => '2013-10-20T05:39:14', 'version' => 'v1.0.2' }, { 'date' => '2015-06-12T15:56:45', 'version' => '1.1' }, { 'date' => '2016-03-09T05:31:13', 'version' => '1.2' }, { 'date' => '2016-03-10T06:30:41', 'version' => 'v1.2.1' }, { 'date' => '2016-04-01T11:34:51', 'version' => 'v1.2.2' }, { 'date' => '2016-06-07T13:59:19', 'version' => 'v1.2.3' }, { 'date' => '2017-02-19T07:34:18', 'version' => 'v1.2.4' }, { 'date' => '2017-04-04T05:18:26', 'version' => 'v1.2.5' }, { 'date' => '2017-09-12T09:35:30', 'version' => 'v1.2.5' }, { 'date' => '2017-10-03T05:00:07', 'version' => 'v1.2.7' }, { 'date' => '2017-10-03T10:42:35', 'version' => 'v1.2.8' }, { 'date' => '2019-02-08T06:29:20', 'version' => 'v1.2.9' }, { 'date' => '2019-02-08T09:31:22', 'version' => 'v1.3.0' }, { 'date' => '2019-05-04T10:55:48', 'version' => 'v1.3.1' }, { 'date' => '2019-07-04T18:30:30', 'version' => 'v1.3.2' }, { 'date' => '2019-09-19T20:44:43', 'version' => 'v1.3.3' }, { 'date' => '2019-11-20T19:43:04', 'version' => 'v1.3.4' }, { 'date' => '2020-01-21T10:20:26', 'version' => 'v1.3.5' }, { 'date' => '2020-09-04T13:23:31', 'version' => 'v1.3.6' }, { 'date' => '2020-09-04T13:39:40', 'version' => 'v1.3.7' }, { 'date' => '2020-09-06T21:03:06', 'version' => 'v1.3.8' }, { 'date' => '2021-08-10T04:44:06', 'version' => 'v1.3.9' }, { 'date' => '2022-03-08T13:51:31', 'version' => 'v1.3.10' }, { 'date' => '2022-09-26T16:41:24', 'version' => 'v1.3.11' }, { 'date' => '2023-07-06T10:43:25', 'version' => 'v1.3.12' }, { 'date' => '2023-07-06T11:38:32', 'version' => 'v1.3.13' } ] }, 'Apache-Session-LDAP' => { 'advisories' => [ { 'affected_versions' => '<0.5', 'cves' => [ 'CVE-2020-36658' ], 'description' => 'In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. ', 'distribution' => 'Apache-Session-LDAP', 'fixed_versions' => '>=0.5', 'id' => 'CPANSA-Apache-Session-LDAP-2020-36658', 'references' => [ 'https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f', 'https://lists.debian.org/debian-lts-announce/2023/01/msg00024.html' ], 'reported' => '2023-01-27', 'severity' => undef } ], 'main_module' => 'Apache::Session::LDAP', 'versions' => [ { 'date' => '2009-04-18T17:09:10', 'version' => '0.01' }, { 'date' => '2009-04-18T19:43:50', 'version' => '0.02' }, { 'date' => '2010-12-08T15:30:51', 'version' => '0.1' }, { 'date' => '2012-06-26T04:22:47', 'version' => '0.2' }, { 'date' => '2014-10-24T12:21:07', 'version' => '0.2' }, { 'date' => '2015-06-12T15:47:40', 'version' => '0.4' }, { 'date' => '2020-09-06T13:13:20', 'version' => '0.2' } ] }, 'Apache-SessionX' => { 'advisories' => [ { 'affected_versions' => '<2.01', 'cves' => [], 'description' => 'Problem in session_id validation, which allows creation of session with invalid ids. ', 'distribution' => 'Apache-SessionX', 'fixed_versions' => '>=2.01', 'id' => 'CPANSA-Apache-SessionX-2005-01', 'references' => [ 'https://metacpan.org/changes/distribution/Apache-SessionX' ], 'reported' => '2005-11-15' } ], 'main_module' => 'Apache::SessionX', 'versions' => [ { 'date' => '2001-11-20T15:36:53', 'version' => '2.00' }, { 'date' => '2003-03-02T14:18:57', 'version' => '2.00' }, { 'date' => '2005-11-15T05:21:49', 'version' => '2.01' } ] }, 'Apache-Wyrd' => { 'advisories' => [ { 'affected_versions' => '<0.97', 'cves' => [], 'description' => 'User-submitted data cab be executed if it is displayed on a page, if the data contains a string that can be interpreted as a Wyrd. ', 'distribution' => 'Apache-Wyrd', 'fixed_versions' => '>=0.97', 'id' => 'CPANSA-Apache-Wyrd-2008-01', 'references' => [ 'https://metacpan.org/dist/Apache-Wyrd/changes' ], 'reported' => '2008-04-14', 'severity' => undef } ], 'main_module' => 'Apache::Wyrd', 'versions' => [ { 'date' => '2004-03-17T21:36:52', 'version' => '0.8' }, { 'date' => '2004-03-18T22:52:04', 'version' => '0.81' }, { 'date' => '2004-03-25T23:52:49', 'version' => '0.82' }, { 'date' => '2004-08-19T15:42:55', 'version' => '0.83' }, { 'date' => '2004-09-03T19:44:01', 'version' => '0.84' }, { 'date' => '2004-09-22T16:08:23', 'version' => '0.85' }, { 'date' => '2004-09-23T02:04:43', 'version' => '0.86' }, { 'date' => '2004-10-31T20:59:42', 'version' => '0.87' }, { 'date' => '2004-12-16T20:56:33', 'version' => '0.90' }, { 'date' => '2005-01-09T21:52:49', 'version' => '0.91' }, { 'date' => '2005-01-13T17:42:18', 'version' => '0.92' }, { 'date' => '2005-03-25T21:22:56', 'version' => '0.93' }, { 'date' => '2006-10-22T22:57:04', 'version' => '0.94' }, { 'date' => '2007-04-30T23:02:05', 'version' => '0.95' }, { 'date' => '2007-05-01T15:20:02', 'version' => '0.96' }, { 'date' => '2008-04-14T18:49:14', 'version' => '0.97' }, { 'date' => '2008-04-15T21:32:47', 'version' => '0.98' } ] }, 'App-Context' => { 'advisories' => [ { 'affected_versions' => '>=0.01,<=0.968', 'cves' => [ 'CVE-2012-6141' ], 'description' => 'The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized. ', 'distribution' => 'App-Context', 'fixed_versions' => '>0.968', 'id' => 'CPANSA-App-Context-2012-6141', 'references' => [ 'http://seclists.org/oss-sec/2013/q2/318', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/84198' ], 'reported' => '2014-06-04', 'severity' => undef } ], 'main_module' => 'App::Context', 'versions' => [ { 'date' => '2002-10-10T21:31:39', 'version' => '0.01' }, { 'date' => '2004-09-02T21:17:44', 'version' => '0.90' }, { 'date' => '2005-01-07T14:02:06', 'version' => '0.93' }, { 'date' => '2005-08-09T20:05:02', 'version' => '0.95' }, { 'date' => '2006-03-10T04:24:13', 'version' => '0.96' }, { 'date' => '2006-03-12T01:30:11', 'version' => '0.962' }, { 'date' => '2006-07-25T02:30:21', 'version' => '0.963' }, { 'date' => '2006-09-04T19:41:12', 'version' => '0.964' }, { 'date' => '2007-04-17T13:33:24', 'version' => '0.965' }, { 'date' => '2008-02-27T03:13:41', 'version' => '0.966' }, { 'date' => '2008-02-27T14:19:23', 'version' => '0.9661' }, { 'date' => '2009-09-11T14:31:52', 'version' => '0.967' }, { 'date' => '2010-06-09T21:33:19', 'version' => '0.968' } ] }, 'App-Github-Email' => { 'advisories' => [ { 'affected_versions' => '<0.3.3', 'cves' => [ 'CVE-2015-7686' ], 'description' => 'Insecure dependency on Email::Address. ', 'distribution' => 'App-Github-Email', 'fixed_versions' => '>=0.3.3', 'id' => 'CPANSA-App-Github-Email-2018-01', 'references' => [ 'https://metacpan.org/changes/distribution/App-Github-Email', 'https://github.com/faraco/App-Github-Email/commit/b7f052280d1c8ae97bdefc106ca3cbba4aea7213' ], 'reported' => '2018-01-20' } ], 'main_module' => 'App::Github::Email', 'versions' => [ { 'date' => '2017-01-16T08:03:02', 'version' => '0.0.1' }, { 'date' => '2017-01-16T12:56:51', 'version' => '0.0.2' }, { 'date' => '2017-01-16T17:38:16', 'version' => '0.0.3' }, { 'date' => '2017-03-11T10:45:23', 'version' => '0.0.4' }, { 'date' => '2017-04-05T11:19:02', 'version' => '0.0.5' }, { 'date' => '2017-04-15T17:35:18', 'version' => '0.0.6' }, { 'date' => '2017-05-19T05:05:24', 'version' => '0.0.7' }, { 'date' => '2017-12-18T14:11:19', 'version' => '0.1.0' }, { 'date' => '2017-12-21T08:24:12', 'version' => '0.1.1' }, { 'date' => '2018-01-15T03:18:05', 'version' => '0.2.0' }, { 'date' => '2018-01-20T12:55:34', 'version' => '0.2.1' }, { 'date' => '2018-08-30T16:07:18', 'version' => '0.3.1' }, { 'date' => '2018-08-30T16:13:54', 'version' => '0.3.2' }, { 'date' => '2018-08-31T03:49:31', 'version' => '0.3.3' } ] }, 'App-cpanminus' => { 'advisories' => [ { 'affected_versions' => '<=1.7044', 'cves' => [ 'CVE-2020-16154' ], 'description' => 'The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. ', 'distribution' => 'App-cpanminus', 'fixed_versions' => undef, 'id' => 'CPANSA-App-cpanminus-2020-01', 'references' => [ 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DENFY4CRTIZL5WYYUYUM4VKCJNXO4QIW/', 'https://metacpan.org/pod/App::cpanminus', 'https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/' ], 'reported' => '2020-07-30' } ], 'main_module' => 'App::cpanminus', 'versions' => [ { 'date' => '2010-02-20T02:27:00', 'version' => '0.01' }, { 'date' => '2010-02-20T03:14:10', 'version' => '0.02' }, { 'date' => '2010-02-20T03:39:56', 'version' => '0.03' }, { 'date' => '2010-02-20T05:04:01', 'version' => '0.04' }, { 'date' => '2010-02-20T05:16:03', 'version' => '0.05' }, { 'date' => '2010-02-20T05:48:44', 'version' => '0.06' }, { 'date' => '2010-02-20T20:20:08', 'version' => '0.07' }, { 'date' => '2010-02-20T23:41:01', 'version' => '0.08' }, { 'date' => '2010-02-21T07:48:49', 'version' => '0.09' }, { 'date' => '2010-02-23T20:52:46', 'version' => '0.99_01' }, { 'date' => '2010-02-24T06:20:33', 'version' => '0.99_02' }, { 'date' => '2010-02-24T07:05:47', 'version' => '0.99_03' }, { 'date' => '2010-02-25T17:20:05', 'version' => '0.99_04' }, { 'date' => '2010-02-25T22:42:22', 'version' => '0.99_05' }, { 'date' => '2010-02-25T22:51:43', 'version' => '0.99_06' }, { 'date' => '2010-02-28T05:14:30', 'version' => '0.99_07' }, { 'date' => '2010-03-01T05:59:15', 'version' => '0.9910' }, { 'date' => '2010-03-02T00:29:51', 'version' => '0.9911' }, { 'date' => '2010-03-03T02:55:22', 'version' => '0.9912' }, { 'date' => '2010-03-03T03:21:59', 'version' => '0.9913' }, { 'date' => '2010-03-04T08:42:03', 'version' => '0.9914' }, { 'date' => '2010-03-04T09:58:11', 'version' => '0.9915' }, { 'date' => '2010-03-04T19:35:22', 'version' => '0.9916' }, { 'date' => '2010-03-09T13:58:32', 'version' => '0.9917' }, { 'date' => '2010-03-10T02:26:03', 'version' => '0.9918' }, { 'date' => '2010-03-10T02:41:31', 'version' => '0.9919' }, { 'date' => '2010-03-10T09:49:22', 'version' => '0.99_20' }, { 'date' => '2010-03-10T15:03:38', 'version' => '0.9921' }, { 'date' => '2010-03-11T02:01:28', 'version' => '0.9922' }, { 'date' => '2010-03-16T00:07:01', 'version' => '0.9923' }, { 'date' => '2010-03-22T05:05:33', 'version' => '0.99_24' }, { 'date' => '2010-03-23T02:54:44', 'version' => '0.99_25' }, { 'date' => '2010-03-23T03:24:34', 'version' => '0.99_26' }, { 'date' => '2010-03-23T18:24:55', 'version' => '0.9927' }, { 'date' => '2010-03-26T05:09:12', 'version' => '0.9928' }, { 'date' => '2010-03-27T04:42:41', 'version' => '0.9929' }, { 'date' => '2010-03-30T21:29:41', 'version' => '0.9930' }, { 'date' => '2010-04-05T01:18:12', 'version' => '0.9931' }, { 'date' => '2010-04-05T23:28:11', 'version' => '0.9932' }, { 'date' => '2010-04-11T07:51:27', 'version' => '0.99_33' }, { 'date' => '2010-04-11T11:55:44', 'version' => '0.9934' }, { 'date' => '2010-04-12T11:09:47', 'version' => '0.999_01' }, { 'date' => '2010-04-13T07:11:08', 'version' => '0.999_02' }, { 'date' => '2010-04-14T09:29:25', 'version' => '0.999_03' }, { 'date' => '2010-04-14T09:30:52', 'version' => '0.9935' }, { 'date' => '2010-04-19T06:23:01', 'version' => '0.999_04' }, { 'date' => '2010-04-21T11:40:46', 'version' => '0.999_05' }, { 'date' => '2010-04-21T11:53:47', 'version' => '0.9936' }, { 'date' => '2010-04-24T08:23:24', 'version' => '1.0000' }, { 'date' => '2010-04-24T08:26:40', 'version' => '1.0001' }, { 'date' => '2010-05-02T03:51:09', 'version' => '1.0002' }, { 'date' => '2010-05-04T23:16:18', 'version' => '1.0003' }, { 'date' => '2010-05-14T23:10:54', 'version' => '1.0004' }, { 'date' => '2010-07-02T23:39:32', 'version' => '1.0005' }, { 'date' => '2010-07-02T23:54:14', 'version' => '1.0006' }, { 'date' => '2010-07-30T19:55:47', 'version' => '1.0010' }, { 'date' => '2010-08-18T23:42:36', 'version' => '1.0011' }, { 'date' => '2010-08-20T19:58:19', 'version' => '1.0012' }, { 'date' => '2010-09-12T19:54:17', 'version' => '1.0013' }, { 'date' => '2010-09-21T19:43:20', 'version' => '1.0014' }, { 'date' => '2010-09-24T23:52:00', 'version' => '1.0015' }, { 'date' => '2010-11-12T07:57:33', 'version' => '1.1000' }, { 'date' => '2010-11-12T20:37:49', 'version' => '1.1001' }, { 'date' => '2010-11-17T02:28:44', 'version' => '1.1002' }, { 'date' => '2010-11-25T09:18:34', 'version' => '1.1003' }, { 'date' => '2010-11-30T18:07:12', 'version' => '1.1004' }, { 'date' => '2010-12-14T23:08:40', 'version' => '1.1005' }, { 'date' => '2010-12-16T19:32:01', 'version' => '1.1006' }, { 'date' => '2011-01-18T17:40:16', 'version' => '1.1007' }, { 'date' => '2011-01-18T20:54:34', 'version' => '1.19_01' }, { 'date' => '2011-01-18T22:11:52', 'version' => '1.19_02' }, { 'date' => '2011-01-26T22:08:11', 'version' => '1.1008' }, { 'date' => '2011-02-16T18:11:52', 'version' => '1.2000' }, { 'date' => '2011-02-16T18:55:46', 'version' => '1.2001' }, { 'date' => '2011-03-01T02:59:25', 'version' => '1.29_01' }, { 'date' => '2011-03-02T00:09:00', 'version' => '1.29_02' }, { 'date' => '2011-03-02T22:41:40', 'version' => '1.3000' }, { 'date' => '2011-03-04T02:35:03', 'version' => '1.3001' }, { 'date' => '2011-03-04T03:54:53', 'version' => '1.30_02' }, { 'date' => '2011-03-04T08:32:56', 'version' => '1.30_03' }, { 'date' => '2011-03-04T08:53:22', 'version' => '1.30_04' }, { 'date' => '2011-03-04T09:41:34', 'version' => '1.30_05' }, { 'date' => '2011-03-04T22:57:43', 'version' => '1.30_06' }, { 'date' => '2011-03-04T23:20:45', 'version' => '1.30_07' }, { 'date' => '2011-03-05T00:07:44', 'version' => '1.30_08' }, { 'date' => '2011-03-05T02:16:54', 'version' => '1.30_09' }, { 'date' => '2011-03-05T22:57:38', 'version' => '1.30_10' }, { 'date' => '2011-03-06T09:37:36', 'version' => '1.30_11' }, { 'date' => '2011-03-07T03:00:09', 'version' => '1.30_12' }, { 'date' => '2011-03-07T18:54:03', 'version' => '1.30_13' }, { 'date' => '2011-03-08T09:11:33', 'version' => '1.4000' }, { 'date' => '2011-03-08T18:11:57', 'version' => '1.4001' }, { 'date' => '2011-03-09T01:57:18', 'version' => '1.4002' }, { 'date' => '2011-03-10T02:15:19', 'version' => '1.4003' }, { 'date' => '2011-03-10T18:09:34', 'version' => '1.4004' }, { 'date' => '2011-05-11T19:49:38', 'version' => '1.4005' }, { 'date' => '2011-05-16T17:17:29', 'version' => '1.4006' }, { 'date' => '2011-05-17T17:54:45', 'version' => '1.4007' }, { 'date' => '2011-06-16T01:00:00', 'version' => '1.4008' }, { 'date' => '2011-06-26T17:59:17', 'version' => '1.49_01' }, { 'date' => '2011-10-12T09:57:03', 'version' => '1.49_02' }, { 'date' => '2011-10-13T06:40:49', 'version' => '1.5000' }, { 'date' => '2011-10-13T15:21:16', 'version' => '1.5001' }, { 'date' => '2011-10-18T00:13:36', 'version' => '1.5002' }, { 'date' => '2011-10-19T07:31:10', 'version' => '1.5003' }, { 'date' => '2011-11-08T22:29:31', 'version' => '1.5004' }, { 'date' => '2011-11-22T21:31:21', 'version' => '1.5005' }, { 'date' => '2011-11-29T19:49:42', 'version' => '1.5006' }, { 'date' => '2011-12-20T18:18:50', 'version' => '1.5007' }, { 'date' => '2012-03-18T01:23:40', 'version' => '1.5008' }, { 'date' => '2012-03-30T16:45:43', 'version' => '1.5009' }, { 'date' => '2012-03-31T11:01:47', 'version' => '1.5010' }, { 'date' => '2012-04-12T09:59:39', 'version' => '1.5011' }, { 'date' => '2012-05-11T03:50:22', 'version' => '1.5012' }, { 'date' => '2012-05-12T03:18:19', 'version' => '1.5013' }, { 'date' => '2012-06-13T01:34:12', 'version' => '1.5014' }, { 'date' => '2012-06-24T22:37:49', 'version' => '1.5015' }, { 'date' => '2012-07-17T19:02:48', 'version' => '1.5016' }, { 'date' => '2012-07-18T15:41:26', 'version' => '1.5017' }, { 'date' => '2012-09-19T05:42:19', 'version' => '1.5018' }, { 'date' => '2012-12-22T17:22:02', 'version' => '1.5019' }, { 'date' => '2013-01-29T18:32:26', 'version' => '1.5020' }, { 'date' => '2013-01-31T08:45:31', 'version' => '1.5021' }, { 'date' => '2013-01-31T18:07:46', 'version' => '1.59_01' }, { 'date' => '2013-02-01T03:12:10', 'version' => '1.59_02' }, { 'date' => '2013-02-01T18:54:58', 'version' => '1.59_03' }, { 'date' => '2013-02-03T17:07:16', 'version' => '1.59_04' }, { 'date' => '2013-02-04T19:52:48', 'version' => '1.59_05' }, { 'date' => '2013-02-05T20:40:30', 'version' => '1.59_06' }, { 'date' => '2013-02-06T19:17:51', 'version' => '1.59_07' }, { 'date' => '2013-02-06T19:32:27', 'version' => '1.59_08' }, { 'date' => '2013-02-07T09:59:04', 'version' => '1.59_09' }, { 'date' => '2013-02-08T00:29:16', 'version' => '1.59_10' }, { 'date' => '2013-02-11T22:12:12', 'version' => '1.59_11' }, { 'date' => '2013-02-14T02:15:12', 'version' => '1.59_12' }, { 'date' => '2013-02-25T20:16:34', 'version' => '1.59_13' }, { 'date' => '2013-02-26T17:57:00', 'version' => '1.6000' }, { 'date' => '2013-02-27T01:04:54', 'version' => '1.6001' }, { 'date' => '2013-02-27T20:13:45', 'version' => '1.6002' }, { 'date' => '2013-03-08T19:03:47', 'version' => '1.6003' }, { 'date' => '2013-03-08T19:32:25', 'version' => '1.6004' }, { 'date' => '2013-03-08T19:48:06', 'version' => '1.6005' }, { 'date' => '2013-03-14T06:00:27', 'version' => '1.6006' }, { 'date' => '2013-03-17T21:34:17', 'version' => '1.6007' }, { 'date' => '2013-03-19T17:03:36', 'version' => '1.6008' }, { 'date' => '2013-03-25T04:10:51', 'version' => '1.6100' }, { 'date' => '2013-03-25T20:41:37', 'version' => '1.6101' }, { 'date' => '2013-03-28T00:16:09', 'version' => '1.6102' }, { 'date' => '2013-03-30T21:36:49', 'version' => '1.6103' }, { 'date' => '2013-04-03T01:04:42', 'version' => '1.6104' }, { 'date' => '2013-04-05T05:17:38', 'version' => '1.6105' }, { 'date' => '2013-04-06T21:19:18', 'version' => '1.6106' }, { 'date' => '2013-04-07T04:19:16', 'version' => '1.6107' }, { 'date' => '2013-04-13T06:32:52', 'version' => '1.6108' }, { 'date' => '2013-04-13T11:48:43', 'version' => '1.6190' }, { 'date' => '2013-04-14T03:09:40', 'version' => '1.6191' }, { 'date' => '2013-04-14T08:17:32', 'version' => '1.6192' }, { 'date' => '2013-04-15T07:37:08', 'version' => '1.6193' }, { 'date' => '2013-04-15T07:42:51', 'version' => '1.6900' }, { 'date' => '2013-04-21T00:50:44', 'version' => '1.6901' }, { 'date' => '2013-04-21T01:06:02', 'version' => '1.6109' }, { 'date' => '2013-04-21T01:18:10', 'version' => '1.6902' }, { 'date' => '2013-04-22T01:07:09', 'version' => '1.6903' }, { 'date' => '2013-04-24T02:24:37', 'version' => '1.6904' }, { 'date' => '2013-04-24T03:05:21', 'version' => '1.6905' }, { 'date' => '2013-04-25T06:20:23', 'version' => '1.6906' }, { 'date' => '2013-04-26T18:40:08', 'version' => '1.6907' }, { 'date' => '2013-04-27T01:12:17', 'version' => '1.6908' }, { 'date' => '2013-04-29T08:49:53', 'version' => '1.6909' }, { 'date' => '2013-05-03T07:29:32', 'version' => '1.6910' }, { 'date' => '2013-05-04T20:28:02', 'version' => '1.6911' }, { 'date' => '2013-05-06T20:59:52', 'version' => '1.6912' }, { 'date' => '2013-05-10T00:05:10', 'version' => '1.6913' }, { 'date' => '2013-05-12T23:03:52', 'version' => '1.6914' }, { 'date' => '2013-05-16T02:01:33', 'version' => '1.6915' }, { 'date' => '2013-06-04T10:55:37', 'version' => '1.6916' }, { 'date' => '2013-06-05T01:07:33', 'version' => '1.6917' }, { 'date' => '2013-06-10T20:03:21', 'version' => '1.6918' }, { 'date' => '2013-06-12T15:33:22', 'version' => '1.6919' }, { 'date' => '2013-06-14T21:09:54', 'version' => '1.6920' }, { 'date' => '2013-06-18T10:19:43', 'version' => '1.6921' }, { 'date' => '2013-06-19T20:57:09', 'version' => '1.6922' }, { 'date' => '2013-07-04T05:17:11', 'version' => '1.6923' }, { 'date' => '2013-07-16T18:38:21', 'version' => '1.6924' }, { 'date' => '2013-07-20T05:08:06', 'version' => '1.6925' }, { 'date' => '2013-07-20T16:03:14', 'version' => '1.6926' }, { 'date' => '2013-07-23T07:45:33', 'version' => '1.6927' }, { 'date' => '2013-07-23T21:07:02', 'version' => '1.6928' }, { 'date' => '2013-07-24T18:46:29', 'version' => '1.6929' }, { 'date' => '2013-07-24T20:48:14', 'version' => '1.6930' }, { 'date' => '2013-07-24T21:51:33', 'version' => '1.6931' }, { 'date' => '2013-07-24T22:29:04', 'version' => '1.6932' }, { 'date' => '2013-07-25T16:58:24', 'version' => '1.6933' }, { 'date' => '2013-07-26T23:17:21', 'version' => '1.6934' }, { 'date' => '2013-07-31T18:36:57', 'version' => '1.6935' }, { 'date' => '2013-08-05T04:37:54', 'version' => '1.6936' }, { 'date' => '2013-08-06T01:55:29', 'version' => '1.6937' }, { 'date' => '2013-08-06T06:12:45', 'version' => '1.6938' }, { 'date' => '2013-08-06T09:55:55', 'version' => '1.6939' }, { 'date' => '2013-08-08T19:36:34', 'version' => '1.6940' }, { 'date' => '2013-08-20T18:32:44', 'version' => '1.6941' }, { 'date' => '2013-08-27T18:11:47', 'version' => '1.6942' }, { 'date' => '2013-09-03T23:40:37', 'version' => '1.6943' }, { 'date' => '2013-09-04T22:02:21', 'version' => '1.7000' }, { 'date' => '2013-09-08T20:12:16', 'version' => '1.7001' }, { 'date' => '2013-09-19T05:31:34', 'version' => '1.7100' }, { 'date' => '2013-09-19T11:15:59', 'version' => '1.7101' }, { 'date' => '2013-09-20T04:33:50', 'version' => '1.7102' }, { 'date' => '2014-04-27T05:46:31', 'version' => '1.7002' }, { 'date' => '2014-04-27T15:11:46', 'version' => '1.7003' }, { 'date' => '2014-04-27T16:23:35', 'version' => '1.7004' }, { 'date' => '2014-09-02T04:00:49', 'version' => '1.7005' }, { 'date' => '2014-09-02T06:27:35', 'version' => '1.7006' }, { 'date' => '2014-09-05T12:04:41', 'version' => '1.7005' }, { 'date' => '2014-09-05T22:45:37', 'version' => '1.7006' }, { 'date' => '2014-09-09T16:26:54', 'version' => '1.7007' }, { 'date' => '2014-09-10T08:19:24', 'version' => '1.7008' }, { 'date' => '2014-09-10T08:44:00', 'version' => '1.7009' }, { 'date' => '2014-09-17T09:28:23', 'version' => '1.7010' }, { 'date' => '2014-09-22T06:08:51', 'version' => '1.7011' }, { 'date' => '2014-09-27T02:29:33', 'version' => '1.7012' }, { 'date' => '2014-10-07T06:52:45', 'version' => '1.7013' }, { 'date' => '2014-10-08T03:54:02', 'version' => '1.7014' }, { 'date' => '2014-11-14T21:14:40', 'version' => '1.7015' }, { 'date' => '2014-11-16T19:47:26', 'version' => '1.7016' }, { 'date' => '2014-11-25T22:01:56', 'version' => '1.7017' }, { 'date' => '2014-11-25T22:08:49', 'version' => '1.7018' }, { 'date' => '2014-12-04T20:52:24', 'version' => '1.7019' }, { 'date' => '2014-12-09T01:54:37', 'version' => '1.7020' }, { 'date' => '2014-12-12T05:43:01', 'version' => '1.7021' }, { 'date' => '2014-12-13T00:42:15', 'version' => '1.7022' }, { 'date' => '2015-01-04T23:00:30', 'version' => '1.7023' }, { 'date' => '2015-01-12T21:32:45', 'version' => '1.7024' }, { 'date' => '2015-02-07T06:59:17', 'version' => '1.7025' }, { 'date' => '2015-02-14T01:12:18', 'version' => '1.7026' }, { 'date' => '2015-02-14T20:15:20', 'version' => '1.7027' }, { 'date' => '2015-04-17T17:24:16', 'version' => '1.7028' }, { 'date' => '2015-04-18T22:16:17', 'version' => '1.7029' }, { 'date' => '2015-04-19T12:15:59', 'version' => '1.7030' }, { 'date' => '2015-04-22T21:14:17', 'version' => '1.7031' }, { 'date' => '2015-04-30T01:52:49', 'version' => '1.7032' }, { 'date' => '2015-05-02T00:18:54', 'version' => '1.7033' }, { 'date' => '2015-05-07T21:21:07', 'version' => '1.7034' }, { 'date' => '2015-06-05T17:51:53', 'version' => '1.7035' }, { 'date' => '2015-06-06T05:08:20', 'version' => '1.7036' }, { 'date' => '2015-06-18T21:38:47', 'version' => '1.7037' }, { 'date' => '2015-06-23T01:05:25', 'version' => '1.7038' }, { 'date' => '2015-06-29T01:06:18', 'version' => '1.7039' }, { 'date' => '2016-01-07T19:29:19', 'version' => '1.7040' }, { 'date' => '2016-05-08T18:29:30', 'version' => '1.7041' }, { 'date' => '2016-05-24T07:49:34', 'version' => '1.7042' }, { 'date' => '2017-04-03T03:57:15', 'version' => '1.7043' }, { 'date' => '2018-04-19T11:54:56', 'version' => '1.7044' }, { 'date' => '2018-04-20T12:17:48', 'version' => '1.7900' }, { 'date' => '2018-04-20T12:20:35', 'version' => '1.7901' }, { 'date' => '2018-04-20T12:43:24', 'version' => '1.7902' }, { 'date' => '2018-04-20T14:54:30', 'version' => '1.7903' }, { 'date' => '2018-04-20T21:22:56', 'version' => '1.7904' }, { 'date' => '2018-04-21T09:40:47', 'version' => '1.7905' }, { 'date' => '2018-04-21T10:57:20', 'version' => '1.9015' }, { 'date' => '2018-04-21T11:17:58', 'version' => '1.9016' }, { 'date' => '2018-04-21T17:31:13', 'version' => '1.9017' }, { 'date' => '2018-04-22T13:54:32', 'version' => '1.9018' }, { 'date' => '2018-04-25T09:27:31', 'version' => '1.7906' }, { 'date' => '2018-04-26T11:36:59', 'version' => '1.7907' }, { 'date' => '2022-01-27T03:05:02', 'version' => '1.7045' }, { 'date' => '2022-04-27T06:01:26', 'version' => '1.7046' }, { 'date' => '2023-07-30T06:01:02', 'version' => '1.7047' } ] }, 'App-japerl' => { 'advisories' => [ { 'affected_versions' => '<0.09', 'cves' => [ 'CVE-2016-1238' ], 'description' => '(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. ', 'distribution' => 'App-japerl', 'fixed_versions' => '>=0.09', 'id' => 'CPANSA-App-japerl-2016-1238', 'references' => [ 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'severity' => 'high' } ], 'main_module' => 'App::japerl', 'versions' => [ { 'date' => '2018-09-07T15:19:24', 'version' => '0.10' }, { 'date' => '2018-09-08T15:07:20', 'version' => '0.11' }, { 'date' => '2019-07-14T03:35:18', 'version' => '0.12' }, { 'date' => '2021-02-18T14:03:58', 'version' => '0.13' }, { 'date' => '2021-09-18T18:20:37', 'version' => '0.14' }, { 'date' => '2023-03-25T01:04:11', 'version' => '0.15' } ] }, 'App-perlall' => { 'advisories' => [ { 'affected_versions' => '<0.33', 'cves' => [ 'CVE-2013-1667' ], 'description' => 'The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. ', 'distribution' => 'App-perlall', 'fixed_versions' => '>=0.33', 'id' => 'CPANSA-App-perlall-2013-1667', 'references' => [ 'http://www.securityfocus.com/bid/58311', 'http://perl5.git.perl.org/perl.git/commitdiff/d59e31f', 'http://perl5.git.perl.org/perl.git/commitdiff/9d83adc', 'http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html', 'http://www.debian.org/security/2013/dsa-2641', 'http://secunia.com/advisories/52499', 'http://secunia.com/advisories/52472', 'https://bugzilla.redhat.com/show_bug.cgi?id=912276', 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296', 'http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5', 'http://osvdb.org/90892', 'http://www.ubuntu.com/usn/USN-1770-1', 'http://rhn.redhat.com/errata/RHSA-2013-0685.html', 'http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html', 'http://marc.info/?l=bugtraq&m=137891988921058&w=2', 'http://www.mandriva.com/security/advisories?name=MDVSA-2013:113', 'https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094', 'http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/82598', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771' ], 'reported' => '2013-03-14', 'severity' => undef } ], 'main_module' => 'App::perlall', 'versions' => [ { 'date' => '2011-12-23T21:52:22', 'version' => '0.01' }, { 'date' => '2011-12-24T00:56:03', 'version' => '0.02' }, { 'date' => '2012-01-06T17:07:08', 'version' => '0.03' }, { 'date' => '2012-01-09T22:05:35', 'version' => '0.04' }, { 'date' => '2012-01-31T21:18:20', 'version' => '0.05' }, { 'date' => '2012-02-06T23:12:27', 'version' => '0.06' }, { 'date' => '2012-02-07T20:52:55', 'version' => '0.07' }, { 'date' => '2012-02-23T10:35:50', 'version' => '0.08' }, { 'date' => '2012-03-22T18:24:53', 'version' => '0.09' }, { 'date' => '2012-05-03T13:44:26', 'version' => '0.10' }, { 'date' => '2012-05-05T02:22:56', 'version' => '0.11' }, { 'date' => '2012-05-05T14:18:09', 'version' => '0.12' }, { 'date' => '2012-05-29T15:34:02', 'version' => '0.13' }, { 'date' => '2012-06-07T16:07:09', 'version' => '0.14' }, { 'date' => '2012-07-18T17:55:03', 'version' => '0.15' }, { 'date' => '2012-07-18T18:05:33', 'version' => '0.15_01' }, { 'date' => '2012-07-19T19:07:14', 'version' => '0.16' }, { 'date' => '2012-08-06T15:11:54', 'version' => '0.17' }, { 'date' => '2012-11-06T22:12:59', 'version' => '0.18' }, { 'date' => '2012-11-08T15:37:31', 'version' => '0.19' }, { 'date' => '2012-11-08T15:50:30', 'version' => '0.20' }, { 'date' => '2012-11-08T18:53:37', 'version' => '0.21' }, { 'date' => '2012-11-09T22:04:21', 'version' => '0.22' }, { 'date' => '2012-11-11T19:50:41', 'version' => '0.23' }, { 'date' => '2012-11-13T20:46:09', 'version' => '0.25' }, { 'date' => '2012-11-13T22:45:49', 'version' => '0.26' }, { 'date' => '2012-11-15T16:26:40', 'version' => '0.27' }, { 'date' => '2012-12-13T20:09:18', 'version' => '0.28' }, { 'date' => '2012-12-20T22:29:59', 'version' => '0.29' }, { 'date' => '2013-01-09T20:22:21', 'version' => '0.30' }, { 'date' => '2013-02-04T19:58:18', 'version' => '0.31' }, { 'date' => '2013-02-23T21:35:31', 'version' => '0.32' }, { 'date' => '2013-03-05T01:04:28', 'version' => '0.33' }, { 'date' => '2013-03-05T15:34:37', 'version' => '0.34' }, { 'date' => '2013-03-22T22:34:57', 'version' => '0.35' }, { 'date' => '2013-07-11T19:58:07', 'version' => '0.36' }, { 'date' => '2013-07-13T19:53:25', 'version' => '0.37' }, { 'date' => '2013-10-23T15:58:48', 'version' => '0.39' }, { 'date' => '2013-11-18T16:12:38', 'version' => '0.40' }, { 'date' => '2013-12-03T17:08:11', 'version' => '0.41' }, { 'date' => '2013-12-06T18:40:51', 'version' => '0.42' }, { 'date' => '2013-12-09T18:31:19', 'version' => '0.43' }, { 'date' => '2014-01-11T23:39:19', 'version' => '0.44' }, { 'date' => '2014-07-25T13:36:23', 'version' => '0.45' }, { 'date' => '2014-08-10T01:42:03', 'version' => '0.46' }, { 'date' => '2015-07-08T07:43:56', 'version' => '0.47' }, { 'date' => '2015-10-06T09:33:35', 'version' => '0.48' }, { 'date' => '2015-11-27T15:53:11', 'version' => '0.49' }, { 'date' => '2016-06-12T12:48:37', 'version' => '0.50' }, { 'date' => '2019-12-10T20:02:45', 'version' => '0.51' } ] }, 'Archive-Tar' => { 'advisories' => [ { 'affected_versions' => '<2.28', 'cves' => [ 'CVE-2018-12015' ], 'description' => 'In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. ', 'distribution' => 'Archive-Tar', 'fixed_versions' => undef, 'id' => 'CPANSA-Archive-Tar-2018-01', 'references' => [ 'https://security-tracker.debian.org/tracker/CVE-2018-12015', 'https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5' ], 'reported' => '2018-06-12', 'severity' => 'medium' }, { 'affected_versions' => '<=1.36', 'cves' => [ 'CVE-2007-4829' ], 'description' => 'Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences. ', 'distribution' => 'Archive-Tar', 'fixed_versions' => '>1.36', 'id' => 'CPANSA-Archive-Tar-2007-4829', 'references' => [ 'http://rt.cpan.org/Public/Bug/Display.html?id=29517', 'https://bugzilla.redhat.com/show_bug.cgi?id=295021', 'http://rt.cpan.org/Public/Bug/Display.html?id=30380', 'https://issues.rpath.com/browse/RPL-1716', 'http://www.securityfocus.com/bid/26355', 'http://secunia.com/advisories/27539', 'http://osvdb.org/40410', 'http://www.ubuntu.com/usn/usn-700-1', 'http://secunia.com/advisories/33314', 'http://www.ubuntu.com/usn/usn-700-2', 'http://www.gentoo.org/security/en/glsa/glsa-200812-10.xml', 'http://secunia.com/advisories/33116', 'http://www.vupen.com/english/advisories/2007/3755', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/38285', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658' ], 'reported' => '2007-11-02', 'severity' => undef }, { 'affected_versions' => '<2.10', 'cves' => [ 'CVE-2016-1238' ], 'description' => '\'(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.\' ', 'distribution' => 'Archive-Tar', 'fixed_versions' => '>=2.10', 'id' => 'CPANSA-Archive-Tar-2016-1238', 'references' => [ 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'severity' => 'high' } ], 'main_module' => 'Archive::Tar', 'versions' => [ { 'date' => '1998-02-02T06:13:59', 'version' => '0.071' }, { 'date' => '1998-04-10T17:07:35', 'version' => '0.072' }, { 'date' => '1998-07-30T00:56:03', 'version' => '0.08' }, { 'date' => '1999-01-10T02:22:23', 'version' => '0.20' }, { 'date' => '1999-02-02T19:01:41', 'version' => '0.21' }, { 'date' => '2000-04-28T00:37:46', 'version' => '0.22' }, { 'date' => '2003-01-21T23:07:30', 'version' => '0.23' }, { 'date' => '2003-03-18T17:08:50', 'version' => '0.99_01' }, { 'date' => '2003-03-26T14:57:35', 'version' => '0.99_02' }, { 'date' => '2003-04-28T16:01:24', 'version' => '0.99_03' }, { 'date' => '2003-04-28T16:57:58', 'version' => '0.99_04' }, { 'date' => '2003-04-30T12:52:19', 'version' => '0.99_05' }, { 'date' => '2003-05-05T12:06:35', 'version' => '0.99_06' }, { 'date' => '2003-05-31T09:27:33', 'version' => '1.00' }, { 'date' => '2003-06-08T10:46:56', 'version' => '1.01' }, { 'date' => '2003-06-12T09:47:58', 'version' => '1.02' }, { 'date' => '2003-06-26T12:52:19', 'version' => '1.03' }, { 'date' => '2003-07-27T17:07:50', 'version' => '1.04' }, { 'date' => '2003-08-25T13:38:44', 'version' => '1.05' }, { 'date' => '2003-10-15T14:35:12', 'version' => '1.06' }, { 'date' => '2003-10-17T11:42:14', 'version' => '1.07' }, { 'date' => '2004-01-05T12:59:23', 'version' => '1.08' }, { 'date' => '2004-05-22T12:32:02', 'version' => '1.09' }, { 'date' => '2004-06-11T19:24:06', 'version' => '1.10' }, { 'date' => '2004-11-09T16:12:40', 'version' => '1.20' }, { 'date' => '2004-11-10T16:04:13', 'version' => '1.21' }, { 'date' => '2004-11-21T10:09:52', 'version' => '1.22' }, { 'date' => '2004-12-03T15:53:06', 'version' => '1.23' }, { 'date' => '2005-05-03T13:11:19', 'version' => '1.24' }, { 'date' => '2005-08-20T10:14:40', 'version' => '1.25' }, { 'date' => '2005-08-22T09:29:53', 'version' => '1.26' }, { 'date' => '2006-01-19T13:31:53', 'version' => '1.28' }, { 'date' => '2006-03-03T13:56:20', 'version' => '1.29' }, { 'date' => '2006-08-02T15:00:41', 'version' => '1.30' }, { 'date' => '2007-05-18T12:18:49', 'version' => '1.31' }, { 'date' => '2007-05-25T09:32:48', 'version' => '1.32' }, { 'date' => '2007-08-15T14:20:33', 'version' => '1.34' }, { 'date' => '2007-09-16T09:13:21', 'version' => '1.36' }, { 'date' => '2007-11-11T11:59:00', 'version' => '1.37_01' }, { 'date' => '2007-12-24T11:02:07', 'version' => '1.38' }, { 'date' => '2008-08-22T16:33:49', 'version' => '1.39_01' }, { 'date' => '2008-08-25T03:56:58', 'version' => '1.39_02' }, { 'date' => '2008-08-25T22:07:56', 'version' => '1.39_03' }, { 'date' => '2008-09-08T12:14:37', 'version' => '1.39_04' }, { 'date' => '2008-10-13T13:42:10', 'version' => '1.40' }, { 'date' => '2008-12-13T17:10:15', 'version' => '1.42' }, { 'date' => '2009-01-19T17:08:08', 'version' => '1.44' }, { 'date' => '2009-03-05T16:10:06', 'version' => '1.46' }, { 'date' => '2009-04-20T17:07:30', 'version' => '1.48' }, { 'date' => '2009-06-12T12:01:54', 'version' => '1.50' }, { 'date' => '2009-06-13T11:29:50', 'version' => '1.52' }, { 'date' => '2009-09-10T12:13:03', 'version' => '1.54' }, { 'date' => '2010-02-03T14:40:15', 'version' => '1.56' }, { 'date' => '2010-02-17T21:47:16', 'version' => '1.58' }, { 'date' => '2010-04-23T14:12:31', 'version' => '1.60' }, { 'date' => '2010-06-28T21:02:59', 'version' => '1.62' }, { 'date' => '2010-07-09T11:04:45', 'version' => '1.64' }, { 'date' => '2010-07-26T08:44:00', 'version' => '1.66' }, { 'date' => '2010-08-17T16:06:19', 'version' => '1.68' }, { 'date' => '2010-11-15T22:02:53', 'version' => '1.70' }, { 'date' => '2010-11-18T19:22:01', 'version' => '1.72' }, { 'date' => '2010-12-18T21:19:51', 'version' => '1.74' }, { 'date' => '2011-01-07T22:27:40', 'version' => '1.76' }, { 'date' => '2011-09-08T22:13:33', 'version' => '1.78' }, { 'date' => '2011-10-13T10:25:39', 'version' => '1.80' }, { 'date' => '2011-11-21T12:14:43', 'version' => '1.82' }, { 'date' => '2012-03-03T00:00:05', 'version' => '1.84' }, { 'date' => '2012-05-24T11:38:09', 'version' => '1.86' }, { 'date' => '2012-06-01T11:06:25', 'version' => '1.88' }, { 'date' => '2012-09-05T18:19:00', 'version' => '1.90' }, { 'date' => '2013-06-18T15:13:27', 'version' => '1.92' }, { 'date' => '2013-10-22T14:28:22', 'version' => '0.93_01' }, { 'date' => '2013-10-22T14:36:08', 'version' => '1.93_02' }, { 'date' => '2013-10-24T18:02:48', 'version' => '1.94' }, { 'date' => '2013-10-24T19:10:34', 'version' => '1.96' }, { 'date' => '2014-06-14T17:12:02', 'version' => '1.98' }, { 'date' => '2014-06-15T14:59:24', 'version' => '2.00' }, { 'date' => '2014-09-14T18:03:23', 'version' => '2.02' }, { 'date' => '2014-12-14T20:13:33', 'version' => '2.04' }, { 'date' => '2016-04-24T14:05:11', 'version' => '2.06' }, { 'date' => '2016-05-12T08:57:35', 'version' => '2.08' }, { 'date' => '2016-07-27T12:40:29', 'version' => '2.10' }, { 'date' => '2016-10-16T11:27:58', 'version' => '2.12' }, { 'date' => '2016-10-20T12:38:57', 'version' => '2.14' }, { 'date' => '2016-11-01T19:19:36', 'version' => '2.16' }, { 'date' => '2016-11-07T13:36:15', 'version' => '2.18' }, { 'date' => '2016-12-15T10:54:40', 'version' => '2.20' }, { 'date' => '2016-12-16T09:46:28', 'version' => '2.22' }, { 'date' => '2016-12-16T15:27:38', 'version' => '2.24' }, { 'date' => '2017-05-12T12:46:05', 'version' => '2.26' }, { 'date' => '2018-06-08T10:57:04', 'version' => '2.28' }, { 'date' => '2018-06-19T11:55:28', 'version' => '2.30' }, { 'date' => '2018-09-13T07:17:10', 'version' => '2.32' }, { 'date' => '2020-02-01T16:41:47', 'version' => '2.34' }, { 'date' => '2020-02-02T13:34:34', 'version' => '2.36' }, { 'date' => '2020-06-25T07:51:56', 'version' => '2.38' }, { 'date' => '2021-07-27T09:51:54', 'version' => '2.40' }, { 'date' => '2023-03-25T12:10:20', 'version' => '3.00' }, { 'date' => '2023-04-12T23:09:11', 'version' => '3.02' } ] }, 'Archive-Zip' => { 'advisories' => [ { 'affected_versions' => '<1.61', 'cves' => [ 'CVE-2018-10860' ], 'description' => 'perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. ', 'distribution' => 'Archive-Zip', 'fixed_versions' => undef, 'id' => 'CPANSA-Archive-Zip-2018-01', 'references' => [ 'https://security-tracker.debian.org/tracker/CVE-2018-10860', 'https://github.com/redhotpenguin/perl-Archive-Zip/pull/33' ], 'reported' => '2018-06-28', 'severity' => 'medium' }, { 'affected_versions' => '<1.14', 'cves' => [ 'CVE-2004-1096' ], 'description' => 'Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. ', 'distribution' => 'Archive-Zip', 'fixed_versions' => undef, 'id' => 'CPANSA-Archive-Zip-2004-1096', 'references' => [ 'http://www.securityfocus.com/bid/11448', 'http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml', 'http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true', 'http://www.kb.cert.org/vuls/id/492545', 'http://secunia.com/advisories/13038/', 'http://www.mandriva.com/security/advisories?name=MDKSA-2004:118', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/17761' ], 'reported' => '2005-01-10', 'severity' => undef } ], 'main_module' => 'Archive::Zip', 'versions' => [ { 'date' => '2000-03-22T00:10:21', 'version' => '0.06' }, { 'date' => '2000-03-29T17:03:46', 'version' => '0.07' }, { 'date' => '2000-06-16T16:48:41', 'version' => '0.09' }, { 'date' => '2000-08-08T20:56:31', 'version' => '0.10' }, { 'date' => '2001-01-17T08:06:58', 'version' => '0.11' }, { 'date' => '2002-04-22T15:32:49', 'version' => '1.00' }, { 'date' => '2002-05-11T02:45:20', 'version' => '1.01' }, { 'date' => '2002-08-24T00:19:19', 'version' => '1.02' }, { 'date' => '2002-09-03T04:40:33', 'version' => '1.03' }, { 'date' => '2002-09-11T15:17:37', 'version' => '1.04' }, { 'date' => '2002-09-11T19:35:26', 'version' => '1.05' }, { 'date' => '2003-07-17T18:18:14', 'version' => '1.06' }, { 'date' => '2003-10-20T13:59:00', 'version' => '1.07' }, { 'date' => '2003-10-21T17:04:03', 'version' => '1.08' }, { 'date' => '2003-11-27T18:02:03', 'version' => '1.09' }, { 'date' => '2004-03-25T14:39:05', 'version' => '1.10' }, { 'date' => '2004-07-05T23:25:19', 'version' => '1_11' }, { 'date' => '2004-07-08T17:31:27', 'version' => '1.11' }, { 'date' => '2004-07-08T19:14:46', 'version' => '1.12' }, { 'date' => '2004-07-27T22:50:39', 'version' => '1.12_02' }, { 'date' => '2004-07-29T15:15:49', 'version' => '1.12_03' }, { 'date' => '2004-08-23T15:39:23', 'version' => '1.13' }, { 'date' => '2004-10-21T15:28:12', 'version' => '1.14' }, { 'date' => '2005-03-10T04:34:04', 'version' => '1.15_01' }, { 'date' => '2005-03-12T15:29:48', 'version' => '1.15_02' }, { 'date' => '2005-06-22T18:29:34', 'version' => '1.15' }, { 'date' => '2005-07-04T17:55:17', 'version' => '1.16' }, { 'date' => '2006-04-30T03:53:15', 'version' => '1.17_01' }, { 'date' => '2006-05-07T02:49:30', 'version' => '1.17_02' }, { 'date' => '2006-09-15T15:56:10', 'version' => '1.17_03' }, { 'date' => '2006-10-24T15:06:32', 'version' => '1.17_05' }, { 'date' => '2006-10-25T12:24:52', 'version' => '1.18' }, { 'date' => '2007-06-05T01:50:42', 'version' => '1.20' }, { 'date' => '2007-11-01T02:59:20', 'version' => '1.21' }, { 'date' => '2007-11-02T01:52:47', 'version' => '1.22' }, { 'date' => '2007-11-07T13:04:41', 'version' => '1.23' }, { 'date' => '2008-08-23T23:35:50', 'version' => '1.24' }, { 'date' => '2008-10-10T05:28:17', 'version' => '1.25' }, { 'date' => '2008-10-12T14:13:05', 'version' => '1.26' }, { 'date' => '2008-12-16T13:23:21', 'version' => '1.27_01' }, { 'date' => '2009-06-16T10:09:03', 'version' => '1.28' }, { 'date' => '2009-06-29T13:27:17', 'version' => '1.29' }, { 'date' => '2009-06-30T14:13:29', 'version' => '1.30' }, { 'date' => '2010-03-05T05:11:20', 'version' => '1.31_01' }, { 'date' => '2011-03-08T15:52:02', 'version' => '1.31_02' }, { 'date' => '2011-08-23T03:42:14', 'version' => '1.31_03' }, { 'date' => '2012-01-23T06:28:16', 'version' => '1.31_04' }, { 'date' => '2013-11-09T00:05:06', 'version' => '1.32' }, { 'date' => '2013-11-10T03:50:45', 'version' => '1.33' }, { 'date' => '2013-12-02T22:16:54', 'version' => '1.34' }, { 'date' => '2013-12-30T19:16:52', 'version' => '1.35' }, { 'date' => '2013-12-30T22:12:14', 'version' => '1.36' }, { 'date' => '2014-01-13T18:32:19', 'version' => '1.37' }, { 'date' => '2014-09-02T23:23:11', 'version' => '1.38' }, { 'date' => '2014-10-22T04:17:15', 'version' => '1.39' }, { 'date' => '2015-01-05T05:58:46', 'version' => '1.40' }, { 'date' => '2015-01-10T02:47:42', 'version' => '1.41' }, { 'date' => '2015-01-12T00:46:36', 'version' => '1.42' }, { 'date' => '2015-01-15T06:37:32', 'version' => '1.43' }, { 'date' => '2015-01-24T06:12:21', 'version' => '1.44' }, { 'date' => '2015-01-27T07:51:17', 'version' => '1.45' }, { 'date' => '2015-03-25T05:19:23', 'version' => '1.46' }, { 'date' => '2015-06-17T18:26:02', 'version' => '1.47' }, { 'date' => '2015-06-18T21:13:37', 'version' => '1.48' }, { 'date' => '2015-07-31T19:01:40', 'version' => '1.49' }, { 'date' => '2015-08-26T00:11:35', 'version' => '1.50' }, { 'date' => '2015-09-22T06:03:54', 'version' => '1.51' }, { 'date' => '2015-09-23T17:43:44', 'version' => '1.53' }, { 'date' => '2015-12-04T19:36:41', 'version' => '1.55' }, { 'date' => '2015-12-17T18:29:06', 'version' => '1.56' }, { 'date' => '2016-04-01T18:06:36', 'version' => '1.57' }, { 'date' => '2016-08-02T17:50:20', 'version' => '1.58' }, { 'date' => '2016-08-11T20:09:16', 'version' => '1.59' }, { 'date' => '2017-12-19T18:44:16', 'version' => '1.60' }, { 'date' => '2018-08-19T03:35:10', 'version' => '1.61' }, { 'date' => '2018-08-20T03:29:01', 'version' => '1.62' }, { 'date' => '2018-08-22T15:42:15', 'version' => '1.63' }, { 'date' => '2018-09-12T15:50:29', 'version' => '1.64' }, { 'date' => '2019-09-08T05:20:03', 'version' => '1.65' }, { 'date' => '2019-09-17T04:37:32', 'version' => '1.66' }, { 'date' => '2019-10-07T04:30:05', 'version' => '1.67' }, { 'date' => '2020-03-12T17:59:46', 'version' => '1.68' } ] }, 'Batch-Batchrun' => { 'advisories' => [ { 'affected_versions' => '>=1.03', 'cves' => [ 'CVE-2011-4117' ], 'description' => 'The Batch::Batchrun module 1.03 for Perl does not properly handle temporary files. ', 'distribution' => 'Batch-Batchrun', 'fixed_versions' => undef, 'id' => 'CPANSA-Batch-Batchrun-2011-4117', 'references' => [ 'http://www.openwall.com/lists/oss-security/2011/11/04/2', 'http://www.openwall.com/lists/oss-security/2011/11/04/4', 'https://rt.cpan.org/Public/Bug/Display.html?id=69594' ], 'reported' => '2020-01-31', 'severity' => 'high' } ], 'main_module' => 'Batch::Batchrun', 'versions' => [ { 'date' => '1999-08-21T20:25:47', 'version' => '1.03' } ] }, 'CBOR-XS' => { 'advisories' => [ { 'affected_versions' => '<1.7', 'cves' => [], 'description' => 'An out-of bound sharedref or stringref index could cause an out of bounds access - might be exploitable. A decoding error during indefinite array or hash decoding could cause an endless loop. ', 'distribution' => 'CBOR-XS', 'fixed_versions' => '>=1.7', 'id' => 'CPANSA-CBOR-XS-2017-01', 'references' => [ 'https://metacpan.org/dist/CBOR-XS/changes' ], 'reported' => '2017-07-27', 'severity' => undef } ], 'main_module' => 'CBOR::XS', 'versions' => [ { 'date' => '2013-10-25T23:10:42', 'version' => '0.01' }, { 'date' => '2013-10-26T11:09:56', 'version' => '0.02' }, { 'date' => '2013-10-26T23:04:01', 'version' => '0.03' }, { 'date' => '2013-10-27T22:48:22', 'version' => '0.04' }, { 'date' => '2013-10-28T21:28:30', 'version' => '0.05' }, { 'date' => '2013-10-29T15:57:13', 'version' => '0.06' }, { 'date' => '2013-10-29T22:05:30', 'version' => '0.07' }, { 'date' => '2013-10-30T10:11:46', 'version' => '0.08' }, { 'date' => '2013-11-22T16:19:26', 'version' => '0.09' }, { 'date' => '2013-11-28T16:09:19', 'version' => '1.0' }, { 'date' => '2013-11-30T18:42:59', 'version' => '1.1' }, { 'date' => '2013-12-01T17:11:47', 'version' => '1.11' }, { 'date' => '2013-12-03T10:25:03', 'version' => '1.12' }, { 'date' => '2013-12-10T21:07:58', 'version' => '1.2' }, { 'date' => '2014-01-05T14:25:36', 'version' => '1.25' }, { 'date' => '2014-10-25T06:37:38', 'version' => '1.26' }, { 'date' => '2015-04-27T20:22:15', 'version' => '1.3' }, { 'date' => '2016-02-08T04:38:25', 'version' => '1.4' }, { 'date' => '2016-02-25T14:23:47', 'version' => '1.41' }, { 'date' => '2016-04-27T09:40:38', 'version' => '1.5' }, { 'date' => '2016-12-07T14:14:49', 'version' => '1.6' }, { 'date' => '2017-06-27T02:03:48', 'version' => '1.7' }, { 'date' => '2018-11-15T19:53:50', 'version' => '1.71' }, { 'date' => '2020-11-29T21:36:13', 'version' => '1.8' }, { 'date' => '2020-11-30T18:31:32', 'version' => '1.81' }, { 'date' => '2020-12-01T01:50:49', 'version' => '1.82' }, { 'date' => '2020-12-08T08:30:59', 'version' => '1.83' }, { 'date' => '2021-10-21T01:16:11', 'version' => '1.84' }, { 'date' => '2021-10-23T03:00:48', 'version' => '1.85' }, { 'date' => '2021-11-04T16:50:24', 'version' => '1.86' }, { 'date' => '2023-09-10T20:45:43', 'version' => '1.87' } ] }, 'CGI' => { 'advisories' => [ { 'affected_versions' => '<3.63', 'cves' => [ 'CVE-2012-5526' ], 'description' => 'CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. ', 'distribution' => 'CGI', 'fixed_versions' => '>=3.63', 'id' => 'CPANSA-CGI-2012-5526', 'references' => [ 'http://www.securityfocus.com/bid/56562', 'http://www.openwall.com/lists/oss-security/2012/11/15/6', 'https://github.com/markstos/CGI.pm/pull/23', 'http://www.securitytracker.com/id?1027780', 'http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes', 'http://secunia.com/advisories/51457', 'http://www.ubuntu.com/usn/USN-1643-1', 'http://www.debian.org/security/2012/dsa-2586', 'http://rhn.redhat.com/errata/RHSA-2013-0685.html', 'http://secunia.com/advisories/55314', 'http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/80098' ], 'reported' => '2012-11-21', 'severity' => undef }, { 'affected_versions' => '<3.56', 'cves' => [ 'CVE-2011-2766' ], 'description' => 'Usage of deprecated FCGI.pm API. ', 'distribution' => 'CGI', 'fixed_versions' => '>=3.56', 'id' => 'CPANSA-CGI-2011-2766', 'references' => [ 'https://rt.cpan.org/Public/Bug/Display.html?id=68380', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2766' ], 'reported' => '2011-11-08' }, { 'affected_versions' => '<3.50', 'cves' => [], 'description' => 'Non-random MIME boundary. ', 'distribution' => 'CGI', 'fixed_versions' => '>=3.50', 'id' => 'CPANSA-CGI-2010-02', 'reported' => '2010-11-08' }, { 'affected_versions' => '<3.49', 'cves' => [], 'description' => 'Newlines in headers. ', 'distribution' => 'CGI', 'fixed_versions' => '>=3.49', 'id' => 'CPANSA-CGI-2010-01', 'reported' => '2010-02-05' }, { 'affected_versions' => '<3.50', 'cves' => [ 'CVE-2010-4411' ], 'description' => 'Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761. ', 'distribution' => 'CGI', 'fixed_versions' => '>=3.50', 'id' => 'CPANSA-CGI-2010-4411', 'references' => [ 'http://openwall.com/lists/oss-security/2010/12/01/3', 'http://www.mandriva.com/security/advisories?name=MDVSA-2011:008', 'http://www.vupen.com/english/advisories/2011/0106', 'http://www.bugzilla.org/security/3.2.9/', 'http://secunia.com/advisories/43033', 'https://bugzilla.mozilla.org/show_bug.cgi?id=591165', 'http://www.vupen.com/english/advisories/2011/0207', 'http://www.vupen.com/english/advisories/2011/0271', 'http://www.vupen.com/english/advisories/2011/0212', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html', 'http://secunia.com/advisories/43068', 'http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html', 'http://secunia.com/advisories/43165', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html', 'http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html' ], 'reported' => '2010-12-06', 'severity' => undef }, { 'affected_versions' => '<3.50', 'cves' => [ 'CVE-2010-2761' ], 'description' => 'The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. ', 'distribution' => 'CGI', 'fixed_versions' => '>=3.50', 'id' => 'CPANSA-CGI-2010-2761', 'references' => [ 'https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380', 'http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes', 'http://openwall.com/lists/oss-security/2010/12/01/1', 'http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html', 'http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm', 'http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1', 'http://openwall.com/lists/oss-security/2010/12/01/2', 'http://openwall.com/lists/oss-security/2010/12/01/3', 'https://bugzilla.mozilla.org/show_bug.cgi?id=600464', 'http://osvdb.org/69588', 'http://osvdb.org/69589', 'http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html', 'http://www.mandriva.com/security/advisories?name=MDVSA-2010:237', 'http://www.vupen.com/english/advisories/2011/0076', 'http://www.mandriva.com/security/advisories?name=MDVSA-2010:250', 'http://secunia.com/advisories/42877', 'https://bugzilla.mozilla.org/show_bug.cgi?id=591165', 'http://www.vupen.com/english/advisories/2011/0207', 'http://www.bugzilla.org/security/3.2.9/', 'http://secunia.com/advisories/43033', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html', 'http://secunia.com/advisories/43147', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html', 'http://www.vupen.com/english/advisories/2011/0249', 'http://www.vupen.com/english/advisories/2011/0271', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html', 'http://www.vupen.com/english/advisories/2011/0212', 'http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html', 'http://secunia.com/advisories/43165', 'http://secunia.com/advisories/43068', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html', 'http://www.redhat.com/support/errata/RHSA-2011-1797.html', 'http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705' ], 'reported' => '2010-12-06', 'severity' => undef } ], 'main_module' => 'CGI', 'versions' => [ { 'date' => '1995-11-25T09:21:00', 'version' => '2.10' }, { 'date' => '1995-12-28T09:08:00', 'version' => '2.13' }, { 'date' => '1996-05-22T22:30:00', 'version' => '2.20' }, { 'date' => '1996-05-31T05:31:00', 'version' => '2.21' }, { 'date' => '1996-08-07T09:24:00', 'version' => '2.22' }, { 'date' => '1996-08-14T08:17:00', 'version' => '2.23' }, { 'date' => '1996-08-21T09:09:00', 'version' => '2.24' }, { 'date' => '1996-09-10T14:23:00', 'version' => '2.25' }, { 'date' => '1996-10-22T11:17:00', 'version' => '2.26' }, { 'date' => '1996-10-24T18:21:00', 'version' => '2.27' }, { 'date' => '1996-12-02T11:48:00', 'version' => '2.28' }, { 'date' => '1996-12-09T13:39:00', 'version' => '2.29' }, { 'date' => '1997-01-02T16:40:00', 'version' => '2.30' }, { 'date' => '1997-02-15T15:36:00', 'version' => '2.31' }, { 'date' => '1997-03-25T08:58:00', 'version' => '2.32' }, { 'date' => '1997-04-04T20:45:00', 'version' => '2.33' }, { 'date' => '1997-04-10T15:41:00', 'version' => '2.34' }, { 'date' => '1997-04-20T18:29:00', 'version' => '2.35' }, { 'date' => '1997-05-09T09:33:00', 'version' => '2.36' }, { 'date' => '1997-08-29T04:42:00', 'version' => '2.37' }, { 'date' => '1997-09-15T17:51:00', 'version' => '2.37' }, { 'date' => '1997-10-01T04:15:00', 'version' => '2.37' }, { 'date' => '1997-10-12T07:10:00', 'version' => '2.37' }, { 'date' => '1997-11-23T11:37:00', 'version' => '2.37' }, { 'date' => '1997-12-20T09:57:00', 'version' => '2.37' }, { 'date' => '1998-01-16T12:22:00', 'version' => '2.37' }, { 'date' => '1998-01-19T11:34:00', 'version' => '2.37' }, { 'date' => '1998-01-26T11:00:00', 'version' => '2.37' }, { 'date' => '1998-01-29T19:48:00', 'version' => '2.37' }, { 'date' => '1998-02-02T13:37:00', 'version' => '2.37' }, { 'date' => '1998-02-05T08:25:00', 'version' => '2.37' }, { 'date' => '1998-02-09T13:58:00', 'version' => '2.37' }, { 'date' => '1998-02-16T16:21:00', 'version' => '2.37' }, { 'date' => '1998-02-23T08:33:00', 'version' => '2.37' }, { 'date' => '1998-02-24T16:52:00', 'version' => '2.37' }, { 'date' => '1998-03-13T15:33:00', 'version' => '2.37' }, { 'date' => '1998-03-22T21:12:00', 'version' => '2.38' }, { 'date' => '1998-03-24T22:37:08', 'version' => '2.39' }, { 'date' => '1998-05-20T09:17:00', 'version' => '2.40' }, { 'date' => '1998-05-28T15:03:00', 'version' => '2.41' }, { 'date' => '1998-06-09T09:00:00', 'version' => '2.42' }, { 'date' => '1998-10-14T19:06:31', 'version' => '2.43' }, { 'date' => '1998-11-24T19:41:41', 'version' => '2.44' }, { 'date' => '1998-11-26T11:07:27', 'version' => '2.45' }, { 'date' => '1998-12-06T10:22:46', 'version' => '2.46' }, { 'date' => '1999-02-18T03:50:16', 'version' => '2.47' }, { 'date' => '1999-02-19T14:10:25', 'version' => '2.48' }, { 'date' => '1999-02-23T22:00:33', 'version' => '2.49' }, { 'date' => '1999-06-08T15:13:15', 'version' => '2.52' }, { 'date' => '1999-06-09T14:56:06', 'version' => '2.53' }, { 'date' => '1999-08-09T14:18:33', 'version' => '2.54' }, { 'date' => '1999-08-31T17:11:00', 'version' => '2.55' }, { 'date' => '1999-09-13T21:11:51', 'version' => '2.56' }, { 'date' => '2000-03-23T23:00:12', 'version' => '2.58' }, { 'date' => '2000-03-24T12:31:52', 'version' => '2.59' }, { 'date' => '2000-03-27T22:11:34', 'version' => '2.60' }, { 'date' => '2000-03-28T02:50:18', 'version' => '2.61' }, { 'date' => '2000-03-28T21:38:03', 'version' => '2.62' }, { 'date' => '2000-04-10T15:19:54', 'version' => '2.63' }, { 'date' => '2000-04-11T15:25:13', 'version' => '2.64' }, { 'date' => '2000-04-11T15:55:40', 'version' => '2.65' }, { 'date' => '2000-04-12T20:16:46', 'version' => '2.66' }, { 'date' => '2000-05-16T01:38:08', 'version' => '2.67' }, { 'date' => '2000-05-18T17:55:55', 'version' => '2.68' }, { 'date' => '2000-07-28T03:06:11', 'version' => '2.69' }, { 'date' => '2000-08-04T19:37:27', 'version' => '2.70' }, { 'date' => '2000-08-13T16:09:25', 'version' => '2.71' }, { 'date' => '2000-08-20T17:35:50', 'version' => '2.72' }, { 'date' => '2000-08-24T13:33:37', 'version' => '3.' }, { 'date' => '2000-09-13T02:55:51', 'version' => '2.73' }, { 'date' => '2000-09-13T16:35:14', 'version' => '2.74' }, { 'date' => '2001-02-02T15:43:07', 'version' => '2.75' }, { 'date' => '2001-02-02T15:50:53', 'version' => '2.751' }, { 'date' => '2001-02-04T23:49:27', 'version' => '2.752' }, { 'date' => '2001-03-12T17:00:13', 'version' => '2.753' }, { 'date' => '2001-06-15T15:33:28', 'version' => '3.02' }, { 'date' => '2001-06-29T14:47:39', 'version' => '3.02_' }, { 'date' => '2001-07-05T16:13:55', 'version' => '3.03_01' }, { 'date' => '2001-07-26T21:29:22', 'version' => '2.76' }, { 'date' => '2001-08-07T12:33:22', 'version' => '2.77' }, { 'date' => '2001-09-26T02:26:36', 'version' => '2.78' }, { 'date' => '2001-12-09T21:39:11', 'version' => '2.79' }, { 'date' => '2002-01-12T02:47:17', 'version' => '2.80' }, { 'date' => '2002-04-10T19:39:49', 'version' => '2.81' }, { 'date' => '2002-09-11T12:27:48', 'version' => '2.84' }, { 'date' => '2002-09-11T14:01:02', 'version' => '2.85' }, { 'date' => '2002-09-12T03:58:40', 'version' => '2.86' }, { 'date' => '2002-10-07T02:00:58', 'version' => '2.87' }, { 'date' => '2002-10-14T13:58:09', 'version' => '2.88' }, { 'date' => '2002-10-16T17:50:26', 'version' => '2.89' }, { 'date' => '2002-11-22T23:03:39', 'version' => 0 }, { 'date' => '2003-02-10T20:11:57', 'version' => '2.90' }, { 'date' => '2003-02-11T14:15:15', 'version' => '2.91' }, { 'date' => '2003-04-28T00:44:10', 'version' => '2.92' }, { 'date' => '2003-04-28T13:37:43', 'version' => '2.93' }, { 'date' => '2003-06-09T12:15:29', 'version' => '2.94' }, { 'date' => '2003-06-13T02:35:42', 'version' => '2.95' }, { 'date' => '2003-06-16T18:42:38', 'version' => '2.96' }, { 'date' => '2003-06-17T23:32:52', 'version' => '2.97' }, { 'date' => '2003-07-16T17:06:29', 'version' => '2.98' }, { 'date' => '2003-08-01T14:43:54', 'version' => '2.99' }, { 'date' => '2003-08-18T17:51:48', 'version' => '3.00' }, { 'date' => '2003-12-10T17:05:47', 'version' => '3.01' }, { 'date' => '2004-01-13T16:34:47', 'version' => '3.03' }, { 'date' => '2004-01-19T12:44:30', 'version' => '3.04' }, { 'date' => '2004-04-12T20:39:57', 'version' => '3.05' }, { 'date' => '2005-03-09T21:06:46', 'version' => '3.06' }, { 'date' => '2005-03-14T16:34:03', 'version' => '3.07' }, { 'date' => '2005-04-20T15:31:11', 'version' => '3.08' }, { 'date' => '2005-05-05T20:16:55', 'version' => '3.09' }, { 'date' => '2005-05-13T21:48:46', 'version' => '3.10' }, { 'date' => '2005-08-03T21:17:14', 'version' => '3.11' }, { 'date' => '2005-12-04T16:46:53', 'version' => '3.12' }, { 'date' => '2005-12-05T13:54:26', 'version' => '3.13' }, { 'date' => '2005-12-06T22:14:19', 'version' => '3.14' }, { 'date' => '2005-12-07T20:16:49', 'version' => '3.15' }, { 'date' => '2006-02-08T18:50:56', 'version' => '3.16' }, { 'date' => '2006-02-24T19:04:58', 'version' => '3.17' }, { 'date' => '2006-04-17T13:56:06', 'version' => '3.19' }, { 'date' => '2006-04-23T14:27:55', 'version' => '3.20' }, { 'date' => '2006-08-21T19:12:36', 'version' => '3.21' }, { 'date' => '2006-08-23T15:24:41', 'version' => '3.22' }, { 'date' => '2006-08-24T11:53:26', 'version' => '3.23' }, { 'date' => '2006-09-28T17:09:45', 'version' => '3.25' }, { 'date' => '2007-02-27T15:42:54', 'version' => '3.27' }, { 'date' => '2007-03-29T15:38:01', 'version' => '3.28' }, { 'date' => '2007-04-16T17:00:18', 'version' => '3.29' }, { 'date' => '2007-11-30T19:06:19', 'version' => '3.31' }, { 'date' => '2007-12-27T18:41:32', 'version' => '3.32' }, { 'date' => '2008-01-03T15:03:17', 'version' => '3.33' }, { 'date' => '2008-03-18T16:04:41', 'version' => '3.34' }, { 'date' => '2008-03-27T14:26:48', 'version' => '3.35' }, { 'date' => '2008-04-23T13:09:44', 'version' => '3.37' }, { 'date' => '2008-06-25T14:58:32', 'version' => '3.38' }, { 'date' => '2008-07-29T15:01:52', 'version' => '3.39' }, { 'date' => '2008-08-06T18:21:51', 'version' => '3.40' }, { 'date' => '2008-08-26T13:56:27', 'version' => '3.41' }, { 'date' => '2008-09-08T14:15:41', 'version' => '3.42' }, { 'date' => '2009-04-06T18:35:19', 'version' => '3.43' }, { 'date' => '2009-07-30T16:34:17', 'version' => '3.44' }, { 'date' => '2009-08-14T13:37:12', 'version' => '3.45' }, { 'date' => '2009-09-09T15:39:42', 'version' => '3.46' }, { 'date' => '2009-09-09T20:03:01', 'version' => '3.47' }, { 'date' => '2009-09-25T15:07:03', 'version' => '3.48' }, { 'date' => '2010-02-05T16:24:53', 'version' => '3.49' }, { 'date' => '2010-11-08T21:53:26', 'version' => '3.50' }, { 'date' => '2011-01-05T18:28:41', 'version' => '3.51' }, { 'date' => '2011-01-25T04:30:05', 'version' => '3.52' }, { 'date' => '2011-04-25T23:01:21', 'version' => '3.53' }, { 'date' => '2011-04-28T14:36:41', 'version' => '3.54' }, { 'date' => '2011-06-03T15:39:16', 'version' => '3.55' }, { 'date' => '2011-11-09T02:00:20', 'version' => '3.56' }, { 'date' => '2011-11-09T15:59:18', 'version' => '3.57' }, { 'date' => '2011-11-12T03:36:07', 'version' => '3.58' }, { 'date' => '2011-12-30T13:35:35', 'version' => '3.59' }, { 'date' => '2012-08-16T03:21:13', 'version' => '3.60' }, { 'date' => '2012-11-03T02:10:42', 'version' => '3.61' }, { 'date' => '2012-11-10T01:40:50', 'version' => '3.62' }, { 'date' => '2012-11-14T23:45:29', 'version' => '3.63' }, { 'date' => '2013-11-24T01:22:00', 'version' => '3.64' }, { 'date' => '2014-02-12T03:13:58', 'version' => '3.65' }, { 'date' => '2014-05-15T12:59:58', 'version' => '3.65_01' }, { 'date' => '2014-05-16T11:43:33', 'version' => '3.65_02' }, { 'date' => '2014-05-20T12:31:46', 'version' => '3.65_03' }, { 'date' => '2014-05-22T19:58:14', 'version' => '4.00' }, { 'date' => '2014-05-27T13:13:51', 'version' => '4.01' }, { 'date' => '2014-06-09T13:55:49', 'version' => '4.02' }, { 'date' => '2014-07-02T14:53:06', 'version' => '4.03' }, { 'date' => '2014-07-28T18:30:34', 'version' => '4.03_01' }, { 'date' => '2014-07-30T14:26:40', 'version' => '4.03_02' }, { 'date' => '2014-08-13T11:40:14', 'version' => '4.03_03' }, { 'date' => '2014-09-04T14:42:14', 'version' => '4.04' }, { 'date' => '2014-09-20T16:08:55', 'version' => '4.04_01' }, { 'date' => '2014-09-28T19:57:05', 'version' => '4.04_02' }, { 'date' => '2014-09-29T09:50:07', 'version' => '4.04_03' }, { 'date' => '2014-10-06T12:01:14', 'version' => '4.04_04' }, { 'date' => '2014-10-06T12:24:10', 'version' => '4.04_05' }, { 'date' => '2014-10-08T07:42:49', 'version' => '4.05' }, { 'date' => '2014-10-10T11:35:49', 'version' => '4.06' }, { 'date' => '2014-10-12T16:29:35', 'version' => '4.07' }, { 'date' => '2014-10-18T11:00:38', 'version' => '4.08' }, { 'date' => '2014-10-21T07:33:36', 'version' => '4.09' }, { 'date' => '2014-11-25T21:06:50', 'version' => '4.09_01' }, { 'date' => '2014-11-27T12:53:51', 'version' => '4.10' }, { 'date' => '2014-11-30T12:12:26', 'version' => '4.10_01' }, { 'date' => '2014-12-03T07:25:15', 'version' => '4.11' }, { 'date' => '2014-12-18T08:35:52', 'version' => '4.12' }, { 'date' => '2014-12-18T09:21:52', 'version' => '4.13' }, { 'date' => '2015-02-12T14:19:13', 'version' => '4.13_01' }, { 'date' => '2015-02-13T08:01:29', 'version' => '4.13_02' }, { 'date' => '2015-03-01T13:28:25', 'version' => '4.13_03' }, { 'date' => '2015-03-08T16:09:21', 'version' => '4.13_04' }, { 'date' => '2015-03-25T17:55:15', 'version' => '4.13_05' }, { 'date' => '2015-04-01T06:51:57', 'version' => '4.14' }, { 'date' => '2015-04-17T14:27:39', 'version' => '4.14_01' }, { 'date' => '2015-04-20T07:15:45', 'version' => '4.15' }, { 'date' => '2015-05-29T14:48:42', 'version' => '4.20' }, { 'date' => '2015-06-22T07:50:02', 'version' => '4.21' }, { 'date' => '2015-10-16T09:46:31', 'version' => '4.22' }, { 'date' => '2015-12-20T18:33:35', 'version' => '4.24' }, { 'date' => '2015-12-21T09:29:19', 'version' => '4.25' }, { 'date' => '2016-02-04T16:37:12', 'version' => '4.26' }, { 'date' => '2016-03-02T08:03:46', 'version' => '4.27' }, { 'date' => '2016-03-14T07:21:48', 'version' => '4.28' }, { 'date' => '2016-05-22T12:23:19', 'version' => '4.28_01' }, { 'date' => '2016-05-22T12:54:23', 'version' => '4.28_02' }, { 'date' => '2016-05-23T08:25:25', 'version' => '4.28_03' }, { 'date' => '2016-06-09T12:01:20', 'version' => '4.29' }, { 'date' => '2016-06-09T12:11:54', 'version' => '4.30' }, { 'date' => '2016-06-14T07:14:00', 'version' => '4.31' }, { 'date' => '2016-07-19T07:05:46', 'version' => '4.32' }, { 'date' => '2016-09-16T09:47:49', 'version' => '4.33' }, { 'date' => '2016-10-13T11:58:55', 'version' => '4.34' }, { 'date' => '2016-10-13T13:56:21', 'version' => '4.35' }, { 'date' => '2017-03-29T08:56:26', 'version' => '4.35_01' }, { 'date' => '2017-04-06T14:42:12', 'version' => '4.36' }, { 'date' => '2017-11-01T10:17:40', 'version' => '4.37' }, { 'date' => '2017-12-01T08:41:02', 'version' => '4.38' }, { 'date' => '2018-08-13T15:57:52', 'version' => '4.39' }, { 'date' => '2018-08-15T08:39:39', 'version' => '4.40' }, { 'date' => '2019-03-26T15:58:49', 'version' => '4.41' }, { 'date' => '2019-03-26T16:33:27', 'version' => '4.42' }, { 'date' => '2019-05-01T14:28:45', 'version' => '4.43' }, { 'date' => '2019-06-03T09:00:55', 'version' => '4.44' }, { 'date' => '2020-01-13T07:03:55', 'version' => '4.45' }, { 'date' => '2020-02-03T14:49:22', 'version' => '4.46' }, { 'date' => '2020-05-01T13:01:44', 'version' => '4.47' }, { 'date' => '2020-06-02T08:22:41', 'version' => '4.48' }, { 'date' => '2020-06-08T09:46:25', 'version' => '4.49' }, { 'date' => '2020-06-22T07:35:25', 'version' => '4.50' }, { 'date' => '2020-10-05T06:14:39', 'version' => '4.51' }, { 'date' => '2021-05-04T08:02:27', 'version' => '4.52' }, { 'date' => '2021-06-03T06:45:55', 'version' => '4.53' }, { 'date' => '2022-02-03T07:52:34', 'version' => '4.54' }, { 'date' => '2023-01-03T07:45:53', 'version' => '4.55' }, { 'date' => '2023-03-03T08:51:51', 'version' => '4.56' }, { 'date' => '2023-05-02T13:16:01', 'version' => '4.57' }, { 'date' => '2023-10-02T07:08:45', 'version' => '4.58' }, { 'date' => '2023-10-02T07:14:30', 'version' => '4.59' }, { 'date' => '2023-11-01T07:57:12', 'version' => '4.60' }, { 'date' => '2024-01-08T15:17:04', 'version' => '4.61' } ] }, 'CGI-Application' => { 'advisories' => [ { 'affected_versions' => '<4.50_51', 'cves' => [ 'CVE-2013-7329' ], 'description' => 'The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function. ', 'distribution' => 'CGI-Application', 'fixed_versions' => undef, 'id' => 'CPANSA-CGI-Application-2013-7329', 'references' => [ 'https://github.com/markstos/CGI--Application/pull/15', 'http://openwall.com/lists/oss-security/2014/02/19/11', 'http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129436.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2014-March/129444.html', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739505', 'http://www.securityfocus.com/bid/65687', 'https://rt.cpan.org/Public/Bug/Display.html?id=84403', 'https://bugzilla.redhat.com/show_bug.cgi?id=1067180', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/91735' ], 'reported' => '2014-10-06', 'severity' => undef } ], 'main_module' => 'CGI::Application', 'versions' => [ { 'date' => '2000-07-11T04:23:51', 'version' => '1.0' }, { 'date' => '2000-07-12T15:21:41', 'version' => '1.1' }, { 'date' => '2000-07-18T21:11:44', 'version' => '1.2' }, { 'date' => '2001-05-21T12:03:59', 'version' => '1.3' }, { 'date' => '2001-05-28T18:29:06', 'version' => '1.31' }, { 'date' => '2001-06-25T03:17:50', 'version' => '2.0' }, { 'date' => '2001-08-11T22:18:28', 'version' => '2.1' }, { 'date' => '2002-05-06T03:21:57', 'version' => '2.2' }, { 'date' => '2002-05-06T11:57:30', 'version' => '2.3' }, { 'date' => '2002-05-27T01:01:18', 'version' => '2.4' }, { 'date' => '2002-07-18T11:59:16', 'version' => '2.5' }, { 'date' => '2002-10-07T13:03:27', 'version' => '2.6' }, { 'date' => '2003-02-01T13:52:45', 'version' => '3.0' }, { 'date' => '2003-06-02T13:01:50', 'version' => '3.1' }, { 'date' => '2004-02-04T03:23:56', 'version' => '3.2' }, { 'date' => '2004-02-04T15:53:56', 'version' => '3.2' }, { 'date' => '2004-02-14T01:47:53', 'version' => '3.22' }, { 'date' => '2004-09-26T19:22:20', 'version' => '3.30' }, { 'date' => '2004-09-26T19:35:26', 'version' => '3.31' }, { 'date' => '2005-03-19T14:42:14', 'version' => '4.0_2' }, { 'date' => '2005-06-07T03:25:55', 'version' => '4.0_4' }, { 'date' => '2005-06-11T04:00:57', 'version' => '4.0' }, { 'date' => '2005-06-13T19:15:12', 'version' => '4.01_01' }, { 'date' => '2005-06-14T14:37:30', 'version' => '4.01' }, { 'date' => '2005-07-24T19:08:18', 'version' => '4.02_1' }, { 'date' => '2005-07-31T03:11:25', 'version' => '4.02' }, { 'date' => '2005-08-04T23:45:52', 'version' => '4.03' }, { 'date' => '2005-09-01T02:54:00', 'version' => '4.04_01' }, { 'date' => '2005-09-09T01:12:21', 'version' => '4.04_02' }, { 'date' => '2005-10-12T02:12:18', 'version' => '4.04' }, { 'date' => '2006-03-02T01:58:41', 'version' => '4.05' }, { 'date' => '2006-04-13T02:34:40', 'version' => '4.06' }, { 'date' => '2006-07-02T05:05:34', 'version' => '4.07_01' }, { 'date' => '2007-10-31T23:34:31', 'version' => '4.07_02' }, { 'date' => '2008-06-16T20:09:18', 'version' => '4.07_03' }, { 'date' => '2008-06-18T03:30:33', 'version' => '4.10' }, { 'date' => '2008-08-10T15:36:00', 'version' => '4.11' }, { 'date' => '2008-09-27T04:18:05', 'version' => '4.11' }, { 'date' => '2008-11-02T00:43:18', 'version' => '4.11' }, { 'date' => '2009-01-03T16:13:59', 'version' => '4.21' }, { 'date' => '2009-07-30T01:35:48', 'version' => '4.30' }, { 'date' => '2009-07-30T01:42:34', 'version' => '4.31' }, { 'date' => '2010-02-14T00:33:00', 'version' => '4.32_1' }, { 'date' => '2011-06-16T17:07:16', 'version' => '4.50' }, { 'date' => '2015-01-23T12:19:21', 'version' => '4.50_50' }, { 'date' => '2015-07-18T12:57:01', 'version' => '4.50_51' }, { 'date' => '2018-02-28T13:57:05', 'version' => '4.60' }, { 'date' => '2018-03-01T13:29:17', 'version' => '4.60_1' }, { 'date' => '2018-03-02T09:20:24', 'version' => '4.61' } ] }, 'CGI-Application-Dispatch' => { 'advisories' => [ { 'affected_versions' => '<1.02', 'cves' => [], 'description' => 'Untainted module names. ', 'distribution' => 'CGI-Application-Dispatch', 'fixed_versions' => '>=1.02', 'id' => 'CPANSA-CGI-Application-Dispatch-2005-001', 'references' => [ 'https://metacpan.org/changes/distribution/CGI-Application-Dispatch' ], 'reported' => '2005-01-20' } ], 'main_module' => 'CGI::Application::Dispatch', 'versions' => [ { 'date' => '2004-09-13T01:35:58', 'version' => '0.01' }, { 'date' => '2004-10-19T18:26:01', 'version' => '0.02' }, { 'date' => '2004-10-29T16:53:40', 'version' => '0.03' }, { 'date' => '2005-01-06T15:34:49', 'version' => '1.00' }, { 'date' => '2005-01-08T12:42:00', 'version' => '1.01' }, { 'date' => '2005-01-20T14:43:28', 'version' => '1.02' }, { 'date' => '2005-03-04T16:28:16', 'version' => '1.03' }, { 'date' => '2005-07-12T21:44:54', 'version' => '1.04' }, { 'date' => '2006-01-12T15:56:53', 'version' => '2.00_02' }, { 'date' => '2006-02-06T15:50:52', 'version' => '2.00_03' }, { 'date' => '2006-02-14T15:41:25', 'version' => '2.00_04' }, { 'date' => '2006-04-12T14:18:22', 'version' => '2.00_05' }, { 'date' => '2006-06-27T04:29:04', 'version' => '2.00_06' }, { 'date' => '2006-07-03T15:52:12', 'version' => '2.00' }, { 'date' => '2006-08-14T14:14:10', 'version' => '2.01' }, { 'date' => '2006-08-17T14:57:55', 'version' => '2.02' }, { 'date' => '2006-09-30T02:13:40', 'version' => '2.03' }, { 'date' => '2007-01-03T18:12:57', 'version' => '2.10_01' }, { 'date' => '2007-01-11T18:55:41', 'version' => '2.10_02' }, { 'date' => '2007-01-15T14:08:30', 'version' => '2.10' }, { 'date' => '2007-12-28T20:23:49', 'version' => '2.11' }, { 'date' => '2007-12-31T20:43:51', 'version' => '2.12_01' }, { 'date' => '2008-01-03T14:39:57', 'version' => '2.12' }, { 'date' => '2008-03-08T18:33:34', 'version' => '2.13_01' }, { 'date' => '2008-03-11T16:41:27', 'version' => '2.13_02' }, { 'date' => '2008-09-17T00:44:02', 'version' => '2.13' }, { 'date' => '2008-11-03T01:33:21', 'version' => '2.14' }, { 'date' => '2008-12-04T16:00:05', 'version' => '2.15' }, { 'date' => '2009-03-24T02:03:51', 'version' => '2.16' }, { 'date' => '2009-12-30T19:06:27', 'version' => '2.17' }, { 'date' => '2011-01-05T03:42:59', 'version' => '2.18' }, { 'date' => '2011-06-16T17:42:14', 'version' => '3.00' }, { 'date' => '2011-06-24T02:53:20', 'version' => '3.01' }, { 'date' => '2011-06-24T22:33:01', 'version' => '3.02' }, { 'date' => '2011-06-26T03:52:14', 'version' => '3.03' }, { 'date' => '2011-06-29T13:45:53', 'version' => '3.04' }, { 'date' => '2011-09-07T22:21:15', 'version' => '3.05' }, { 'date' => '2011-09-09T15:29:58', 'version' => '3.06' }, { 'date' => '2011-09-09T17:32:11', 'version' => '3.07' }, { 'date' => '2012-09-03T04:04:19', 'version' => '3.10' }, { 'date' => '2012-09-14T01:02:58', 'version' => '3.11' }, { 'date' => '2012-09-14T01:19:52', 'version' => '3.12' } ] }, 'CGI-Application-Plugin-AutoRunmode' => { 'advisories' => [ { 'affected_versions' => '<0.04', 'cves' => [], 'description' => 'Non-word characters are allowed in runmode name. ', 'distribution' => 'CGI-Application-Plugin-AutoRunmode', 'fixed_versions' => '>=0.04', 'id' => 'CPANSA-CGI-Application-Plugin-AutoRunmode-2005-01', 'references' => [ 'https://metacpan.org/changes/distribution/CGI-Application-Plugin-AutoRunmode' ], 'reported' => '2005-03-04' } ], 'main_module' => 'CGI::Application::Plugin::AutoRunmode', 'versions' => [ { 'date' => '2005-03-04T06:59:51', 'version' => '0.04' }, { 'date' => '2005-03-10T07:22:55', 'version' => '0.05' }, { 'date' => '2005-06-15T10:20:17', 'version' => '0.06' }, { 'date' => '2005-06-18T02:09:08', 'version' => '0.07' }, { 'date' => '2005-07-17T00:49:10', 'version' => '0.08' }, { 'date' => '2005-09-22T12:31:22', 'version' => '0.09' }, { 'date' => '2005-10-16T00:17:47', 'version' => '0.10' }, { 'date' => '2005-10-18T13:23:50', 'version' => '0.11' }, { 'date' => '2005-11-03T01:10:37', 'version' => '0.12' }, { 'date' => '2006-04-08T07:18:44', 'version' => '0.13' }, { 'date' => '2006-05-21T05:04:48', 'version' => '0.14' }, { 'date' => '2006-12-17T07:46:24', 'version' => '0.15' }, { 'date' => '2009-02-14T09:16:39', 'version' => '0.16' }, { 'date' => '2010-05-21T04:24:45', 'version' => '0.17' }, { 'date' => '2011-02-18T09:23:15', 'version' => '0.18' } ] }, 'CGI-Application-Plugin-RunmodeDeclare' => { 'advisories' => [ { 'affected_versions' => '<0.03', 'cves' => [], 'description' => 'Wrong order of arguments. ', 'distribution' => 'CGI-Application-Plugin-RunmodeDeclare', 'fixed_versions' => '>=0.03', 'id' => 'CPANSA-CGI-Application-Plugin-RunmodeDeclare-2008-01', 'references' => [ 'https://metacpan.org/changes/distribution/CGI-Application-Plugin-RunmodeDeclare' ], 'reported' => '2008-10-20' } ], 'main_module' => 'CGI::Application::Plugin::RunmodeDeclare', 'versions' => [ { 'date' => '2008-09-26T19:59:14', 'version' => '0.01' }, { 'date' => '2008-09-26T21:37:11', 'version' => '0.02' }, { 'date' => '2008-10-19T23:22:06', 'version' => '0.03' }, { 'date' => '2008-10-23T14:18:23', 'version' => '0.03_01' }, { 'date' => '2008-10-24T13:32:43', 'version' => '0.03_02' }, { 'date' => '2008-10-24T16:20:27', 'version' => '0.03_03' }, { 'date' => '2008-10-25T10:54:25', 'version' => '0.04' }, { 'date' => '2008-10-25T11:46:28', 'version' => '0.05' }, { 'date' => '2008-10-25T16:39:34', 'version' => '0.06' }, { 'date' => '2009-01-10T02:32:39', 'version' => '0.07' }, { 'date' => '2009-05-17T22:29:18', 'version' => '0.08' }, { 'date' => '2010-01-07T13:24:09', 'version' => '0.09' }, { 'date' => '2012-02-10T00:53:54', 'version' => '0.10' } ] }, 'CGI-Auth-Basic' => { 'advisories' => [ { 'affected_versions' => '<1.11', 'cves' => [], 'description' => 'TBD ', 'distribution' => 'CGI-Auth-Basic', 'fixed_versions' => '>=1.11', 'id' => 'CPANSA-CGI-Auth-Basic-2007-01', 'references' => [ 'https://metacpan.org/changes/distribution/CGI-Auth-Basic' ], 'reported' => '2007-12-30' } ], 'main_module' => 'CGI::Auth::Basic', 'versions' => [ { 'date' => '2004-02-21T14:58:09', 'version' => '1.0' }, { 'date' => '2004-08-31T13:29:28', 'version' => '1.01' }, { 'date' => '2004-11-07T03:34:32', 'version' => '1.02' }, { 'date' => '2006-06-18T01:12:15', 'version' => '1.10' }, { 'date' => '2007-12-30T20:53:33', 'version' => '1.11' }, { 'date' => '2009-04-18T04:22:51', 'version' => '1.20' }, { 'date' => '2009-04-23T17:00:50', 'version' => '1.21' }, { 'date' => '2009-04-24T15:07:48', 'version' => '1.21' }, { 'date' => '2012-08-27T01:50:53', 'version' => '1.22' }, { 'date' => '2015-01-21T00:26:01', 'version' => '1.23' }, { 'date' => '2018-12-23T21:03:03', 'version' => '1.24' } ] }, 'CGI-Session' => { 'advisories' => [ { 'affected_versions' => '<4.10', 'cves' => [ 'CVE-2006-1279' ], 'description' => 'CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite. ', 'distribution' => 'CGI-Session', 'fixed_versions' => undef, 'id' => 'CPANSA-CGI-Session-2006-1279', 'references' => [ 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356555', 'http://secunia.com/advisories/19211', 'http://www.securityfocus.com/bid/17177', 'http://www.osvdb.org/23865', 'http://www.vupen.com/english/advisories/2006/0946', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/25285' ], 'reported' => '2006-03-19', 'severity' => undef }, { 'affected_versions' => '<4.12', 'cves' => [], 'description' => 'possible SQL injection attack ', 'distribution' => 'CGI-Session', 'fixed_versions' => '>=4.12', 'id' => 'CPANSA-CGI-Session-2006-01', 'references' => [ 'https://rt.cpan.org/Public/Bug/Display.html?id=18578' ], 'reported' => '2006-04-06', 'severity' => undef } ], 'main_module' => 'CGI::Session', 'versions' => [ { 'date' => '2001-10-30T08:59:10', 'version' => '0.01' }, { 'date' => '2002-05-10T12:04:15', 'version' => '2.0' }, { 'date' => '2002-05-10T17:38:46', 'version' => '2.1' }, { 'date' => '2002-05-14T18:21:39', 'version' => '2.2' }, { 'date' => '2002-05-17T18:02:23', 'version' => '2.4' }, { 'date' => '2002-05-27T09:52:46', 'version' => '2.7' }, { 'date' => '2002-06-06T08:08:21', 'version' => '2.9' }, { 'date' => '2002-06-06T08:36:26', 'version' => '2.91' }, { 'date' => '2002-06-18T18:15:57', 'version' => '2.92' }, { 'date' => '2002-08-26T08:23:54', 'version' => '2.94' }, { 'date' => '2002-11-27T07:20:47', 'version' => '3.1' }, { 'date' => '2002-11-27T12:27:59', 'version' => '3.2' }, { 'date' => '2002-11-28T03:19:31', 'version' => 'v3.2.2.1' }, { 'date' => '2002-11-28T03:26:41', 'version' => '3.3' }, { 'date' => '2002-11-28T03:44:39', 'version' => '3.4' }, { 'date' => '2002-11-28T06:55:29', 'version' => '3.5' }, { 'date' => '2002-11-28T17:12:32', 'version' => '3.6' }, { 'date' => '2002-11-29T21:29:53', 'version' => '3.7' }, { 'date' => '2002-12-03T16:26:55', 'version' => '3.8' }, { 'date' => '2002-12-04T07:37:02', 'version' => '3.9' }, { 'date' => '2002-12-09T09:02:18', 'version' => '3.10' }, { 'date' => '2002-12-09T20:09:24', 'version' => '3.11' }, { 'date' => '2003-03-09T11:26:21', 'version' => '3.91' }, { 'date' => '2003-03-10T02:42:16', 'version' => '3.92' }, { 'date' => '2003-03-14T13:21:20', 'version' => '3.93' }, { 'date' => '2003-05-02T20:12:40', 'version' => '3.94' }, { 'date' => '2003-07-26T13:51:31', 'version' => '3.95' }, { 'date' => '2005-02-09T08:35:23', 'version' => '4.00_01' }, { 'date' => '2005-02-09T09:54:17', 'version' => '4.00_02' }, { 'date' => '2005-02-11T08:23:00', 'version' => '4.00_03' }, { 'date' => '2005-02-17T03:24:21', 'version' => '4.00_04' }, { 'date' => '2005-02-22T17:56:43', 'version' => '4.00_05' }, { 'date' => '2005-02-24T18:46:45', 'version' => '4.00_06' }, { 'date' => '2005-03-13T19:18:37', 'version' => '4.00_07' }, { 'date' => '2005-03-15T16:48:17', 'version' => '4.00_08' }, { 'date' => '2005-07-22T02:00:21', 'version' => '4.00_09' }, { 'date' => '2005-09-01T05:57:49', 'version' => '4.00' }, { 'date' => '2005-09-01T16:25:46', 'version' => '4.01' }, { 'date' => '2005-09-02T15:51:20', 'version' => '4.02' }, { 'date' => '2005-09-24T02:12:22', 'version' => '4.02_01' }, { 'date' => '2005-10-05T23:22:54', 'version' => '4.03' }, { 'date' => '2006-03-02T03:00:28', 'version' => '4.04' }, { 'date' => '2006-03-04T00:08:26', 'version' => '4.05' }, { 'date' => '2006-03-09T03:13:06', 'version' => '4.06' }, { 'date' => '2006-03-09T12:09:28', 'version' => '4.07' }, { 'date' => '2006-03-16T02:38:25', 'version' => '4.08' }, { 'date' => '2006-03-17T04:08:57', 'version' => '4.09' }, { 'date' => '2006-03-28T07:00:52', 'version' => '4.10' }, { 'date' => '2006-04-03T19:33:30', 'version' => '4.11' }, { 'date' => '2006-04-07T14:34:06', 'version' => '4.12' }, { 'date' => '2006-04-12T17:05:18', 'version' => '4.13' }, { 'date' => '2006-06-11T11:36:57', 'version' => '4.14' }, { 'date' => '2006-11-24T14:10:38', 'version' => '4.20_1' }, { 'date' => '2006-12-05T02:08:37', 'version' => '4.20' }, { 'date' => '2008-03-22T02:42:57', 'version' => '4.29_1' }, { 'date' => '2008-03-28T01:45:56', 'version' => '4.29_2' }, { 'date' => '2008-04-26T01:31:34', 'version' => '4.30' }, { 'date' => '2008-06-16T14:44:06', 'version' => '4.31' }, { 'date' => '2008-06-17T21:35:03', 'version' => '4.32' }, { 'date' => '2008-07-08T01:27:59', 'version' => '4.33' }, { 'date' => '2008-07-13T02:39:59', 'version' => '4.34' }, { 'date' => '2008-07-16T00:36:46', 'version' => '4.35' }, { 'date' => '2008-09-13T15:45:06', 'version' => '4.36' }, { 'date' => '2008-10-23T02:57:30', 'version' => '4.37' }, { 'date' => '2008-11-01T03:47:46', 'version' => '4.38' }, { 'date' => '2008-12-16T01:22:42', 'version' => '4.39' }, { 'date' => '2009-01-03T01:18:15', 'version' => '4.40' }, { 'date' => '2009-03-21T02:01:09', 'version' => '4.41' }, { 'date' => '2009-08-26T13:38:39', 'version' => '4.42' }, { 'date' => '2010-12-12T00:32:27', 'version' => '4.43' }, { 'date' => '2011-06-06T20:48:07', 'version' => '4.44' }, { 'date' => '2011-07-02T01:33:33', 'version' => '4.45' }, { 'date' => '2011-07-08T14:34:42', 'version' => '4.46' }, { 'date' => '2011-07-08T19:31:44', 'version' => '4.47' }, { 'date' => '2011-07-11T13:02:37', 'version' => '4.48' }, { 'date' => '2021-02-08T07:00:20', 'version' => '4.49' } ] }, 'CGI-Simple' => { 'advisories' => [ { 'affected_versions' => '<1.113', 'cves' => [ 'CVE-2010-4410' ], 'description' => 'Newlines in headers, which could lead to header injection attacks. ', 'distribution' => 'CGI-Simple', 'fixed_versions' => '>=1.113', 'id' => 'CPANSA-CGI-Simple-2010-02', 'references' => [ 'https://metacpan.org/changes/distribution/CGI-Simple' ], 'reported' => '2010-12-27' }, { 'affected_versions' => '<1.113', 'cves' => [], 'description' => 'Non-random multipart boundary. ', 'distribution' => 'CGI-Simple', 'fixed_versions' => '>=1.113', 'id' => 'CPANSA-CGI-Simple-2010-01', 'references' => [ 'https://metacpan.org/changes/distribution/CGI-Simple' ], 'reported' => '2010-12-27' }, { 'affected_versions' => '<=1.112', 'cves' => [ 'CVE-2010-2761' ], 'description' => 'The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172. ', 'distribution' => 'CGI-Simple', 'fixed_versions' => undef, 'id' => 'CPANSA-CGI-Simple-2010-2761', 'references' => [ 'https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380', 'http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes', 'http://openwall.com/lists/oss-security/2010/12/01/1', 'http://www.nntp.perl.org/group/perl.perl5.changes/2010/11/msg28043.html', 'http://perl5.git.perl.org/perl.git/blobdiff/a0b94c2432b1d8c20653453a0f6970cb10f59aec..84601d63a7e34958da47dad1e61e27cb3bd467d1:/cpan/CGI/lib/CGI.pm', 'http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1', 'http://openwall.com/lists/oss-security/2010/12/01/2', 'http://openwall.com/lists/oss-security/2010/12/01/3', 'https://bugzilla.mozilla.org/show_bug.cgi?id=600464', 'http://osvdb.org/69588', 'http://osvdb.org/69589', 'http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html', 'http://www.mandriva.com/security/advisories?name=MDVSA-2010:237', 'http://www.vupen.com/english/advisories/2011/0076', 'http://www.mandriva.com/security/advisories?name=MDVSA-2010:250', 'http://secunia.com/advisories/42877', 'https://bugzilla.mozilla.org/show_bug.cgi?id=591165', 'http://www.vupen.com/english/advisories/2011/0207', 'http://www.bugzilla.org/security/3.2.9/', 'http://secunia.com/advisories/43033', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053591.html', 'http://secunia.com/advisories/43147', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053576.html', 'http://www.vupen.com/english/advisories/2011/0249', 'http://www.vupen.com/english/advisories/2011/0271', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html', 'http://www.vupen.com/english/advisories/2011/0212', 'http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html', 'http://secunia.com/advisories/43165', 'http://secunia.com/advisories/43068', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html', 'http://www.redhat.com/support/errata/RHSA-2011-1797.html', 'http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705' ], 'reported' => '2010-12-06', 'severity' => undef } ], 'main_module' => 'CGI::Simple', 'versions' => [ { 'date' => '2007-01-09T22:31:27', 'version' => '0.078' }, { 'date' => '2007-02-23T16:22:19', 'version' => '0.079' }, { 'date' => '2007-03-30T20:15:35', 'version' => '0.080' }, { 'date' => '2007-05-20T19:19:40', 'version' => '0.081' }, { 'date' => '2007-05-22T18:43:01', 'version' => '0.082' }, { 'date' => '2007-05-22T18:54:06', 'version' => '0.83' }, { 'date' => '2007-05-24T03:15:01', 'version' => '1.0' }, { 'date' => '2007-07-13T18:58:16', 'version' => '1.1' }, { 'date' => '2007-07-31T01:57:01', 'version' => '1.1.1' }, { 'date' => '2007-07-31T02:04:25', 'version' => '1.1.2' }, { 'date' => '2007-07-31T02:10:47', 'version' => '1.103' }, { 'date' => '2008-05-13T15:46:18', 'version' => '1.104' }, { 'date' => '2008-05-16T14:37:31', 'version' => '1.105' }, { 'date' => '2008-09-14T13:29:51', 'version' => '1.106' }, { 'date' => '2009-03-07T21:24:59', 'version' => '1.107' }, { 'date' => '2009-03-13T14:06:24', 'version' => '1.108' }, { 'date' => '2009-04-16T17:54:13', 'version' => '1.109' }, { 'date' => '2009-05-24T21:25:22', 'version' => '1.110' }, { 'date' => '2009-05-28T18:02:08', 'version' => '1.111' }, { 'date' => '2009-05-31T10:43:56', 'version' => '1.112' }, { 'date' => '2010-12-27T13:11:56', 'version' => '1.113' }, { 'date' => '2014-10-19T12:53:24', 'version' => '1.115' }, { 'date' => '2018-03-01T15:09:42', 'version' => '1.13' }, { 'date' => '2018-03-03T10:42:06', 'version' => '1.14' }, { 'date' => '2018-03-04T03:42:20', 'version' => '1.15' }, { 'date' => '2018-07-25T15:17:39', 'version' => '1.16' }, { 'date' => '2018-10-02T09:48:08', 'version' => '1.17' }, { 'date' => '2018-10-03T14:21:12', 'version' => '1.18' }, { 'date' => '2018-10-04T12:05:58', 'version' => '1.19' }, { 'date' => '2018-10-05T11:30:05', 'version' => '1.20' }, { 'date' => '2018-10-06T07:21:31', 'version' => '1.21' }, { 'date' => '2019-09-07T04:28:17', 'version' => '1.22' }, { 'date' => '2020-02-06T06:12:09', 'version' => '1.23' }, { 'date' => '2020-02-07T11:11:56', 'version' => '1.24' }, { 'date' => '2020-02-10T13:00:54', 'version' => '1.25' }, { 'date' => '2022-01-02T18:00:56', 'version' => '1.26' }, { 'date' => '2022-01-06T16:00:18', 'version' => '1.27' }, { 'date' => '2022-01-11T15:16:20', 'version' => '1.280' }, { 'date' => '2024-01-31T14:19:02', 'version' => '1.281' } ] }, 'CGI-apacheSSI' => { 'advisories' => [ { 'affected_versions' => '<0.95', 'cves' => [], 'description' => 'Security and parsing problems with "include" calls. ', 'distribution' => 'CGI-apacheSSI', 'fixed_versions' => '>=0.95', 'id' => 'CPANSA-CGI-apacheSSI-2016-01', 'references' => [ 'https://metacpan.org/changes/distribution/CGI-apacheSSI' ], 'reported' => '2016-01-31' } ], 'main_module' => 'CGI::apacheSSI', 'versions' => [ { 'date' => '2014-08-20T22:55:20', 'version' => '0.93' }, { 'date' => '2016-01-30T12:57:47', 'version' => '0.94' }, { 'date' => '2016-01-31T22:48:55', 'version' => '0.95' }, { 'date' => '2016-02-01T00:36:49', 'version' => '0.96' } ] }, 'CPAN' => { 'advisories' => [ { 'affected_versions' => '<2.35', 'cves' => [ 'CVE-2023-31484' ], 'description' => 'The verify_SSL flag is missing from HTTP::Tiny, and allows a network attacker to MITM the connection if it is used by the CPAN client ', 'distribution' => 'CPAN', 'fixed_versions' => '>=2.35', 'id' => 'CPANSA-CPAN-2023-31484', 'previous_id' => [ 'CPANSA-CPAN-2023-01' ], 'references' => [ 'https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0', 'https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/', 'https://github.com/andk/cpanpm/pull/175', 'https://www.openwall.com/lists/oss-security/2023/04/18/14' ], 'reported' => '2023-02-28' }, { 'affected_versions' => '<1.93', 'cves' => [], 'description' => 'Archive::Tar preserves permissions in the tarball; extracted file permissions will be set from users umask instead. ', 'distribution' => 'CPAN', 'fixed_versions' => '>=1.93', 'id' => 'CPANSA-CPAN-2009-01', 'references' => [ 'https://github.com/andk/cpanpm/commit/079fa2e7ee77d626eab8bb06d0465c6a05f6c8b6', 'https://rt.cpan.org/Ticket/Display.html?id=46384' ], 'reported' => '2009-09-23' }, { 'affected_versions' => '<2.28', 'cves' => [ 'CVE-2020-16156' ], 'description' => 'CPAN 2.28 allows Signature Verification Bypass.', 'distribution' => 'CPAN', 'fixed_versions' => '>=2.29', 'id' => 'CPANSA-CPAN-2020-16156', 'references' => [ 'https://metacpan.org/pod/distribution/CPAN/scripts/cpan', 'https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/', 'http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/' ], 'reported' => '2021-12-13', 'severity' => 'high' } ], 'main_module' => 'CPAN', 'versions' => [ { 'date' => '1996-09-10T17:13:59', 'version' => '0.17' }, { 'date' => '1996-09-10T20:51:00', 'version' => '0.20' }, { 'date' => '1996-09-12T05:53:35', 'version' => '0.26' }, { 'date' => '1996-09-12T14:01:39', 'version' => '0.27' }, { 'date' => '1996-09-16T20:18:59', 'version' => '0.28' }, { 'date' => '1996-09-17T17:14:51', 'version' => '0.29' }, { 'date' => '1996-09-19T05:24:17', 'version' => '0.30' }, { 'date' => '1996-09-20T10:40:01', 'version' => '0.31' }, { 'date' => '1996-09-22T19:30:33', 'version' => '0.35' }, { 'date' => '1996-09-23T12:55:23', 'version' => '0.36' }, { 'date' => '1996-09-23T14:05:44', 'version' => '0.37' }, { 'date' => '1996-09-27T12:52:07', 'version' => '0.39' }, { 'date' => '1996-09-28T20:51:31', 'version' => '0.40' }, { 'date' => '1996-10-01T21:14:27', 'version' => '0.41' }, { 'date' => '1996-11-17T07:56:02', 'version' => '0.42' }, { 'date' => '1996-11-17T14:51:59', 'version' => '0.43' }, { 'date' => '1996-11-30T17:04:28', 'version' => '0.44' }, { 'date' => '1996-12-01T12:19:19', 'version' => '0.45' }, { 'date' => '1996-12-01T18:24:17', 'version' => '0.46' }, { 'date' => '1996-12-10T00:58:25', 'version' => '1.00' }, { 'date' => '1996-12-10T10:17:15', 'version' => '1.01' }, { 'date' => '1996-12-11T01:31:55', 'version' => '1.02' }, { 'date' => '1996-12-21T03:10:23', 'version' => '1.03' }, { 'date' => '1996-12-21T20:08:49', 'version' => '1.04' }, { 'date' => '1996-12-22T13:04:58', 'version' => '1.05' }, { 'date' => '1996-12-22T14:16:08', 'version' => '1.06' }, { 'date' => '1996-12-23T04:05:01', 'version' => '1.07' }, { 'date' => '1996-12-23T13:18:01', 'version' => '1.08' }, { 'date' => '1996-12-24T00:46:19', 'version' => '1.09' }, { 'date' => '1997-01-17T02:29:49', 'version' => '1.09_01' }, { 'date' => '1997-01-21T01:06:40', 'version' => '1.10' }, { 'date' => '1997-01-22T18:50:00', 'version' => '1.11' }, { 'date' => '1997-01-23T00:07:58', 'version' => '1.12' }, { 'date' => '1997-01-24T01:07:44', 'version' => '1.14' }, { 'date' => '1997-01-24T12:32:12', 'version' => '1.15' }, { 'date' => '1997-02-02T13:51:48', 'version' => '1.16_01' }, { 'date' => '1997-02-02T21:05:12', 'version' => '1.17' }, { 'date' => '1997-02-03T00:38:36', 'version' => '1.18' }, { 'date' => '1997-02-03T09:13:48', 'version' => '1.19' }, { 'date' => '1997-02-05T09:38:00', 'version' => '1.20' }, { 'date' => '1997-02-11T06:32:42', 'version' => '1.21' }, { 'date' => '1997-03-13T23:14:59', 'version' => '1.22_01' }, { 'date' => '1997-03-31T12:03:55', 'version' => '1.23' }, { 'date' => '1997-03-31T22:47:11', 'version' => '1.24' }, { 'date' => '1997-06-30T18:13:23', 'version' => '1.25' }, { 'date' => '1997-07-28T13:58:09', 'version' => '1.27' }, { 'date' => '1997-08-04T06:09:33', 'version' => '1.28' }, { 'date' => '1997-08-11T23:33:58', 'version' => '1.29' }, { 'date' => '1997-08-29T14:34:37', 'version' => '1.30' }, { 'date' => '1997-09-21T08:53:03', 'version' => '1.31' }, { 'date' => '1997-09-23T18:45:50', 'version' => '1.3101' }, { 'date' => '1998-01-02T18:22:35', 'version' => '1.32' }, { 'date' => '1998-01-10T18:24:23', 'version' => '1.33' }, { 'date' => '1998-02-03T18:06:41', 'version' => '1.35' }, { 'date' => '1998-02-08T08:55:55', 'version' => '1.36' }, { 'date' => '1998-06-12T06:51:25', 'version' => '1.37' }, { 'date' => '1998-06-14T20:18:08', 'version' => '1.38' }, { 'date' => '1998-07-24T20:13:41', 'version' => '1.40' }, { 'date' => '1998-12-01T02:20:32', 'version' => '1.41' }, { 'date' => '1998-12-01T07:58:35', 'version' => '1.42' }, { 'date' => '1998-12-01T22:16:27', 'version' => '1.43' }, { 'date' => '1998-12-03T17:07:54', 'version' => '1.43' }, { 'date' => '1999-01-09T18:38:33', 'version' => '1.44' }, { 'date' => '1999-01-10T19:38:27', 'version' => '1.44_51' }, { 'date' => '1999-01-13T12:15:42', 'version' => '1.44_52' }, { 'date' => '1999-01-15T09:26:40', 'version' => '1.44_53' }, { 'date' => '1999-01-15T09:27:45', 'version' => '1.44_54' }, { 'date' => '1999-01-23T14:56:16', 'version' => '1.45' }, { 'date' => '1999-01-25T01:43:42', 'version' => '1.46' }, { 'date' => '1999-01-25T13:11:23', 'version' => '1.47' }, { 'date' => '1999-03-06T19:34:54', 'version' => '1.48' }, { 'date' => '1999-05-22T16:45:00', 'version' => '1.49' }, { 'date' => '1999-05-23T14:32:20', 'version' => '1.50' }, { 'date' => '1999-10-23T03:06:39', 'version' => '1.50_01' }, { 'date' => '1999-12-29T22:30:22', 'version' => '1.51' }, { 'date' => '2000-01-08T15:32:55', 'version' => '1.52' }, { 'date' => '2000-03-23T23:39:41', 'version' => '1.53' }, { 'date' => '2000-03-25T22:51:15', 'version' => '1.54' }, { 'date' => '2000-07-30T11:15:04', 'version' => '1.55' }, { 'date' => '2000-08-01T20:47:09', 'version' => '1.56' }, { 'date' => '2000-08-16T12:54:07', 'version' => '1.57' }, { 'date' => '2000-08-21T19:44:18', 'version' => '1.57_51' }, { 'date' => '2000-08-27T22:09:36', 'version' => '1.57_53' }, { 'date' => '2000-08-30T16:54:50', 'version' => '1.57_54' }, { 'date' => '2000-08-31T08:11:01', 'version' => '1.57_55' }, { 'date' => '2000-08-31T22:16:21', 'version' => '1.57_56' }, { 'date' => '2000-09-01T12:18:43', 'version' => '1.57_57' }, { 'date' => '2000-09-03T22:19:20', 'version' => '1.57_58' }, { 'date' => '2000-09-05T09:44:05', 'version' => '1.57_59' }, { 'date' => '2000-09-05T19:55:34', 'version' => '1.57_60' }, { 'date' => '2000-09-06T10:54:07', 'version' => '1.57_61' }, { 'date' => '2000-09-08T02:19:06', 'version' => '1.57_62' }, { 'date' => '2000-09-10T08:54:37', 'version' => '1.57_65' }, { 'date' => '2000-09-12T08:46:40', 'version' => '1.57_66' }, { 'date' => '2000-09-17T10:24:31', 'version' => '1.57_67' }, { 'date' => '2000-10-08T14:25:04', 'version' => '1.57_68' }, { 'date' => '2000-10-18T14:53:45', 'version' => '1.58' }, { 'date' => '2000-10-21T14:21:06', 'version' => '1.58_51' }, { 'date' => '2000-10-25T07:05:38', 'version' => '1.58_52' }, { 'date' => '2000-10-26T11:03:29', 'version' => '1.58_53' }, { 'date' => '2000-10-26T15:34:21', 'version' => '1.58_54' }, { 'date' => '2000-10-27T07:59:03', 'version' => '1.58_55' }, { 'date' => '2000-11-04T09:36:53', 'version' => '1.58_56' }, { 'date' => '2000-11-06T19:30:27', 'version' => '1.58_57' }, { 'date' => '2000-11-08T08:10:51', 'version' => '1.58_90' }, { 'date' => '2000-11-13T10:26:38', 'version' => '1.58_91' }, { 'date' => '2000-11-14T18:24:18', 'version' => '1.58_92' }, { 'date' => '2000-11-15T07:19:56', 'version' => '1.58_93' }, { 'date' => '2000-12-01T06:05:58', 'version' => '1.59' }, { 'date' => '2000-12-01T08:19:58', 'version' => '1.59_51' }, { 'date' => '2000-12-26T13:54:06', 'version' => '1.59_52' }, { 'date' => '2001-01-02T16:37:24', 'version' => '1.59_53' }, { 'date' => '2001-02-09T21:44:55', 'version' => '1.59_54' }, { 'date' => '2002-04-19T13:29:54', 'version' => '1.60' }, { 'date' => '2002-04-20T02:18:41', 'version' => '1.60' }, { 'date' => '2002-04-21T11:31:25', 'version' => '1.60' }, { 'date' => '2002-05-07T10:38:54', 'version' => '1.61' }, { 'date' => '2002-07-28T10:51:47', 'version' => '1.62' }, { 'date' => '2002-08-30T08:58:10', 'version' => '1.63' }, { 'date' => '2003-02-06T10:04:06', 'version' => '1.64' }, { 'date' => '2003-02-08T17:10:13', 'version' => '1.65' }, { 'date' => '2003-03-04T19:38:21', 'version' => '1.70' }, { 'date' => '2003-04-11T04:33:18', 'version' => '1.70_52' }, { 'date' => '2003-04-13T12:43:40', 'version' => '1.70_53' }, { 'date' => '2003-05-15T21:04:52', 'version' => '1.70_54' }, { 'date' => '2003-07-04T09:48:08', 'version' => '1.71' }, { 'date' => '2003-07-27T20:35:05', 'version' => '1.72' }, { 'date' => '2003-07-28T08:21:47', 'version' => '1.73' }, { 'date' => '2003-07-28T22:58:08', 'version' => '1.74' }, { 'date' => '2003-07-29T15:14:13', 'version' => '1.75' }, { 'date' => '2003-07-31T15:14:02', 'version' => '1.76' }, { 'date' => '2003-09-21T21:25:41', 'version' => '1.76_01' }, { 'date' => '2005-09-19T06:37:38', 'version' => '1.76_51' }, { 'date' => '2005-09-22T07:02:02', 'version' => '1.76_52' }, { 'date' => '2005-09-22T07:09:48', 'version' => '1.76_53' }, { 'date' => '2005-10-01T08:23:38', 'version' => '1.76_54' }, { 'date' => '2005-10-19T06:10:58', 'version' => '1.76_55' }, { 'date' => '2005-10-21T04:59:36', 'version' => '1.76_56' }, { 'date' => '2005-10-27T07:08:29', 'version' => '1.76_57' }, { 'date' => '2005-11-02T04:03:28', 'version' => '1.76_58' }, { 'date' => '2005-11-03T06:37:52', 'version' => '1.76_59' }, { 'date' => '2005-11-03T07:38:40', 'version' => '1.76_60' }, { 'date' => '2005-11-06T10:36:53', 'version' => '1.76_61' }, { 'date' => '2005-11-07T04:22:19', 'version' => '1.76_62' }, { 'date' => '2005-11-07T04:47:05', 'version' => '1.76_63' }, { 'date' => '2005-11-07T21:58:06', 'version' => '1.76_64' }, { 'date' => '2005-11-07T22:18:44', 'version' => '1.76_65' }, { 'date' => '2005-12-03T10:12:08', 'version' => '1.80' }, { 'date' => '2005-12-18T11:29:26', 'version' => '1.80_51' }, { 'date' => '2005-12-21T12:13:15', 'version' => '1.80_53' }, { 'date' => '2005-12-22T08:42:59', 'version' => '1.80_54' }, { 'date' => '2005-12-24T07:25:34', 'version' => '1.80_55' }, { 'date' => '2005-12-24T09:59:47', 'version' => '1.80_56' }, { 'date' => '2005-12-31T11:58:10', 'version' => '1.80_57' }, { 'date' => '2006-01-01T09:01:43', 'version' => '1.80_58' }, { 'date' => '2006-01-02T23:15:15', 'version' => '1.81' }, { 'date' => '2006-01-04T07:47:25', 'version' => '1.82' }, { 'date' => '2006-01-05T08:03:36', 'version' => '1.83' }, { 'date' => '2006-01-08T13:35:16', 'version' => '1.83_51' }, { 'date' => '2006-01-10T05:00:26', 'version' => '1.83_52' }, { 'date' => '2006-01-12T07:54:36', 'version' => '1.83_53' }, { 'date' => '2006-01-13T08:20:42', 'version' => '1.83_54' }, { 'date' => '2006-01-14T11:34:47', 'version' => '1.83_55' }, { 'date' => '2006-01-18T06:03:44', 'version' => '1.83_56' }, { 'date' => '2006-01-19T08:00:02', 'version' => '1.83_57' }, { 'date' => '2006-01-22T12:05:01', 'version' => '1.83_58' }, { 'date' => '2006-01-25T13:10:20', 'version' => '1.83_59' }, { 'date' => '2006-01-30T10:35:47', 'version' => '1.83_60' }, { 'date' => '2006-01-30T23:18:09', 'version' => '1.83_61' }, { 'date' => '2006-01-31T10:28:57', 'version' => '1.83_62' }, { 'date' => '2006-02-01T07:49:36', 'version' => '1.83_63' }, { 'date' => '2006-02-02T09:17:39', 'version' => '1.83_64' }, { 'date' => '2006-02-04T11:20:05', 'version' => '1.83_65' }, { 'date' => '2006-02-04T17:05:00', 'version' => '1.83_66' }, { 'date' => '2006-02-06T00:46:27', 'version' => '1.83_67' }, { 'date' => '2006-02-08T07:43:36', 'version' => '1.83_68' }, { 'date' => '2006-02-14T08:17:55', 'version' => '1.83_69' }, { 'date' => '2006-02-15T07:01:02', 'version' => '1.84' }, { 'date' => '2006-02-19T17:05:36', 'version' => '1.85' }, { 'date' => '2006-02-20T08:36:51', 'version' => '1.86' }, { 'date' => '2006-02-21T06:05:05', 'version' => '1.86_51' }, { 'date' => '2006-02-22T22:29:54', 'version' => '1.86_52' }, { 'date' => '2006-02-24T08:24:09', 'version' => '1.86_53' }, { 'date' => '2006-02-27T07:01:10', 'version' => '1.87' }, { 'date' => '2006-03-06T08:02:28', 'version' => '1.87_51' }, { 'date' => '2006-07-21T22:33:11', 'version' => '1.87_52' }, { 'date' => '2006-07-22T18:55:13', 'version' => '1.87_53' }, { 'date' => '2006-07-23T21:37:11', 'version' => '1.87_54' }, { 'date' => '2006-07-29T19:36:50', 'version' => '1.87_55' }, { 'date' => '2006-08-24T05:57:41', 'version' => '1.87_56' }, { 'date' => '2006-08-26T17:05:56', 'version' => '1.87_57' }, { 'date' => '2006-08-31T06:50:49', 'version' => '1.87_58' }, { 'date' => '2006-09-03T21:05:29', 'version' => '1.87_59' }, { 'date' => '2006-09-10T11:57:33', 'version' => '1.87_61' }, { 'date' => '2006-09-11T21:24:18', 'version' => '1.87_62' }, { 'date' => '2006-09-13T05:44:15', 'version' => '1.87_63' }, { 'date' => '2006-09-16T11:02:25', 'version' => '1.87_64' }, { 'date' => '2006-09-19T03:44:51', 'version' => '1.87_65' }, { 'date' => '2006-09-21T20:30:41', 'version' => '1.88' }, { 'date' => '2006-09-22T20:40:40', 'version' => '1.8801' }, { 'date' => '2006-09-30T10:41:20', 'version' => '1.88_51' }, { 'date' => '2006-10-03T09:51:49', 'version' => '1.88_52' }, { 'date' => '2006-10-09T19:31:56', 'version' => '1.88_53' }, { 'date' => '2006-10-14T09:37:15', 'version' => '1.88_54' }, { 'date' => '2006-10-16T06:59:27', 'version' => '1.88_55' }, { 'date' => '2006-10-22T10:34:16', 'version' => '1.88_56' }, { 'date' => '2006-10-23T07:17:30', 'version' => '1.8802' }, { 'date' => '2006-10-24T07:18:16', 'version' => '1.88_57' }, { 'date' => '2006-10-28T15:00:07', 'version' => '1.88_58' }, { 'date' => '2006-11-05T21:24:52', 'version' => '1.88_59' }, { 'date' => '2006-11-10T08:39:55', 'version' => '1.88_61' }, { 'date' => '2006-11-13T07:44:27', 'version' => '1.88_62' }, { 'date' => '2006-11-29T08:11:50', 'version' => '1.88_63' }, { 'date' => '2006-12-04T07:53:37', 'version' => '1.88_64' }, { 'date' => '2006-12-11T21:36:04', 'version' => '1.88_65' }, { 'date' => '2006-12-19T08:21:17', 'version' => '1.88_66' }, { 'date' => '2006-12-31T17:18:53', 'version' => '1.88_67' }, { 'date' => '2007-01-07T21:22:12', 'version' => '1.88_68' }, { 'date' => '2007-01-08T03:42:56', 'version' => '1.88_69' }, { 'date' => '2007-01-27T16:57:49', 'version' => '1.88_71' }, { 'date' => '2007-01-31T07:11:33', 'version' => '1.88_72' }, { 'date' => '2007-02-13T05:24:13', 'version' => '1.88_73' }, { 'date' => '2007-02-15T07:12:17', 'version' => '1.88_74' }, { 'date' => '2007-02-18T16:52:49', 'version' => '1.88_75' }, { 'date' => '2007-02-19T06:20:20', 'version' => '1.88_76' }, { 'date' => '2007-02-19T21:26:47', 'version' => '1.88_77' }, { 'date' => '2007-03-05T23:26:57', 'version' => '1.88_78' }, { 'date' => '2007-03-16T01:54:55', 'version' => '1.88_79' }, { 'date' => '2007-04-07T07:41:18', 'version' => '1.90' }, { 'date' => '2007-04-19T07:03:03', 'version' => '1.91' }, { 'date' => '2007-04-23T00:09:11', 'version' => '1.9101' }, { 'date' => '2007-05-08T20:35:04', 'version' => '1.9102' }, { 'date' => '2007-07-07T16:15:40', 'version' => '1.91_51' }, { 'date' => '2007-07-14T18:45:58', 'version' => '1.91_52' }, { 'date' => '2007-08-09T06:49:38', 'version' => '1.91_53' }, { 'date' => '2007-09-14T21:18:33', 'version' => '1.91_54' }, { 'date' => '2007-09-15T07:14:26', 'version' => '1.91_55' }, { 'date' => '2007-09-23T11:15:08', 'version' => '1.92' }, { 'date' => '2007-09-27T07:11:10', 'version' => '1.9201' }, { 'date' => '2007-09-28T06:58:04', 'version' => '1.9202' }, { 'date' => '2007-09-28T07:13:26', 'version' => '1.9203' }, { 'date' => '2007-11-04T23:04:18', 'version' => '1.92_51' }, { 'date' => '2007-11-05T23:30:06', 'version' => '1.9204' }, { 'date' => '2007-11-11T11:27:20', 'version' => '1.92_52' }, { 'date' => '2007-11-11T18:49:37', 'version' => '1.9205' }, { 'date' => '2007-12-09T23:27:18', 'version' => '1.92_53' }, { 'date' => '2007-12-27T04:57:34', 'version' => '1.92_54' }, { 'date' => '2007-12-30T15:24:13', 'version' => '1.92_55' }, { 'date' => '2008-02-04T21:56:28', 'version' => '1.92_56' }, { 'date' => '2008-02-27T05:13:49', 'version' => '1.92_57' }, { 'date' => '2008-03-12T07:56:18', 'version' => '1.92_58' }, { 'date' => '2008-03-16T18:57:04', 'version' => '1.92_59' }, { 'date' => '2008-03-26T07:53:08', 'version' => '1.92_60' }, { 'date' => '2008-04-25T04:47:52', 'version' => '1.92_61' }, { 'date' => '2008-05-23T04:07:04', 'version' => '1.92_62' }, { 'date' => '2008-06-19T06:42:18', 'version' => '1.92_63' }, { 'date' => '2008-09-03T05:27:35', 'version' => '1.92_64' }, { 'date' => '2008-09-14T09:54:03', 'version' => '1.92_65' }, { 'date' => '2008-09-29T23:15:10', 'version' => '1.92_66' }, { 'date' => '2008-10-12T16:07:51', 'version' => '1.93' }, { 'date' => '2008-10-13T19:37:43', 'version' => '1.9301' }, { 'date' => '2009-01-11T22:07:01', 'version' => '1.93_02' }, { 'date' => '2009-02-01T12:38:23', 'version' => '1.93_03' }, { 'date' => '2009-02-01T21:06:21', 'version' => '1.93_51' }, { 'date' => '2009-02-28T15:58:39', 'version' => '1.9304' }, { 'date' => '2009-04-13T19:24:43', 'version' => '1.93_52' }, { 'date' => '2009-05-04T06:11:28', 'version' => '1.93_53' }, { 'date' => '2009-05-07T20:13:16', 'version' => '1.93_54' }, { 'date' => '2009-05-24T05:37:28', 'version' => '1.94' }, { 'date' => '2009-06-14T19:53:52', 'version' => '1.94_01' }, { 'date' => '2009-06-27T02:55:22', 'version' => '1.9402' }, { 'date' => '2009-09-14T02:47:24', 'version' => '1.94_51' }, { 'date' => '2009-10-15T19:33:19', 'version' => '1.94_52' }, { 'date' => '2009-12-18T07:00:09', 'version' => '1.94_53' }, { 'date' => '2010-01-14T08:01:42', 'version' => '1.94_54' }, { 'date' => '2010-02-03T03:43:49', 'version' => '1.94_55' }, { 'date' => '2010-02-17T13:39:33', 'version' => '1.94_56' }, { 'date' => '2010-05-24T19:33:41', 'version' => '1.94_57' }, { 'date' => '2010-06-24T06:34:13', 'version' => '1.94_58' }, { 'date' => '2010-09-26T20:23:30', 'version' => '1.94_59' }, { 'date' => '2010-09-28T20:44:58', 'version' => '1.94_60' }, { 'date' => '2010-10-03T17:29:37', 'version' => '1.94_61' }, { 'date' => '2010-10-26T06:43:51', 'version' => '1.94_62' }, { 'date' => '2011-01-16T17:58:10', 'version' => '1.94_63' }, { 'date' => '2011-01-21T04:58:35', 'version' => '1.94_64' }, { 'date' => '2011-02-14T12:10:12', 'version' => '1.94_65' }, { 'date' => '2011-03-12T11:30:03', 'version' => '1.9600' }, { 'date' => '2011-06-27T06:56:01', 'version' => '1.97_51' }, { 'date' => '2011-08-07T09:40:33', 'version' => '1.9800' }, { 'date' => '2012-10-16T21:42:49', 'version' => '1.99_51' }, { 'date' => '2013-02-06T07:41:54', 'version' => '2.00-TRIAL' }, { 'date' => '2013-04-12T16:57:44', 'version' => '2.00' }, { 'date' => '2013-06-22T20:27:32', 'version' => '2.01-TRIAL' }, { 'date' => '2013-06-23T07:33:40', 'version' => '2.02-TRIAL' }, { 'date' => '2013-09-15T09:42:33', 'version' => '2.03-TRIAL' }, { 'date' => '2014-03-18T22:33:22', 'version' => '2.04-TRIAL' }, { 'date' => '2014-03-31T20:55:24', 'version' => '2.05-TRIAL' }, { 'date' => '2014-04-04T02:07:20', 'version' => '2.05-TRIAL2' }, { 'date' => '2014-04-18T13:35:51', 'version' => '2.05' }, { 'date' => '2014-08-06T19:32:53', 'version' => '2.06-TRIAL' }, { 'date' => '2015-01-04T18:54:54', 'version' => '2.06-TRIAL' }, { 'date' => '2015-01-05T06:31:55', 'version' => '2.08-TRIAL' }, { 'date' => '2015-02-02T04:41:02', 'version' => '2.09-TRIAL' }, { 'date' => '2015-02-22T15:57:42', 'version' => '2.10-TRIAL' }, { 'date' => '2015-03-13T07:45:04', 'version' => '2.10' }, { 'date' => '2015-12-31T11:00:08', 'version' => '2.12-TRIAL' }, { 'date' => '2016-05-16T09:56:01', 'version' => '2.13-TRIAL' }, { 'date' => '2016-06-04T14:41:28', 'version' => '2.14-TRIAL' }, { 'date' => '2016-06-25T04:32:45', 'version' => '2.14' }, { 'date' => '2016-07-17T12:10:30', 'version' => '2.15-TRIAL' }, { 'date' => '2017-01-16T16:20:27', 'version' => '2.16-TRIAL' }, { 'date' => '2017-01-16T21:27:06', 'version' => '2.16-TRIAL2' }, { 'date' => '2017-02-14T16:22:20', 'version' => '2.16' }, { 'date' => '2017-02-15T09:37:10', 'version' => '2.17-TRIAL' }, { 'date' => '2017-02-16T09:48:46', 'version' => '2.17-TRIAL2' }, { 'date' => '2017-03-30T21:38:23', 'version' => '2.18-TRIAL' }, { 'date' => '2017-11-04T23:27:47', 'version' => '2.19-TRIAL' }, { 'date' => '2017-11-26T22:10:39', 'version' => '2.20-TRIAL' }, { 'date' => '2018-09-22T20:46:35', 'version' => '2.21-TRIAL' }, { 'date' => '2018-12-16T10:35:04', 'version' => '2.22-TRIAL' }, { 'date' => '2018-12-23T09:11:29', 'version' => '2.22' }, { 'date' => '2019-02-10T20:28:53', 'version' => '2.23-TRIAL' }, { 'date' => '2019-02-14T21:21:03', 'version' => '2.24-TRIAL' }, { 'date' => '2019-02-16T05:56:23', 'version' => '2.25-TRIAL' }, { 'date' => '2019-03-03T06:27:10', 'version' => '2.25' }, { 'date' => '2019-03-19T00:04:34', 'version' => '2.26' }, { 'date' => '2019-05-31T21:11:50', 'version' => '2.27-TRIAL' }, { 'date' => '2019-06-09T05:48:20', 'version' => '2.27-TRIAL2' }, { 'date' => '2019-07-03T20:15:40', 'version' => '2.27' }, { 'date' => '2020-04-03T02:52:43', 'version' => '2.28-TRIAL' }, { 'date' => '2020-06-13T04:57:39', 'version' => '2.28' }, { 'date' => '2021-11-23T16:58:45', 'version' => '2.29' }, { 'date' => '2021-12-12T09:16:03', 'version' => '2.30-TRIAL' }, { 'date' => '2021-12-14T20:52:30', 'version' => '2.31-TRIAL' }, { 'date' => '2021-12-26T21:35:55', 'version' => '2.32-TRIAL' }, { 'date' => '2022-01-21T04:09:07', 'version' => '2.33-TRIAL' }, { 'date' => '2022-03-27T17:53:47', 'version' => '2.33' }, { 'date' => '2022-04-03T19:19:13', 'version' => '2.34-TRIAL' }, { 'date' => '2022-04-17T17:40:25', 'version' => '2.34' }, { 'date' => '2023-04-15T14:44:27', 'version' => '2.35-TRIAL' }, { 'date' => '2023-04-27T13:05:07', 'version' => '2.35' }, { 'date' => '2023-05-10T07:08:30', 'version' => '2.36-TRIAL' }, { 'date' => '2023-05-14T19:36:11', 'version' => '2.36' } ] }, 'CPAN-Checksums' => { 'advisories' => [ { 'affected_versions' => '>=2.12', 'cves' => [ 'CVE-2020-16155' ], 'description' => 'The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data. ', 'distribution' => 'CPAN-Checksums', 'fixed_versions' => undef, 'id' => 'CPANSA-CPAN-Checksums-2020-16155', 'references' => [ 'https://metacpan.org/pod/CPAN::Checksums', 'https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/' ], 'reported' => '2021-12-13', 'severity' => 'medium' } ], 'main_module' => 'CPAN::Checksums', 'versions' => [ { 'date' => '2000-12-10T09:31:19', 'version' => '1.003' }, { 'date' => '2000-12-11T08:49:05', 'version' => '1.004' }, { 'date' => '2000-12-11T10:20:16', 'version' => '1.006' }, { 'date' => '2000-12-11T13:38:18', 'version' => '1.007' }, { 'date' => '2000-12-13T11:24:09', 'version' => '1.008' }, { 'date' => '2002-03-31T20:27:49', 'version' => '1.009' }, { 'date' => '2002-10-06T17:22:35', 'version' => '1.0' }, { 'date' => '2002-10-07T08:56:12', 'version' => '1.011' }, { 'date' => '2003-02-02T10:26:00', 'version' => '1.014' }, { 'date' => '2003-02-03T15:44:57', 'version' => '1.015' }, { 'date' => '2003-02-03T19:21:46', 'version' => '1.016' }, { 'date' => '2005-01-24T07:59:41', 'version' => '1.018' }, { 'date' => '2005-10-31T07:27:02', 'version' => '1.032' }, { 'date' => '2005-11-11T07:16:04', 'version' => '1.039' }, { 'date' => '2006-05-01T13:34:41', 'version' => '1.048' }, { 'date' => '2006-05-09T03:30:39', 'version' => '1.050' }, { 'date' => '2007-08-05T12:10:58', 'version' => '1.061' }, { 'date' => '2007-10-09T03:09:45', 'version' => '1.064' }, { 'date' => '2008-05-17T05:26:24', 'version' => '2.00' }, { 'date' => '2008-09-03T19:33:28', 'version' => '2.01' }, { 'date' => '2008-10-31T06:54:59', 'version' => '2.02' }, { 'date' => '2009-09-20T01:50:36', 'version' => '2.03' }, { 'date' => '2009-09-28T04:10:09', 'version' => '2.04' }, { 'date' => '2010-01-23T05:39:17', 'version' => '2.05' }, { 'date' => '2010-10-24T12:13:44', 'version' => '2.06' }, { 'date' => '2010-11-20T22:18:39', 'version' => '2.07' }, { 'date' => '2011-08-30T06:32:02', 'version' => '2.08' }, { 'date' => '2014-04-04T04:06:11', 'version' => '2.09' }, { 'date' => '2015-04-11T05:48:38', 'version' => '2.10' }, { 'date' => '2016-04-09T05:42:27', 'version' => '2.11' }, { 'date' => '2016-06-14T02:42:03', 'version' => '2.12' }, { 'date' => '2021-11-23T16:57:18', 'version' => '2.13' }, { 'date' => '2021-12-04T10:00:42', 'version' => '2.14' } ] }, 'Capture-Tiny' => { 'advisories' => [ { 'affected_versions' => '<0.24', 'cves' => [ 'CVE-2014-1875' ], 'description' => 'The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file. ', 'distribution' => 'Capture-Tiny', 'fixed_versions' => undef, 'id' => 'CPANSA-Capture-Tiny-2014-1875', 'references' => [ 'http://osvdb.org/102963', 'https://bugzilla.redhat.com/show_bug.cgi?id=1062424', 'http://www.securityfocus.com/bid/65475', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737835', 'https://github.com/dagolden/Capture-Tiny/issues/16', 'http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128882.html', 'https://github.com/dagolden/Capture-Tiny/commit/635c9eabd52ab8042b0c841823bd6e692de87924', 'http://cpansearch.perl.org/src/DAGOLDEN/Capture-Tiny-0.24/Changes', 'http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128823.html', 'http://seclists.org/oss-sec/2014/q1/272', 'http://seclists.org/oss-sec/2014/q1/267', 'http://secunia.com/advisories/56823', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/91464' ], 'reported' => '2014-10-06', 'severity' => undef } ], 'main_module' => 'Capture::Tiny', 'versions' => [ { 'date' => '2009-02-14T04:25:26', 'version' => '0.01' }, { 'date' => '2009-02-17T22:26:18', 'version' => '0.02' }, { 'date' => '2009-02-20T18:09:46', 'version' => '0.03' }, { 'date' => '2009-02-25T14:29:32', 'version' => '0.04' }, { 'date' => '2009-03-03T11:58:12', 'version' => '0.05' }, { 'date' => '2009-04-21T11:07:47', 'version' => '0.05_51' }, { 'date' => '2009-05-07T10:57:33', 'version' => '0.06' }, { 'date' => '2010-01-24T05:21:56', 'version' => '0.07' }, { 'date' => '2010-06-20T23:17:16', 'version' => '0.08' }, { 'date' => '2011-01-28T04:53:00', 'version' => '0.09' }, { 'date' => '2011-02-07T12:02:15', 'version' => '0.10' }, { 'date' => '2011-05-20T03:35:28', 'version' => '0.11' }, { 'date' => '2011-12-01T22:00:04', 'version' => '0.12' }, { 'date' => '2011-12-02T18:40:05', 'version' => '0.13' }, { 'date' => '2011-12-22T15:16:31', 'version' => '0.14' }, { 'date' => '2011-12-23T16:12:30', 'version' => '0.15' }, { 'date' => '2012-02-13T02:06:15', 'version' => '0.16' }, { 'date' => '2012-02-22T13:09:42', 'version' => '0.17' }, { 'date' => '2012-03-07T23:25:31', 'version' => '0.17_51' }, { 'date' => '2012-03-09T16:46:53', 'version' => '0.17_52' }, { 'date' => '2012-05-04T20:33:43', 'version' => '0.18' }, { 'date' => '2012-08-07T00:28:08', 'version' => '0.19' }, { 'date' => '2012-09-19T17:22:24', 'version' => '0.20' }, { 'date' => '2012-11-15T00:13:08', 'version' => '0.21' }, { 'date' => '2013-03-27T19:52:10', 'version' => '0.22' }, { 'date' => '2013-10-20T15:28:15', 'version' => '0.23' }, { 'date' => '2014-02-06T22:18:06', 'version' => '0.24' }, { 'date' => '2014-08-16T14:09:48', 'version' => '0.25' }, { 'date' => '2014-11-04T11:57:19', 'version' => '0.26' }, { 'date' => '2014-11-05T04:12:33', 'version' => '0.27' }, { 'date' => '2015-02-11T11:41:44', 'version' => '0.28' }, { 'date' => '2015-04-19T16:44:50', 'version' => '0.29' }, { 'date' => '2015-05-16T00:45:01', 'version' => '0.30' }, { 'date' => '2016-02-14T14:39:55', 'version' => '0.31' }, { 'date' => '2016-02-18T15:14:06', 'version' => '0.32' }, { 'date' => '2016-02-19T04:29:41', 'version' => '0.34' }, { 'date' => '2016-02-29T02:38:12', 'version' => '0.36' }, { 'date' => '2016-05-02T11:09:27', 'version' => '0.37' }, { 'date' => '2016-05-02T14:24:23', 'version' => '0.39' }, { 'date' => '2016-05-23T15:45:16', 'version' => '0.40' }, { 'date' => '2016-05-23T16:01:05', 'version' => '0.41' }, { 'date' => '2016-05-31T16:41:30', 'version' => '0.42' }, { 'date' => '2016-08-05T18:02:43', 'version' => '0.44' }, { 'date' => '2017-02-23T18:32:44', 'version' => '0.45' }, { 'date' => '2017-02-25T19:26:54', 'version' => '0.46' }, { 'date' => '2017-07-26T14:36:03', 'version' => '0.47' }, { 'date' => '2018-04-22T07:09:08', 'version' => '0.48' } ] }, 'Catalyst-Action-REST' => { 'advisories' => [ { 'affected_versions' => '<1.12', 'cves' => [], 'description' => 'YAML and YAML::HTML parsers are a potential security hole, as they may allow arbitrary Perl objects to be instantiated. ', 'distribution' => 'Catalyst-Action-REST', 'fixed_versions' => '>=1.12', 'id' => 'CPANSA-Catalyst-Action-REST-2013-01', 'references' => [ 'https://metacpan.org/dist/Catalyst-Action-REST/changes' ], 'reported' => '2013-09-03', 'severity' => undef } ], 'main_module' => 'Catalyst::Action::REST', 'versions' => [ { 'date' => '2006-11-20T03:15:08', 'version' => '0.1' }, { 'date' => '2006-12-01T01:42:22', 'version' => '0.2' }, { 'date' => '2006-12-04T00:22:45', 'version' => '0.30' }, { 'date' => '2006-12-06T08:48:49', 'version' => '0.31' }, { 'date' => '2007-03-10T00:44:35', 'version' => '0.40' }, { 'date' => '2007-05-24T21:09:40', 'version' => '0.41' }, { 'date' => '2007-07-07T19:33:22', 'version' => '0.50' }, { 'date' => '2008-01-04T01:33:04', 'version' => '0.60' }, { 'date' => '2008-06-30T19:30:56', 'version' => '0.61' }, { 'date' => '2008-07-02T15:25:10', 'version' => '0.62' }, { 'date' => '2008-08-07T17:14:34', 'version' => '0.63' }, { 'date' => '2008-08-14T16:09:53', 'version' => '0.64' }, { 'date' => '2008-08-20T17:45:46', 'version' => '0.65' }, { 'date' => '2008-08-22T18:24:57', 'version' => '0.66' }, { 'date' => '2009-03-25T16:38:07', 'version' => '0.67_01' }, { 'date' => '2009-03-26T05:04:33', 'version' => '0.67' }, { 'date' => '2009-03-26T05:37:53', 'version' => '0.68' }, { 'date' => '2009-03-26T21:19:43', 'version' => '0.69' }, { 'date' => '2009-03-28T06:23:19', 'version' => '0.70' }, { 'date' => '2009-03-28T16:19:10', 'version' => '0.71' }, { 'date' => '2009-06-25T18:56:47', 'version' => '0.72' }, { 'date' => '2009-06-28T00:22:51', 'version' => '0.73' }, { 'date' => '2009-07-22T23:12:44', 'version' => '0.74' }, { 'date' => '2009-08-17T13:11:15', 'version' => '0.75' }, { 'date' => '2009-08-21T20:42:44', 'version' => '0.76' }, { 'date' => '2009-08-27T01:26:49', 'version' => '0.77' }, { 'date' => '2009-09-28T14:05:11', 'version' => '0.78' }, { 'date' => '2009-12-11T01:11:49', 'version' => '0.79' }, { 'date' => '2009-12-19T14:59:13', 'version' => '0.80' }, { 'date' => '2010-01-14T20:56:56', 'version' => '0.81' }, { 'date' => '2010-02-04T22:35:05', 'version' => '0.82' }, { 'date' => '2010-02-08T22:24:29', 'version' => '0.83' }, { 'date' => '2010-05-06T08:34:09', 'version' => '0.84' }, { 'date' => '2010-05-13T08:15:30', 'version' => '0.85' }, { 'date' => '2010-09-01T22:17:14', 'version' => '0.86' }, { 'date' => '2010-11-03T19:48:23', 'version' => '0.87' }, { 'date' => '2011-01-11T23:12:42', 'version' => '0.88' }, { 'date' => '2011-01-24T21:59:02', 'version' => '0.89' }, { 'date' => '2011-02-25T13:58:06', 'version' => '0.90' }, { 'date' => '2011-08-04T12:46:05', 'version' => '0.91' }, { 'date' => '2011-10-01T10:11:59', 'version' => '0.91' }, { 'date' => '2011-10-12T18:35:31', 'version' => '0.93' }, { 'date' => '2011-12-09T08:51:25', 'version' => '0.94' }, { 'date' => '2012-01-04T19:54:14', 'version' => '0.95' }, { 'date' => '2012-01-30T11:32:44', 'version' => '0.96' }, { 'date' => '2012-02-21T10:06:13', 'version' => '0.97' }, { 'date' => '2012-02-21T11:44:32', 'version' => '0.98' }, { 'date' => '2012-02-28T09:14:17', 'version' => '0.99' }, { 'date' => '2012-04-13T08:37:31', 'version' => '1.00' }, { 'date' => '2012-05-29T20:02:44', 'version' => '1.01' }, { 'date' => '2012-06-05T21:45:05', 'version' => '1.02' }, { 'date' => '2012-06-27T23:52:31', 'version' => '1.03' }, { 'date' => '2012-06-30T09:32:24', 'version' => '1.04' }, { 'date' => '2012-07-02T19:16:30', 'version' => '1.05' }, { 'date' => '2012-12-11T22:13:48', 'version' => '1.06' }, { 'date' => '2013-04-11T19:25:51', 'version' => '1.07' }, { 'date' => '2013-04-16T07:36:02', 'version' => '1.08' }, { 'date' => '2013-04-19T12:43:57', 'version' => '1.09' }, { 'date' => '2013-04-22T13:43:09', 'version' => '1.10' }, { 'date' => '2013-06-16T14:28:48', 'version' => '1.11' }, { 'date' => '2013-09-11T17:50:54', 'version' => '1.12' }, { 'date' => '2013-11-08T15:49:54', 'version' => '1.13' }, { 'date' => '2013-12-27T21:33:09', 'version' => '1.14' }, { 'date' => '2014-05-07T14:04:03', 'version' => '1.15' }, { 'date' => '2014-09-12T18:22:35', 'version' => '1.16' }, { 'date' => '2014-10-24T00:59:39', 'version' => '1.17' }, { 'date' => '2015-01-20T18:22:02', 'version' => '1.18' }, { 'date' => '2015-02-06T15:40:56', 'version' => '1.19' }, { 'date' => '2015-10-29T20:34:02', 'version' => '1.20' }, { 'date' => '2017-12-05T15:16:47', 'version' => '1.21' } ] }, 'Catalyst-Authentication-Store-LDAP' => { 'advisories' => [ { 'affected_versions' => '<1.013', 'cves' => [], 'description' => 'Incorrect password check binds to the unauthenticated user. ', 'distribution' => 'Catalyst-Authentication-Store-LDAP', 'fixed_versions' => '>=1.013', 'id' => 'CPANSA-Catalyst-Authentication-Store-LDAP-2012-01', 'references' => [ 'https://rt.cpan.org/Public/Bug/Display.html?id=81908' ], 'reported' => '2012-12-11', 'severity' => 'high' } ], 'main_module' => 'Catalyst::Authentication::Store::LDAP', 'versions' => [ { 'date' => '2008-02-05T18:18:24', 'version' => '0.1000' }, { 'date' => '2008-04-10T02:06:58', 'version' => '0.1001' }, { 'date' => '2008-07-09T20:45:43', 'version' => '0.1002' }, { 'date' => '2008-09-10T13:21:33', 'version' => '0.1003' }, { 'date' => '2008-10-22T01:57:27', 'version' => '0.1003' }, { 'date' => '2009-05-01T02:34:18', 'version' => '0.1005' }, { 'date' => '2009-12-11T18:54:26', 'version' => '1.006' }, { 'date' => '2010-03-19T10:07:13', 'version' => '1.007' }, { 'date' => '2010-04-03T03:04:13', 'version' => '1.008' }, { 'date' => '2010-05-15T07:14:41', 'version' => '1.009' }, { 'date' => '2010-07-06T21:39:55', 'version' => '1.010' }, { 'date' => '2010-07-07T20:41:22', 'version' => '1.011' }, { 'date' => '2010-10-05T08:11:56', 'version' => '1.012' }, { 'date' => '2013-01-09T14:58:46', 'version' => '1.013' }, { 'date' => '2013-04-26T19:51:28', 'version' => '1.014' }, { 'date' => '2015-02-20T18:07:31', 'version' => '1.015' }, { 'date' => '2016-02-11T17:50:52', 'version' => '1.016' }, { 'date' => '2021-05-26T09:59:28', 'version' => '1.017' } ] }, 'Catalyst-Controller-Combine' => { 'advisories' => [ { 'affected_versions' => '<0.12', 'cves' => [], 'description' => 'Allows to use url-encoded path-parts to crawl along the file system and read files outside the intended directory. ', 'distribution' => 'Catalyst-Controller-Combine', 'fixed_versions' => '>=0.12', 'id' => 'CPANSA-Catalyst-Controller-Combine-2010-01', 'references' => [ 'https://metacpan.org/changes/distribution/Catalyst-Controller-Combine' ], 'reported' => '2010-05-21' } ], 'main_module' => 'Catalyst::Controller::Combine', 'versions' => [ { 'date' => '2009-07-11T17:58:25', 'version' => '0.06' }, { 'date' => '2009-07-13T06:49:00', 'version' => '0.07' }, { 'date' => '2009-10-24T12:48:21', 'version' => '0.08' }, { 'date' => '2010-03-13T19:31:13', 'version' => '0.09' }, { 'date' => '2010-03-27T18:44:05', 'version' => '0.10' }, { 'date' => '2010-06-21T20:47:02', 'version' => '0.12' }, { 'date' => '2011-07-28T19:53:12', 'version' => '0.13' }, { 'date' => '2012-02-20T20:59:00', 'version' => '0.14' }, { 'date' => '2012-05-04T10:43:12', 'version' => '0.15' } ] }, 'Catalyst-Plugin-Static' => { 'advisories' => [ { 'affected_versions' => '<0.10', 'cves' => [], 'description' => 'Serving files outside of $config->{root} directory. ', 'distribution' => 'Catalyst-Plugin-Static', 'fixed_versions' => '>=0.10', 'id' => 'CPANSA-Catalyst-Plugin-Static-2005-01', 'reported' => '2005-11-14' } ], 'main_module' => 'Catalyst::Plugin::Static', 'versions' => [ { 'date' => '2005-01-29T00:00:20', 'version' => '0.01' }, { 'date' => '2005-02-19T20:28:50', 'version' => '0.02' }, { 'date' => '2005-03-17T01:01:03', 'version' => '0.03' }, { 'date' => '2005-03-17T19:10:36', 'version' => '0.04' }, { 'date' => '2005-03-21T13:34:27', 'version' => '0.05' }, { 'date' => '2005-03-23T06:48:05', 'version' => '0.05' }, { 'date' => '2005-04-15T16:58:18', 'version' => '0.06' }, { 'date' => '2005-04-17T14:50:45', 'version' => '0.07' }, { 'date' => '2005-09-06T13:42:42', 'version' => '0.08' }, { 'date' => '2005-11-14T08:38:35', 'version' => '0.09' }, { 'date' => '2005-11-14T10:26:31', 'version' => '0.10' }, { 'date' => '2009-10-18T18:13:00', 'version' => '0.11' } ] }, 'Catalyst-Plugin-Static-Simple' => { 'advisories' => [ { 'affected_versions' => '<0.34', 'cves' => [ 'CVE-2017-16248' ], 'description' => 'The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a \'.\' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a \'.\' character. ', 'distribution' => 'Catalyst-Plugin-Static-Simple', 'fixed_versions' => '>=0.34', 'id' => 'CPANSA-Catalyst-Plugin-Static-Simple-2017-01', 'references' => [ 'https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/', 'https://metacpan.org/pod/CPAN::Checksums' ], 'reported' => '2017-10-31' } ], 'main_module' => 'Catalyst::Plugin::Static::Simple', 'versions' => [ { 'date' => '2005-08-12T01:37:04', 'version' => '0.01' }, { 'date' => '2005-08-16T22:09:54', 'version' => '0.02' }, { 'date' => '2005-08-22T03:44:24', 'version' => '0.03' }, { 'date' => '2005-08-22T15:59:08', 'version' => '0.04' }, { 'date' => '2005-08-26T15:58:06', 'version' => '0.05' }, { 'date' => '2005-09-05T19:36:58', 'version' => '0.06' }, { 'date' => '2005-09-06T01:07:28', 'version' => '0.07' }, { 'date' => '2005-09-07T22:52:21', 'version' => '0.08' }, { 'date' => '2005-10-07T17:40:16', 'version' => '0.09' }, { 'date' => '2005-10-19T21:19:04', 'version' => '0.10' }, { 'date' => '2005-11-14T00:28:01', 'version' => '0.11' }, { 'date' => '2005-12-15T14:56:40', 'version' => '0.13' }, { 'date' => '2006-03-24T16:18:59', 'version' => '0.14' }, { 'date' => '2006-07-05T16:35:54', 'version' => '0.14' }, { 'date' => '2006-12-09T03:25:57', 'version' => '0.15' }, { 'date' => '2007-04-30T18:48:25', 'version' => '0.16' }, { 'date' => '2007-05-11T14:52:16', 'version' => '0.17' }, { 'date' => '2007-07-01T04:12:31', 'version' => '0.18' }, { 'date' => '2007-07-02T20:54:05', 'version' => '0.19' }, { 'date' => '2007-09-24T13:50:15', 'version' => '0.20' }, { 'date' => '2009-03-29T18:47:56', 'version' => '0.21' }, { 'date' => '2009-08-21T16:21:17', 'version' => '0.22' }, { 'date' => '2009-10-06T16:51:19', 'version' => '0.23' }, { 'date' => '2009-10-18T18:12:48', 'version' => '0.24' }, { 'date' => '2009-10-22T20:49:26', 'version' => '0.25' }, { 'date' => '2009-12-06T12:32:46', 'version' => '0.26' }, { 'date' => '2010-01-03T14:56:26', 'version' => '0.27' }, { 'date' => '2010-01-04T13:18:25', 'version' => '0.28' }, { 'date' => '2010-02-01T18:48:45', 'version' => '0.29' }, { 'date' => '2012-05-04T17:17:29', 'version' => '0.30' }, { 'date' => '2013-09-09T14:32:43', 'version' => '0.31' }, { 'date' => '2014-06-05T12:44:48', 'version' => '0.32' }, { 'date' => '2014-10-29T16:02:17', 'version' => '0.33' }, { 'date' => '2017-08-02T17:00:14', 'version' => '0.34' }, { 'date' => '2018-03-14T12:13:30', 'version' => '0.35' }, { 'date' => '2018-03-15T11:41:17', 'version' => '0.36' }, { 'date' => '2021-05-05T14:30:07', 'version' => '0.37' } ] }, 'Catalyst-Runtime' => { 'advisories' => [ { 'affected_versions' => '<5.90020', 'cves' => [], 'description' => 'Passing a special host to the redirect page link makes it vulnerable to XSS attack. ', 'distribution' => 'Catalyst-Runtime', 'fixed_versions' => '>=5.90020', 'id' => 'CPANSA-Catalyst-Runtime-2013-01', 'references' => [ 'http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/Catalyst-Runtime.git;a=commitdiff;h=7af54927870a7c6f89323ac1876d49f92e7841f5' ], 'reported' => '2013-01-23' }, { 'affected_versions' => '<5.58', 'cves' => [], 'description' => 'Path traversal in Static::Simple plugin. ', 'distribution' => 'Catalyst-Runtime', 'fixed_versions' => '>=5.58', 'id' => 'CPANSA-Catalyst-Runtime-2005-01', 'reported' => '2005-11-24' } ], 'main_module' => 'Catalyst::Runtime', 'versions' => [ { 'date' => '2006-06-25T19:20:53', 'version' => '5.70_01' }, { 'date' => '2006-06-27T18:10:20', 'version' => '5.70_02' }, { 'date' => '2006-06-28T21:50:30', 'version' => '5.70_03' }, { 'date' => '2006-07-07T22:47:30', 'version' => '5.7000' }, { 'date' => '2006-07-20T06:00:58', 'version' => '5.7001' }, { 'date' => '2006-09-19T07:36:29', 'version' => '5.7002' }, { 'date' => '2006-09-23T17:43:12', 'version' => '5.7003' }, { 'date' => '2006-11-06T23:28:40', 'version' => '5.7004' }, { 'date' => '2006-11-07T19:43:56', 'version' => '5.7005' }, { 'date' => '2006-11-15T08:27:59', 'version' => '5.7006' }, { 'date' => '2007-03-14T11:13:37', 'version' => '5.7007' }, { 'date' => '2007-08-13T06:36:11', 'version' => '5.7008' }, { 'date' => '2007-08-21T22:23:53', 'version' => '5.7009' }, { 'date' => '2007-08-22T05:51:41', 'version' => '5.7010' }, { 'date' => '2007-10-18T18:11:24', 'version' => '5.7011' }, { 'date' => '2007-12-17T08:19:28', 'version' => '5.7012' }, { 'date' => '2008-05-17T12:41:13', 'version' => '5.7013' }, { 'date' => '2008-05-25T21:16:45', 'version' => '5.7013' }, { 'date' => '2008-06-25T20:43:41', 'version' => '5.7099_01' }, { 'date' => '2008-07-18T11:41:25', 'version' => '5.7099_02' }, { 'date' => '2008-07-20T08:15:02', 'version' => '5.7099_02' }, { 'date' => '2008-10-13T20:55:41', 'version' => '5.7099_02' }, { 'date' => '2008-10-14T06:06:06', 'version' => '5.7099_02' }, { 'date' => '2008-10-15T21:44:15', 'version' => '5.7015' }, { 'date' => '2008-10-17T12:42:53', 'version' => '5.8000_03' }, { 'date' => '2008-12-05T15:11:14', 'version' => '5.8000_04' }, { 'date' => '2009-01-12T15:46:59', 'version' => '5.7099_04' }, { 'date' => '2009-01-19T17:36:04', 'version' => '5.71000' }, { 'date' => '2009-01-29T08:56:09', 'version' => '5.8000_05' }, { 'date' => '2009-02-04T20:08:22', 'version' => '5.8000_06' }, { 'date' => '2009-03-27T09:21:12', 'version' => '5.71001' }, { 'date' => '2009-04-13T19:03:36', 'version' => '5.8000_07' }, { 'date' => '2009-04-18T20:26:00', 'version' => '5.80001' }, { 'date' => '2009-04-21T23:45:45', 'version' => '5.80002' }, { 'date' => '2009-04-29T14:39:21', 'version' => '5.80003' }, { 'date' => '2009-05-18T15:16:38', 'version' => '5.80004' }, { 'date' => '2009-06-06T12:49:15', 'version' => '5.80005' }, { 'date' => '2009-06-29T22:11:48', 'version' => '5.80006' }, { 'date' => '2009-06-30T22:11:36', 'version' => '5.80007' }, { 'date' => '2009-08-21T16:14:33', 'version' => '5.80008' }, { 'date' => '2009-08-21T20:29:33', 'version' => '5.80009' }, { 'date' => '2009-08-21T21:42:08', 'version' => '5.80010' }, { 'date' => '2009-08-23T11:57:26', 'version' => '5.80011' }, { 'date' => '2009-09-09T18:01:32', 'version' => '5.80012' }, { 'date' => '2009-09-17T09:35:20', 'version' => '5.80013' }, { 'date' => '2009-11-21T02:32:20', 'version' => '5.80014' }, { 'date' => '2009-11-22T20:24:47', 'version' => '5.80014_01' }, { 'date' => '2009-12-01T01:14:00', 'version' => '5.80014_02' }, { 'date' => '2009-12-02T15:42:50', 'version' => '5.80015' }, { 'date' => '2009-12-11T23:37:44', 'version' => '5.80016' }, { 'date' => '2010-01-10T02:01:50', 'version' => '5.80017' }, { 'date' => '2010-01-12T21:39:47', 'version' => '5.80018' }, { 'date' => '2010-01-29T00:18:07', 'version' => '5.80019' }, { 'date' => '2010-02-04T06:19:31', 'version' => '5.80020' }, { 'date' => '2010-03-03T23:16:29', 'version' => '5.80021' }, { 'date' => '2010-03-28T19:25:48', 'version' => '5.80022' }, { 'date' => '2010-05-07T22:07:08', 'version' => '5.80023' }, { 'date' => '2010-05-15T09:57:52', 'version' => '5.80024' }, { 'date' => '2010-07-29T00:59:16', 'version' => '5.80025' }, { 'date' => '2010-09-01T15:10:42', 'version' => '5.80026' }, { 'date' => '2010-09-02T11:33:03', 'version' => '5.80027' }, { 'date' => '2010-09-28T20:14:11', 'version' => '5.80028' }, { 'date' => '2010-10-03T16:24:08', 'version' => '5.80029' }, { 'date' => '2011-01-04T12:56:30', 'version' => '5.80030' }, { 'date' => '2011-01-24T10:50:27', 'version' => '5.89000' }, { 'date' => '2011-01-31T08:25:21', 'version' => '5.80031' }, { 'date' => '2011-02-23T08:28:58', 'version' => '5.80032' }, { 'date' => '2011-03-01T14:56:37', 'version' => '5.89001' }, { 'date' => '2011-03-02T10:37:42', 'version' => '5.89002' }, { 'date' => '2011-07-24T15:58:37', 'version' => '5.80033' }, { 'date' => '2011-07-28T20:05:01', 'version' => '5.89003' }, { 'date' => '2011-08-15T21:35:34', 'version' => '5.9000' }, { 'date' => '2011-08-15T21:59:58', 'version' => '5.90001' }, { 'date' => '2011-08-22T20:55:10', 'version' => '5.90002' }, { 'date' => '2011-10-05T07:48:57', 'version' => '5.90003' }, { 'date' => '2011-10-11T15:19:05', 'version' => '5.90004' }, { 'date' => '2011-10-22T21:01:24', 'version' => '5.90005' }, { 'date' => '2011-10-25T17:54:34', 'version' => '5.90006' }, { 'date' => '2011-11-22T20:40:44', 'version' => '5.90007' }, { 'date' => '2012-02-06T21:08:28', 'version' => '5.90008' }, { 'date' => '2012-02-16T09:29:44', 'version' => '5.90009' }, { 'date' => '2012-02-18T00:49:30', 'version' => '5.90010' }, { 'date' => '2012-03-08T21:53:00', 'version' => '5.90011' }, { 'date' => '2012-05-19T07:13:21', 'version' => '5.90012' }, { 'date' => '2012-06-08T00:37:40', 'version' => '5.90013' }, { 'date' => '2012-06-21T20:41:41', 'version' => '5.90013' }, { 'date' => '2012-06-26T14:34:56', 'version' => '5.90014' }, { 'date' => '2012-06-30T18:00:53', 'version' => '5.90015' }, { 'date' => '2012-08-17T01:39:42', 'version' => '5.90016' }, { 'date' => '2012-10-19T21:51:54', 'version' => '5.90017' }, { 'date' => '2012-10-24T01:01:44', 'version' => '5.90018' }, { 'date' => '2012-12-04T22:04:19', 'version' => '5.90019' }, { 'date' => '2013-02-22T14:05:39', 'version' => '5.90020' }, { 'date' => '2013-04-12T17:09:27', 'version' => '5.90030' }, { 'date' => '2013-06-12T21:26:14', 'version' => '5.90040' }, { 'date' => '2013-06-15T02:10:17', 'version' => '5.90041' }, { 'date' => '2013-06-16T01:57:47', 'version' => '5.90042' }, { 'date' => '2013-07-26T19:13:01', 'version' => '5.90049_001' }, { 'date' => '2013-08-21T02:39:45', 'version' => '5.90049_002' }, { 'date' => '2013-09-20T19:03:54', 'version' => '5.90049_003' }, { 'date' => '2013-10-18T22:19:33', 'version' => '5.90049_004' }, { 'date' => '2013-10-31T20:48:42', 'version' => '5.90049_005' }, { 'date' => '2013-11-05T03:25:31', 'version' => '5.90049_006' }, { 'date' => '2013-11-05T22:35:22', 'version' => '5.90050' }, { 'date' => '2013-11-07T17:14:35', 'version' => '5.90051' }, { 'date' => '2013-12-18T20:03:22', 'version' => '5.90052' }, { 'date' => '2013-12-19T14:33:08', 'version' => '5.90059_001' }, { 'date' => '2013-12-22T16:18:16', 'version' => '5.90053' }, { 'date' => '2013-12-22T16:34:11', 'version' => '5.90059_002' }, { 'date' => '2013-12-27T02:27:08', 'version' => '5.90059_003' }, { 'date' => '2014-01-27T17:20:51', 'version' => '5.90059_004' }, { 'date' => '2014-01-28T19:36:58', 'version' => '5.90059_005' }, { 'date' => '2014-02-06T20:41:25', 'version' => '5.90059_006' }, { 'date' => '2014-02-08T03:11:11', 'version' => '5.90060' }, { 'date' => '2014-03-10T14:46:10', 'version' => '5.90061' }, { 'date' => '2014-04-14T18:53:26', 'version' => '5.90062' }, { 'date' => '2014-05-02T00:15:16', 'version' => '5.90063' }, { 'date' => '2014-05-05T14:55:25', 'version' => '5.90064' }, { 'date' => '2014-05-27T18:08:08', 'version' => '5.90069_001' }, { 'date' => '2014-06-05T12:44:59', 'version' => '5.90065' }, { 'date' => '2014-06-10T00:22:42', 'version' => '5.90069_002' }, { 'date' => '2014-08-06T15:09:29', 'version' => '5.90069_003' }, { 'date' => '2014-08-07T15:59:15', 'version' => '5.90069_004' }, { 'date' => '2014-08-07T21:49:59', 'version' => '5.90070' }, { 'date' => '2014-08-10T13:15:52', 'version' => '5.90071' }, { 'date' => '2014-09-15T16:30:58', 'version' => '5.90072' }, { 'date' => '2014-09-23T17:24:54', 'version' => '5.90073' }, { 'date' => '2014-10-01T21:45:12', 'version' => '5.90074' }, { 'date' => '2014-10-07T00:07:51', 'version' => '5.90075' }, { 'date' => '2014-11-14T00:20:16', 'version' => '5.90076' }, { 'date' => '2014-11-19T00:28:27', 'version' => '5.90077' }, { 'date' => '2014-12-02T21:50:30', 'version' => '5.90079_001' }, { 'date' => '2014-12-02T23:22:07', 'version' => '5.90079_002' }, { 'date' => '2014-12-03T19:45:16', 'version' => '5.90079_003' }, { 'date' => '2014-12-26T23:05:46', 'version' => '5.90079_004' }, { 'date' => '2014-12-31T16:26:20', 'version' => '5.90078' }, { 'date' => '2014-12-31T21:04:56', 'version' => '5.90079_005' }, { 'date' => '2015-01-02T15:11:55', 'version' => '5.90079_006' }, { 'date' => '2015-01-02T18:11:38', 'version' => '5.90079' }, { 'date' => '2015-01-07T20:01:40', 'version' => '5.90079_007' }, { 'date' => '2015-01-07T23:26:17', 'version' => '5.90079_008' }, { 'date' => '2015-01-09T17:04:47', 'version' => '5.90080' }, { 'date' => '2015-01-10T22:39:56', 'version' => '5.90081' }, { 'date' => '2015-01-10T23:33:56', 'version' => '5.90082' }, { 'date' => '2015-02-17T02:29:50', 'version' => '5.90083' }, { 'date' => '2015-02-23T22:24:50', 'version' => '5.90084' }, { 'date' => '2015-03-25T18:58:11', 'version' => '5.90085' }, { 'date' => '2015-03-26T21:30:15', 'version' => '5.90089_001' }, { 'date' => '2015-04-17T21:32:30', 'version' => '5.90089_002' }, { 'date' => '2015-04-27T20:20:40', 'version' => '5.90089_003' }, { 'date' => '2015-04-28T18:24:12', 'version' => '5.90089_004' }, { 'date' => '2015-04-29T14:04:24', 'version' => '5.90090' }, { 'date' => '2015-05-08T20:36:59', 'version' => '5.90091' }, { 'date' => '2015-05-19T16:48:30', 'version' => '5.90092' }, { 'date' => '2015-05-29T17:06:23', 'version' => '5.90093' }, { 'date' => '2015-07-24T20:17:46', 'version' => '5.90094' }, { 'date' => '2015-07-27T14:32:30', 'version' => '5.90095' }, { 'date' => '2015-07-27T15:44:59', 'version' => '5.90096' }, { 'date' => '2015-07-28T20:33:41', 'version' => '5.90097' }, { 'date' => '2015-08-24T16:30:12', 'version' => '5.90100' }, { 'date' => '2015-09-04T22:57:40', 'version' => '5.90101' }, { 'date' => '2015-10-29T19:39:24', 'version' => '5.90102' }, { 'date' => '2015-11-12T10:19:42', 'version' => '5.90103' }, { 'date' => '2016-04-04T17:18:38', 'version' => '5.90104' }, { 'date' => '2016-06-08T20:06:53', 'version' => '5.90105' }, { 'date' => '2016-07-06T01:21:42', 'version' => '5.90106' }, { 'date' => '2016-07-20T19:12:32', 'version' => '5.90110' }, { 'date' => '2016-07-20T20:07:16', 'version' => '5.90111' }, { 'date' => '2016-07-25T21:03:05', 'version' => '5.90112' }, { 'date' => '2016-12-15T21:35:30', 'version' => '5.90113' }, { 'date' => '2016-12-19T16:54:08', 'version' => '5.90114' }, { 'date' => '2017-05-01T16:42:46', 'version' => '5.90115' }, { 'date' => '2018-01-19T20:55:15', 'version' => '5.90116' }, { 'date' => '2018-01-21T23:47:21', 'version' => '5.90117' }, { 'date' => '2018-05-01T09:59:20', 'version' => '5.90118' }, { 'date' => '2018-09-24T00:25:48', 'version' => '5.90119' }, { 'date' => '2018-10-19T06:13:58', 'version' => '5.90120' }, { 'date' => '2018-10-22T20:39:48', 'version' => '5.90_121' }, { 'date' => '2018-11-03T14:52:06', 'version' => '5.90122' }, { 'date' => '2018-11-27T15:39:35', 'version' => '5.90123' }, { 'date' => '2019-01-18T22:36:07', 'version' => '5.90124' }, { 'date' => '2020-01-19T01:11:05', 'version' => '5.90125' }, { 'date' => '2020-01-20T01:40:16', 'version' => '5.90126' }, { 'date' => '2020-07-27T01:25:21', 'version' => '5.90_127' }, { 'date' => '2020-09-11T12:38:26', 'version' => '5.90128' }, { 'date' => '2022-07-23T13:13:34', 'version' => '5.90129' }, { 'date' => '2022-11-09T15:37:01', 'version' => '5.90130' }, { 'date' => '2023-07-20T23:09:29', 'version' => '5.90131' } ] }, 'Clipboard' => { 'advisories' => [ { 'affected_versions' => '<0.16', 'cves' => [ 'CVE-2014-5509' ], 'description' => 'clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. ', 'distribution' => 'Clipboard', 'fixed_versions' => undef, 'id' => 'CPANSA-Clipboard-2014-5509', 'references' => [ 'https://rt.cpan.org/Public/Bug/Display.html?id=98435', 'https://bugzilla.redhat.com/show_bug.cgi?id=1135624', 'http://www.securityfocus.com/bid/69473', 'http://www.openwall.com/lists/oss-security/2014/08/30/2' ], 'reported' => '2018-01-08', 'severity' => 'medium' } ], 'main_module' => 'Clipboard', 'versions' => [ { 'date' => '2005-05-01T17:19:57', 'version' => '0.01' }, { 'date' => '2005-05-02T06:17:33', 'version' => '0.02' }, { 'date' => '2005-05-04T06:17:44', 'version' => '0.03' }, { 'date' => '2005-05-08T05:54:44', 'version' => '0.04' }, { 'date' => '2005-06-01T17:00:34', 'version' => '0.06' }, { 'date' => '2005-06-02T05:06:37', 'version' => '0.07' }, { 'date' => '2005-06-22T17:05:15', 'version' => '0.08' }, { 'date' => '2005-11-19T06:12:48', 'version' => '0.09' }, { 'date' => '2010-10-07T01:39:10', 'version' => '0.10' }, { 'date' => '2010-10-07T04:49:39', 'version' => '0.11' }, { 'date' => '2010-10-11T06:13:22', 'version' => '0.12' }, { 'date' => '2010-10-13T04:46:50', 'version' => '0.13' }, { 'date' => '2019-01-30T10:47:45', 'version' => '0.14' }, { 'date' => '2019-01-30T11:00:22', 'version' => '0.15' }, { 'date' => '2019-01-30T11:22:23', 'version' => '0.16' }, { 'date' => '2019-01-30T14:00:52', 'version' => '0.17' }, { 'date' => '2019-01-30T20:12:11', 'version' => '0.18' }, { 'date' => '2019-01-31T11:00:20', 'version' => '0.19' }, { 'date' => '2019-04-17T20:55:35', 'version' => '0.20' }, { 'date' => '2019-12-02T06:04:27', 'version' => '0.21' }, { 'date' => '2020-01-28T18:10:34', 'version' => '0.22' }, { 'date' => '2020-03-06T15:43:11', 'version' => '0.23' }, { 'date' => '2020-03-07T08:25:07', 'version' => '0.24' }, { 'date' => '2020-05-14T06:33:28', 'version' => '0.25' }, { 'date' => '2020-05-16T07:56:58', 'version' => '0.26' }, { 'date' => '2021-02-13T18:13:34', 'version' => '0.27' }, { 'date' => '2021-02-23T07:47:20', 'version' => '0.28' } ] }, 'Cmd-Dwarf' => { 'advisories' => [ { 'affected_versions' => '<1.20', 'cves' => [], 'description' => 'JSON highjacking possibility. ', 'distribution' => 'Cmd-Dwarf', 'fixed_versions' => '>=1.20', 'id' => 'CPANSA-Cmd-Dwarf-2014-01', 'references' => [ 'https://github.com/seagirl/dwarf/commit/14cf7a1d55db635a07f4838e16f3d9a28e63f529', 'https://metacpan.org/changes/distribution/Cmd-Dwarf' ], 'reported' => '2014-12-03' } ], 'main_module' => 'Cmd::Dwarf', 'versions' => [ { 'date' => '2015-07-30T06:48:35', 'version' => '1.27' }, { 'date' => '2015-08-26T13:27:51', 'version' => '1.28' }, { 'date' => '2015-08-28T08:58:33', 'version' => '1.29' }, { 'date' => '2015-09-17T08:17:32', 'version' => '1.30' }, { 'date' => '2016-01-20T06:39:15', 'version' => '1.31' }, { 'date' => '2016-10-25T05:56:33', 'version' => '1.41' }, { 'date' => '2017-03-29T04:42:05', 'version' => '1.42' }, { 'date' => '2017-06-21T07:06:05', 'version' => '1.50' }, { 'date' => '2017-10-05T08:08:01', 'version' => '1.60' }, { 'date' => '2018-03-17T07:35:19', 'version' => '1.70' }, { 'date' => '2018-08-18T11:43:10', 'version' => '1.80' }, { 'date' => '2019-04-05T05:22:33', 'version' => '1.81' }, { 'date' => '2019-04-05T05:36:46', 'version' => '1.82' }, { 'date' => '2019-04-05T09:06:55', 'version' => '1.83' } ] }, 'Compress-LZ4' => { 'advisories' => [ { 'affected_versions' => '<0.20', 'cves' => [], 'description' => 'Outdated LZ4 source code with security issue on 32bit systems. ', 'distribution' => 'Compress-LZ4', 'fixed_versions' => '>=0.20', 'id' => 'CPANSA-Compress-LZ4-2014-01', 'references' => [ 'https://metacpan.org/changes/distribution/Compress-LZ4', 'https://github.com/gray/compress-lz4/commit/fc503812b4cbba16429658e1dfe20ad8bbfd77a0' ], 'reported' => '2014-07-07' } ], 'main_module' => 'Compress::LZ4', 'versions' => [ { 'date' => '2012-02-11T16:33:26', 'version' => '0.01' }, { 'date' => '2012-02-20T21:26:48', 'version' => '0.02' }, { 'date' => '2012-03-02T04:47:50', 'version' => '0.03' }, { 'date' => '2012-03-18T07:09:30', 'version' => '0.04' }, { 'date' => '2012-03-18T19:45:25', 'version' => '0.05' }, { 'date' => '2012-03-22T09:23:45', 'version' => '0.06' }, { 'date' => '2012-03-22T16:12:43', 'version' => '0.07' }, { 'date' => '2012-03-23T16:29:14', 'version' => '0.08' }, { 'date' => '2012-03-23T17:27:12', 'version' => '0.09' }, { 'date' => '2012-03-26T11:28:24', 'version' => '0.10' }, { 'date' => '2012-04-03T21:36:24', 'version' => '0.11' }, { 'date' => '2012-04-04T12:55:22', 'version' => '0.12' }, { 'date' => '2012-06-01T18:55:41', 'version' => '0.13' }, { 'date' => '2012-08-10T00:21:56', 'version' => '0.14' }, { 'date' => '2012-08-11T16:37:53', 'version' => '0.15' }, { 'date' => '2012-09-08T18:18:41', 'version' => '0.16' }, { 'date' => '2013-03-19T00:39:07', 'version' => '0.17' }, { 'date' => '2013-11-19T00:56:57', 'version' => '0.18' }, { 'date' => '2014-02-08T00:35:09', 'version' => '0.19' }, { 'date' => '2014-07-07T21:08:49', 'version' => '0.20' }, { 'date' => '2015-05-12T19:01:36', 'version' => '0.21' }, { 'date' => '2015-05-20T06:16:53', 'version' => '0.22' }, { 'date' => '2016-07-25T20:45:05', 'version' => '0.23' }, { 'date' => '2017-03-23T04:34:45', 'version' => '0.24' }, { 'date' => '2017-04-06T16:38:31', 'version' => '0.25' } ] }, 'Compress-Raw-Bzip2' => { 'advisories' => [ { 'affected_versions' => '<2.031', 'cves' => [ 'CVE-2010-0405' ], 'description' => 'Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. ', 'distribution' => 'Compress-Raw-Bzip2', 'fixed_versions' => '>=2.031', 'id' => 'CPANSA-Compress-Raw-Bzip2-2010-0405', 'references' => [ 'https://metacpan.org/changes/distribution/Compress-Raw-Bzip2' ], 'reported' => '2010-01-27' }, { 'affected_versions' => '<2.018', 'cves' => [ 'CVE-2009-1884' ], 'description' => 'Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. ', 'distribution' => 'Compress-Raw-Bzip2', 'fixed_versions' => '>=2.018', 'id' => 'CPANSA-Compress-Raw-Bzip2-2009-1884', 'references' => [ 'http://security.gentoo.org/glsa/glsa-200908-07.xml', 'https://bugs.gentoo.org/show_bug.cgi?id=281955', 'https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html', 'https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html', 'http://www.securityfocus.com/bid/36082', 'http://secunia.com/advisories/36386', 'https://bugzilla.redhat.com/show_bug.cgi?id=518278', 'http://secunia.com/advisories/36415', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/52628' ], 'reported' => '2009-08-19', 'severity' => undef } ], 'main_module' => 'Compress::Raw::Bzip2', 'versions' => [ { 'date' => '2006-03-13T16:14:00', 'version' => '2.000_10' }, { 'date' => '2006-04-15T21:23:09', 'version' => '2.000_11' }, { 'date' => '2006-05-17T12:43:30', 'version' => '2.000_12' }, { 'date' => '2006-06-20T12:43:47', 'version' => '2.000_13' }, { 'date' => '2006-10-26T14:15:45', 'version' => '2.000_14' }, { 'date' => '2006-11-01T10:35:27', 'version' => '2.001' }, { 'date' => '2006-12-29T20:40:23', 'version' => '2.002' }, { 'date' => '2007-01-02T13:03:45', 'version' => '2.003' }, { 'date' => '2007-03-03T15:50:04', 'version' => '2.004' }, { 'date' => '2007-07-01T00:06:51', 'version' => '2.005' }, { 'date' => '2007-09-01T19:44:48', 'version' => '2.006' }, { 'date' => '2007-11-10T11:59:25', 'version' => '2.008' }, { 'date' => '2008-04-20T14:41:25', 'version' => '2.009' }, { 'date' => '2008-05-05T17:18:15', 'version' => '2.010' }, { 'date' => '2008-05-17T11:16:17', 'version' => '2.011' }, { 'date' => '2008-07-15T22:23:56', 'version' => '2.012' }, { 'date' => '2008-09-02T20:20:05', 'version' => '2.014' }, { 'date' => '2008-09-03T20:47:15', 'version' => '2.015' }, { 'date' => '2009-04-04T09:47:36', 'version' => '2.017' }, { 'date' => '2009-05-03T16:26:57', 'version' => '2.018' }, { 'date' => '2009-05-04T09:42:06', 'version' => '2.019' }, { 'date' => '2009-06-03T17:48:18', 'version' => '2.020' }, { 'date' => '2009-08-30T20:25:24', 'version' => '2.021' }, { 'date' => '2009-11-09T23:25:19', 'version' => '2.023' }, { 'date' => '2010-01-09T17:56:12', 'version' => '2.024' }, { 'date' => '2010-03-28T12:56:33', 'version' => '2.025' }, { 'date' => '2010-04-07T19:49:29', 'version' => '2.026' }, { 'date' => '2010-04-24T19:15:32', 'version' => '2.027' }, { 'date' => '2010-07-24T14:29:17', 'version' => '2.030' }, { 'date' => '2010-09-21T19:44:52', 'version' => '2.031' }, { 'date' => '2011-01-06T11:26:00', 'version' => '2.032' }, { 'date' => '2011-01-11T14:02:05', 'version' => '2.033' }, { 'date' => '2011-05-02T21:50:15', 'version' => '2.034' }, { 'date' => '2011-05-07T08:30:09', 'version' => '2.035' }, { 'date' => '2011-06-18T21:45:13', 'version' => '2.036' }, { 'date' => '2011-06-22T07:17:56', 'version' => '2.037' }, { 'date' => '2011-10-28T14:27:59', 'version' => '2.039' }, { 'date' => '2011-10-28T22:18:59', 'version' => '2.040' }, { 'date' => '2011-11-17T23:44:58', 'version' => '2.042' }, { 'date' => '2011-11-20T21:31:34', 'version' => '2.043' }, { 'date' => '2011-12-03T22:48:47', 'version' => '2.044' }, { 'date' => '2011-12-04T19:19:58', 'version' => '2.045' }, { 'date' => '2012-01-28T23:26:44', 'version' => '2.047' }, { 'date' => '2012-01-29T16:58:55', 'version' => '2.048' }, { 'date' => '2012-02-18T15:56:34', 'version' => '2.049' }, { 'date' => '2012-04-29T12:40:06', 'version' => '2.052' }, { 'date' => '2012-08-05T20:35:37', 'version' => '2.055' }, { 'date' => '2012-11-10T19:08:29', 'version' => '2.057' }, { 'date' => '2012-11-12T22:14:16', 'version' => '2.058' }, { 'date' => '2012-11-25T13:38:19', 'version' => '2.059' }, { 'date' => '2013-01-07T20:02:08', 'version' => '2.060' }, { 'date' => '2013-05-27T09:54:30', 'version' => '2.061' }, { 'date' => '2013-08-12T19:06:20', 'version' => '2.062' }, { 'date' => '2013-11-02T17:14:54', 'version' => '2.063' }, { 'date' => '2014-02-01T23:19:50', 'version' => '2.064' }, { 'date' => '2014-09-21T12:40:58', 'version' => '2.066' }, { 'date' => '2014-12-08T15:12:21', 'version' => '2.067' }, { 'date' => '2014-12-23T17:44:34', 'version' => '2.068' }, { 'date' => '2015-09-27T14:33:57', 'version' => '2.069' }, { 'date' => '2016-12-28T23:07:42', 'version' => '2.070' }, { 'date' => '2017-02-12T20:39:20', 'version' => '2.072' }, { 'date' => '2017-02-19T20:35:17', 'version' => '2.073' }, { 'date' => '2017-02-19T22:11:17', 'version' => '2.074' }, { 'date' => '2018-04-03T18:20:04', 'version' => '2.080' }, { 'date' => '2018-04-08T15:01:21', 'version' => '2.081' }, { 'date' => '2018-12-30T22:38:05', 'version' => '2.083' }, { 'date' => '2019-01-06T08:56:52', 'version' => '2.084' }, { 'date' => '2019-03-31T19:13:22', 'version' => '2.086' }, { 'date' => '2019-08-10T18:11:44', 'version' => '2.087' }, { 'date' => '2019-11-03T08:56:50', 'version' => '2.088' }, { 'date' => '2019-11-03T19:53:42', 'version' => '2.089' }, { 'date' => '2019-11-09T18:35:48', 'version' => '2.090' }, { 'date' => '2019-11-23T19:34:12', 'version' => '2.091' }, { 'date' => '2019-12-04T22:08:25', 'version' => '2.092' }, { 'date' => '2019-12-07T16:05:12', 'version' => '2.093' }, { 'date' => '2020-07-13T10:53:44', 'version' => '2.094' }, { 'date' => '2020-07-20T19:13:40', 'version' => '2.095' }, { 'date' => '2020-07-31T20:50:12', 'version' => '2.096' }, { 'date' => '2021-01-07T13:00:00', 'version' => '2.100' }, { 'date' => '2021-02-20T14:08:53', 'version' => '2.101' }, { 'date' => '2022-04-03T19:48:28', 'version' => '2.103' }, { 'date' => '2022-06-25T09:02:32', 'version' => '2.201' }, { 'date' => '2023-02-08T19:23:39', 'version' => '2.204' }, { 'date' => '2023-07-16T15:36:44', 'version' => '2.205' }, { 'date' => '2023-07-25T15:36:59', 'version' => '2.206' } ] }, 'Compress-Raw-Zlib' => { 'advisories' => [ { 'affected_versions' => '<2.017', 'cves' => [ 'CVE-2009-1391' ], 'description' => 'Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. ', 'distribution' => 'Compress-Raw-Zlib', 'fixed_versions' => undef, 'id' => 'CPANSA-Compress-Raw-Zlib-2009-1391', 'references' => [ 'http://article.gmane.org/gmane.mail.virus.amavis.user/33635', 'http://article.gmane.org/gmane.mail.virus.amavis.user/33638', 'http://www.securityfocus.com/bid/35307', 'http://secunia.com/advisories/35422', 'https://bugzilla.redhat.com/show_bug.cgi?id=504386', 'http://www.vupen.com/english/advisories/2009/1571', 'http://thread.gmane.org/gmane.mail.virus.amavis.user/33635', 'http://osvdb.org/55041', 'http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html', 'http://secunia.com/advisories/35876', 'http://secunia.com/advisories/35685', 'https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html', 'http://secunia.com/advisories/35689', 'http://www.mandriva.com/security/advisories?name=MDVSA-2009:157', 'http://security.gentoo.org/glsa/glsa-200908-07.xml', 'https://bugs.gentoo.org/show_bug.cgi?id=273141', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/51062', 'https://usn.ubuntu.com/794-1/' ], 'reported' => '2009-06-16', 'severity' => undef } ], 'main_module' => 'Compress::Raw::Zlib', 'versions' => [ { 'date' => '2006-03-03T23:06:38', 'version' => '2.000_09' }, { 'date' => '2006-03-13T16:14:20', 'version' => '2.000_10' }, { 'date' => '2006-04-15T21:23:24', 'version' => '2.000_11' }, { 'date' => '2006-05-17T12:43:41', 'version' => '2.000_12' }, { 'date' => '2006-06-20T12:45:30', 'version' => '2.000_13' }, { 'date' => '2006-10-26T14:15:34', 'version' => '2.000_09' }, { 'date' => '2006-11-01T10:35:38', 'version' => '2.001' }, { 'date' => '2006-12-29T20:40:35', 'version' => '2.002' }, { 'date' => '2007-01-02T13:03:57', 'version' => '2.003' }, { 'date' => '2007-03-03T15:50:15', 'version' => '2.004' }, { 'date' => '2007-07-01T00:07:02', 'version' => '2.005' }, { 'date' => '2007-09-01T19:44:59', 'version' => '2.006' }, { 'date' => '2007-11-10T11:59:36', 'version' => '2.008' }, { 'date' => '2008-04-20T14:42:52', 'version' => '2.009' }, { 'date' => '2008-05-05T17:18:27', 'version' => '2.010' }, { 'date' => '2008-05-17T11:16:28', 'version' => '2.011' }, { 'date' => '2008-07-15T22:24:07', 'version' => '2.012' }, { 'date' => '2008-09-02T20:20:16', 'version' => '2.014' }, { 'date' => '2008-09-03T20:47:27', 'version' => '2.015' }, { 'date' => '2009-04-04T09:49:03', 'version' => '2.017' }, { 'date' => '2009-05-03T16:27:08', 'version' => '2.018' }, { 'date' => '2009-05-04T09:42:17', 'version' => '2.019' }, { 'date' => '2009-06-03T17:48:30', 'version' => '2.020' }, { 'date' => '2009-08-30T20:25:35', 'version' => '2.021' }, { 'date' => '2009-11-09T23:26:59', 'version' => '2.023' }, { 'date' => '2010-01-09T17:56:35', 'version' => '2.024' }, { 'date' => '2010-03-28T12:57:08', 'version' => '2.025' }, { 'date' => '2010-04-07T19:51:09', 'version' => '2.026' }, { 'date' => '2010-04-24T19:15:54', 'version' => '2.027' }, { 'date' => '2010-07-24T14:31:01', 'version' => '2.030' }, { 'date' => '2011-01-06T11:23:45', 'version' => '2.032' }, { 'date' => '2011-01-11T14:03:45', 'version' => '2.033' }, { 'date' => '2011-05-02T22:05:37', 'version' => '2.034' }, { 'date' => '2011-05-07T08:31:57', 'version' => '2.035' }, { 'date' => '2011-06-18T21:45:36', 'version' => '2.036' }, { 'date' => '2011-06-22T07:18:22', 'version' => '2.037' }, { 'date' => '2011-10-28T14:28:35', 'version' => '2.039' }, { 'date' => '2011-10-28T22:20:38', 'version' => '2.040' }, { 'date' => '2011-11-17T23:45:21', 'version' => '2.042' }, { 'date' => '2011-11-20T21:33:33', 'version' => '2.043' }, { 'date' => '2011-12-03T22:49:10', 'version' => '2.044' }, { 'date' => '2011-12-04T19:21:36', 'version' => '2.045' }, { 'date' => '2012-01-28T23:28:28', 'version' => '2.047' }, { 'date' => '2012-01-29T17:00:33', 'version' => '2.048' }, { 'date' => '2012-02-18T15:58:12', 'version' => '2.049' }, { 'date' => '2012-02-21T19:35:18', 'version' => '2.050' }, { 'date' => '2012-02-22T20:43:23', 'version' => '2.051' }, { 'date' => '2012-04-29T12:41:57', 'version' => '2.052' }, { 'date' => '2012-05-06T08:40:06', 'version' => '2.053' }, { 'date' => '2012-05-08T19:22:47', 'version' => '2.054' }, { 'date' => '2012-08-05T20:36:06', 'version' => '2.055' }, { 'date' => '2012-08-10T22:20:09', 'version' => '2.056' }, { 'date' => '2012-11-10T19:08:56', 'version' => '2.057' }, { 'date' => '2012-11-12T22:14:42', 'version' => '2.058' }, { 'date' => '2012-11-25T13:38:42', 'version' => '2.059' }, { 'date' => '2013-01-07T20:02:22', 'version' => '2.060' }, { 'date' => '2013-05-27T09:54:54', 'version' => '2.061' }, { 'date' => '2013-08-12T19:08:05', 'version' => '2.062' }, { 'date' => '2013-11-02T17:15:17', 'version' => '2.063' }, { 'date' => '2014-02-01T23:21:28', 'version' => '2.064' }, { 'date' => '2014-02-03T20:23:00', 'version' => '2.065' }, { 'date' => '2014-09-21T12:42:35', 'version' => '2.066' }, { 'date' => '2014-12-08T15:14:00', 'version' => '2.067' }, { 'date' => '2014-12-23T17:44:57', 'version' => '2.068' }, { 'date' => '2015-09-26T18:41:58', 'version' => '2.069' }, { 'date' => '2016-12-28T23:09:21', 'version' => '2.070' }, { 'date' => '2016-12-30T22:58:08', 'version' => '2.071' }, { 'date' => '2017-02-12T20:41:25', 'version' => '2.072' }, { 'date' => '2017-02-19T20:37:20', 'version' => '2.073' }, { 'date' => '2017-02-19T22:11:41', 'version' => '2.074' }, { 'date' => '2017-11-14T15:43:26', 'version' => '2.075' }, { 'date' => '2017-11-21T22:29:23', 'version' => '2.076' }, { 'date' => '2018-04-03T18:22:06', 'version' => '2.080' }, { 'date' => '2018-04-08T15:02:55', 'version' => '2.081' }, { 'date' => '2018-12-30T22:40:08', 'version' => '2.083' }, { 'date' => '2019-01-06T08:57:15', 'version' => '2.084' }, { 'date' => '2019-03-31T19:11:54', 'version' => '2.086' }, { 'date' => '2019-08-10T18:12:03', 'version' => '2.087' }, { 'date' => '2019-11-03T08:55:23', 'version' => '2.088' }, { 'date' => '2019-11-03T19:54:04', 'version' => '2.089' }, { 'date' => '2019-11-09T15:58:48', 'version' => '2.090' }, { 'date' => '2019-11-23T19:34:34', 'version' => '2.091' }, { 'date' => '2019-12-04T22:08:37', 'version' => '2.092' }, { 'date' => '2019-12-07T16:05:34', 'version' => '2.093' }, { 'date' => '2020-07-13T10:54:06', 'version' => '2.094' }, { 'date' => '2020-07-21T06:57:01', 'version' => '2.095' }, { 'date' => '2020-07-31T20:48:45', 'version' => '2.096' }, { 'date' => '2021-01-07T13:00:23', 'version' => '2.100' }, { 'date' => '2021-02-20T14:10:43', 'version' => '2.101' }, { 'date' => '2022-04-03T19:48:50', 'version' => '2.103' }, { 'date' => '2022-05-13T06:30:30', 'version' => '2.104' }, { 'date' => '2022-05-14T14:24:32', 'version' => '2.105' }, { 'date' => '2022-06-21T21:19:21', 'version' => '2.200' }, { 'date' => '2022-06-25T09:04:10', 'version' => '2.201' }, { 'date' => '2022-06-27T08:18:10', 'version' => '2.202' }, { 'date' => '2023-02-08T19:26:25', 'version' => '2.204' }, { 'date' => '2023-07-16T15:32:41', 'version' => '2.205' }, { 'date' => '2023-07-25T15:35:40', 'version' => '2.206' } ] }, 'Config-IniFiles' => { 'advisories' => [ { 'affected_versions' => '<2.71', 'cves' => [ 'CVE-2012-2451' ], 'description' => 'The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries. ', 'distribution' => 'Config-IniFiles', 'fixed_versions' => undef, 'id' => 'CPANSA-Config-IniFiles-2012-2451', 'references' => [ 'http://www.openwall.com/lists/oss-security/2012/05/02/6', 'http://www.osvdb.org/81671', 'http://secunia.com/advisories/48990', 'https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59', 'https://bugzilla.redhat.com/show_bug.cgi?id=818386', 'http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080713.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080716.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081207.html', 'http://www.securityfocus.com/bid/53361', 'http://www.ubuntu.com/usn/USN-1543-1', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/75328' ], 'reported' => '2012-06-27', 'severity' => undef } ], 'main_module' => 'Config::IniFiles', 'versions' => [ { 'date' => '2000-06-20T02:07:11', 'version' => '0.05' }, { 'date' => '2000-06-26T02:38:13', 'version' => '0.06' }, { 'date' => '2000-07-31T01:32:53', 'version' => '0.08' }, { 'date' => '2000-07-31T01:51:15', 'version' => '0.09' }, { 'date' => '2000-09-17T03:29:50', 'version' => '0.11' }, { 'date' => '2000-09-20T01:06:10', 'version' => '1.6' }, { 'date' => '2000-10-17T02:01:37', 'version' => '1.8' }, { 'date' => '2000-11-25T03:36:14', 'version' => '1.11' }, { 'date' => '2000-11-28T14:09:00', 'version' => '1.12' }, { 'date' => '2000-11-28T14:09:15', 'version' => '1.13' }, { 'date' => '2000-12-13T17:45:25', 'version' => '2.10' }, { 'date' => '2000-12-18T17:56:28', 'version' => '2.13' }, { 'date' => '2001-01-08T18:27:24', 'version' => '2.14' }, { 'date' => '2001-03-24T21:54:18', 'version' => '2.17' }, { 'date' => '2001-03-30T04:48:27', 'version' => '2.18' }, { 'date' => '2001-04-05T01:06:51', 'version' => '2.19' }, { 'date' => '2001-08-28T11:05:35', 'version' => '2.21' }, { 'date' => '2001-12-06T17:15:03', 'version' => '2.22' }, { 'date' => '2001-12-07T16:24:14', 'version' => '2.23' }, { 'date' => '2001-12-07T17:27:08', 'version' => '2.24' }, { 'date' => '2001-12-12T20:50:06', 'version' => '2.25' }, { 'date' => '2001-12-19T22:26:32', 'version' => '2.26' }, { 'date' => '2001-12-20T16:11:24', 'version' => '2.27' }, { 'date' => '2002-08-15T21:41:35', 'version' => '2.29' }, { 'date' => '2002-10-15T18:59:21', 'version' => '2.30' }, { 'date' => '2002-12-18T01:58:55', 'version' => '2.36' }, { 'date' => '2003-01-31T23:06:08', 'version' => '2.37' }, { 'date' => '2003-05-14T01:38:13', 'version' => '2.38' }, { 'date' => '2005-04-29T20:33:23', 'version' => '2.39' }, { 'date' => '2008-12-04T17:02:19', 'version' => '2.43' }, { 'date' => '2008-12-25T09:47:08', 'version' => '2.44' }, { 'date' => '2008-12-27T15:25:59', 'version' => '2.45' }, { 'date' => '2009-01-17T14:40:26', 'version' => '2.46' }, { 'date' => '2009-01-21T09:41:11', 'version' => '2.47' }, { 'date' => '2009-04-07T12:26:44', 'version' => '2.48' }, { 'date' => '2009-05-02T14:27:53', 'version' => '2.49' }, { 'date' => '2009-05-31T11:58:04', 'version' => '2.50' }, { 'date' => '2009-06-08T09:41:11', 'version' => '2.51' }, { 'date' => '2009-06-28T13:21:57', 'version' => '2.52' }, { 'date' => '2009-11-13T09:58:28', 'version' => '2.53' }, { 'date' => '2009-11-18T11:15:13', 'version' => '2.54' }, { 'date' => '2009-12-22T15:48:07', 'version' => '2.55' }, { 'date' => '2009-12-31T04:57:40', 'version' => '2.56' }, { 'date' => '2010-03-01T13:51:57', 'version' => '2.57' }, { 'date' => '2010-05-17T07:45:33', 'version' => '2.58' }, { 'date' => '2010-11-12T11:33:52', 'version' => '2.59' }, { 'date' => '2010-11-13T07:22:50', 'version' => '2.60' }, { 'date' => '2010-11-14T08:57:26', 'version' => '2.61' }, { 'date' => '2010-11-19T13:37:37', 'version' => '2.62' }, { 'date' => '2010-11-19T14:54:12', 'version' => '2.63' }, { 'date' => '2010-11-20T09:55:05', 'version' => '2.64' }, { 'date' => '2010-11-25T18:48:52', 'version' => '2.65' }, { 'date' => '2011-01-29T16:40:18', 'version' => '2.66' }, { 'date' => '2011-06-21T11:59:37', 'version' => '2.67' }, { 'date' => '2011-06-21T19:18:33', 'version' => '2.68' }, { 'date' => '2012-04-05T09:10:11', 'version' => '2.69' }, { 'date' => '2012-04-06T09:52:14', 'version' => '2.70' }, { 'date' => '2012-05-02T08:05:15', 'version' => '2.71' }, { 'date' => '2012-05-05T16:56:55', 'version' => '2.72' }, { 'date' => '2012-05-14T07:49:33', 'version' => '2.73' }, { 'date' => '2012-05-23T21:47:46', 'version' => '2.74' }, { 'date' => '2012-05-25T12:29:48', 'version' => '2.75' }, { 'date' => '2012-06-15T14:47:10', 'version' => '2.76' }, { 'date' => '2012-06-21T16:39:23', 'version' => '2.77' }, { 'date' => '2012-10-21T11:18:39', 'version' => '2.78' }, { 'date' => '2013-05-06T07:10:33', 'version' => '2.79' }, { 'date' => '2013-05-14T19:25:07', 'version' => '2.80' }, { 'date' => '2013-05-16T10:36:17', 'version' => '2.81' }, { 'date' => '2013-05-21T15:35:10', 'version' => '2.82' }, { 'date' => '2014-01-27T09:01:28', 'version' => '2.83' }, { 'date' => '2015-04-13T18:40:30', 'version' => '2.84' }, { 'date' => '2015-04-13T19:08:57', 'version' => '2.85' }, { 'date' => '2015-04-14T07:55:59', 'version' => '2.86' }, { 'date' => '2015-06-16T09:06:37', 'version' => '2.87' }, { 'date' => '2015-07-10T08:38:11', 'version' => '2.88' }, { 'date' => '2016-05-03T09:14:13', 'version' => '2.89' }, { 'date' => '2016-06-02T13:09:19', 'version' => '2.90' }, { 'date' => '2016-06-03T03:11:38', 'version' => '2.91' }, { 'date' => '2016-06-17T09:34:08', 'version' => '2.92' }, { 'date' => '2016-07-24T08:34:00', 'version' => '2.93' }, { 'date' => '2016-11-29T17:31:38', 'version' => '2.94' }, { 'date' => '2018-03-16T11:14:39', 'version' => '2.95' }, { 'date' => '2018-04-07T08:45:56', 'version' => '2.96' }, { 'date' => '2018-04-21T09:13:56', 'version' => '2.97' }, { 'date' => '2018-04-21T11:50:34', 'version' => '2.98' }, { 'date' => '2018-09-13T07:11:41', 'version' => '3.000000' }, { 'date' => '2019-01-16T09:54:40', 'version' => '3.000001' }, { 'date' => '2019-03-14T13:34:40', 'version' => '3.000002' }, { 'date' => '2020-03-24T15:45:08', 'version' => '3.000003' } ] }, 'Config-Model' => { 'advisories' => [ { 'affected_versions' => '<2.102', 'cves' => [ 'CVE-2017-0373' ], 'description' => 'The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. ', 'distribution' => 'Config-Model', 'fixed_versions' => '>=2.102', 'id' => 'CPANSA-Config-Model-2017-03', 'references' => [ 'https://metacpan.org/changes/distribution/Config-Model', 'https://github.com/dod38fr/config-model/commit/9bd64d9ec6c0939166a2216a37d58dd19a725951' ], 'reported' => '2017-05-10' }, { 'affected_versions' => '<2.102', 'cves' => [ 'CVE-2017-0374' ], 'description' => 'Loads models from a local directory, making it possible to substitute the model. ', 'distribution' => 'Config-Model', 'fixed_versions' => '>=2.102', 'id' => 'CPANSA-Config-Model-2017-02', 'references' => [ 'https://metacpan.org/changes/distribution/Config-Model', 'https://github.com/dod38fr/config-model/commit/4d37c75b0c4f9633b67999f8260b08027a6bc524' ], 'reported' => '2017-05-10' }, { 'affected_versions' => '<2.102', 'cves' => [], 'description' => 'YAML or YAML::XS can be loaded automatically making it possible to run arbitrary code loading a specially crafted YAML file. ', 'distribution' => 'Config-Model', 'fixed_versions' => '>=2.102', 'id' => 'CPANSA-Config-Model-2017-01', 'references' => [ 'https://metacpan.org/changes/distribution/Config-Model', 'https://github.com/dod38fr/config-model/commit/01d212348bfbadf31bd74aadd26b1e391ff2fd92' ], 'reported' => '2017-05-10' } ], 'main_module' => 'Config::Model', 'versions' => [ { 'date' => '2006-04-21T12:27:44', 'version' => '0.505' }, { 'date' => '2006-05-19T13:32:14', 'version' => '0.506' }, { 'date' => '2006-06-15T12:10:38', 'version' => '0.507' }, { 'date' => '2006-07-20T12:28:36', 'version' => '0.601' }, { 'date' => '2006-09-07T12:06:17', 'version' => '0.602' }, { 'date' => '2006-10-19T11:24:40', 'version' => '0.603' }, { 'date' => '2006-12-06T12:58:35', 'version' => '0.604' }, { 'date' => '2007-01-08T13:16:42', 'version' => '0.605' }, { 'date' => '2007-01-11T12:42:09', 'version' => '0.606' }, { 'date' => '2007-01-12T13:06:38', 'version' => '0.607' }, { 'date' => '2007-02-23T13:00:34', 'version' => '0.608' }, { 'date' => '2007-05-14T11:41:18', 'version' => '0.609' }, { 'date' => '2007-06-06T12:28:06', 'version' => '0.610' }, { 'date' => '2007-07-03T15:35:21', 'version' => '0.611' }, { 'date' => '2007-07-27T11:38:57', 'version' => '0.612' }, { 'date' => '2007-10-01T15:52:56', 'version' => '0.613' }, { 'date' => '2007-10-23T16:10:29', 'version' => '0.614' }, { 'date' => '2007-11-15T12:36:18', 'version' => '0.615' }, { 'date' => '2007-12-04T12:41:22', 'version' => '0.616' }, { 'date' => '2008-01-28T11:55:50', 'version' => '0.617' }, { 'date' => '2008-02-14T12:56:25', 'version' => '0.618' }, { 'date' => '2008-02-29T12:08:41', 'version' => '0.619' }, { 'date' => '2008-03-18T17:40:57', 'version' => '0.620' }, { 'date' => '2008-03-20T07:49:00', 'version' => '0.6201' }, { 'date' => '2008-04-04T11:38:49', 'version' => '0.621' }, { 'date' => '2008-04-25T16:23:31', 'version' => '0.622' }, { 'date' => '2008-05-19T11:47:46', 'version' => '0.623' }, { 'date' => '2008-07-25T11:35:07', 'version' => '0.624' }, { 'date' => '2008-07-30T12:02:43', 'version' => '0.625' }, { 'date' => '2008-09-22T12:20:00', 'version' => '0.626' }, { 'date' => '2008-09-23T11:05:58', 'version' => '0.627' }, { 'date' => '2008-09-29T12:35:05', 'version' => '0.628' }, { 'date' => '2008-10-13T15:09:27', 'version' => '0.629' }, { 'date' => '2008-10-21T11:59:27', 'version' => '0.630' }, { 'date' => '2008-11-10T14:37:44', 'version' => '0.631' }, { 'date' => '2008-12-16T13:32:26', 'version' => '0.632' }, { 'date' => '2008-12-23T15:36:48', 'version' => '0.633' }, { 'date' => '2009-03-05T13:06:32', 'version' => '0.634' }, { 'date' => '2009-04-20T12:21:46', 'version' => '0.635' }, { 'date' => '2009-05-30T16:19:54', 'version' => '0.636' }, { 'date' => '2009-06-23T12:07:41', 'version' => '0.637' }, { 'date' => '2009-06-30T11:31:35', 'version' => '0.638' }, { 'date' => '2009-09-08T11:35:25', 'version' => '0.639' }, { 'date' => '2009-09-09T16:10:41', 'version' => '0.640' }, { 'date' => '2010-01-20T17:30:14', 'version' => '0.641' }, { 'date' => '2010-01-21T17:17:34', 'version' => '0.642' }, { 'date' => '2010-02-25T13:04:52', 'version' => '0.643' }, { 'date' => '2010-03-12T15:24:45', 'version' => '0.644' }, { 'date' => '2010-03-28T14:53:46', 'version' => '1.001' }, { 'date' => '2010-04-22T12:22:00', 'version' => '1.202' }, { 'date' => '2010-06-03T11:09:45', 'version' => '1.203' }, { 'date' => '2010-06-03T11:20:09', 'version' => '1.204' }, { 'date' => '2010-06-07T16:04:03', 'version' => '1.205' }, { 'date' => '2010-08-13T10:53:09', 'version' => '1.206' }, { 'date' => '2010-09-14T16:14:40', 'version' => '1.207' }, { 'date' => '2010-09-16T11:46:11', 'version' => '1.208' }, { 'date' => '2010-09-20T12:29:12', 'version' => '1.209' }, { 'date' => '2010-09-30T16:34:27', 'version' => '1.210' }, { 'date' => '2010-10-08T10:46:45', 'version' => '1.211' }, { 'date' => '2010-10-15T11:08:52', 'version' => '1.212' }, { 'date' => '2010-10-19T12:29:03', 'version' => '1.213' }, { 'date' => '2010-10-19T15:17:01', 'version' => '1.214' }, { 'date' => '2010-10-19T15:28:56', 'version' => '1.215' }, { 'date' => '2010-10-26T12:16:51', 'version' => '1.216' }, { 'date' => '2010-10-30T12:44:11', 'version' => '1.217' }, { 'date' => '2010-11-05T11:53:14', 'version' => '1.218' }, { 'date' => '2010-11-09T13:20:51', 'version' => '1.219' }, { 'date' => '2010-11-10T08:41:22', 'version' => '1.220' }, { 'date' => '2010-11-21T17:40:10', 'version' => '1.221' }, { 'date' => '2010-11-22T14:01:55', 'version' => '1.222' }, { 'date' => '2010-11-28T17:34:03', 'version' => '1.223' }, { 'date' => '2010-12-06T13:18:53', 'version' => '1.224' }, { 'date' => '2010-12-07T08:01:43', 'version' => '1.225' }, { 'date' => '2010-12-08T18:48:08', 'version' => '1.226' }, { 'date' => '2011-01-07T18:12:45', 'version' => '1.227' }, { 'date' => '2011-01-09T12:27:15', 'version' => '1.228' }, { 'date' => '2011-01-10T19:57:53', 'version' => '1.229' }, { 'date' => '2011-01-20T16:47:27', 'version' => '1.230' }, { 'date' => '2011-01-30T11:30:23', 'version' => '1.231' }, { 'date' => '2011-01-30T13:51:34', 'version' => '1.232' }, { 'date' => '2011-02-11T12:25:32', 'version' => '1.233' }, { 'date' => '2011-02-21T17:11:22', 'version' => '1.234' }, { 'date' => '2011-03-01T13:06:28', 'version' => '1.235' }, { 'date' => '2011-04-01T14:09:03', 'version' => '1.236' }, { 'date' => '2011-04-04T12:57:04', 'version' => '1.237' }, { 'date' => '2011-04-05T14:45:45', 'version' => '1.238' }, { 'date' => '2011-04-05T17:40:17', 'version' => '1.240' }, { 'date' => '2011-04-07T18:09:49', 'version' => '1.241' }, { 'date' => '2011-04-25T15:28:14', 'version' => '1.242' }, { 'date' => '2011-05-02T12:33:33', 'version' => '1.243' }, { 'date' => '2011-05-16T15:52:46', 'version' => '1.244' }, { 'date' => '2011-06-17T12:10:22', 'version' => '1.245' }, { 'date' => '2011-06-20T12:32:24', 'version' => '1.246' }, { 'date' => '2011-06-27T14:14:52', 'version' => '1.247' }, { 'date' => '2011-07-05T15:48:52', 'version' => '1.248' }, { 'date' => '2011-07-12T09:54:39', 'version' => '1.249' }, { 'date' => '2011-07-22T12:40:47', 'version' => '1.250' }, { 'date' => '2011-08-30T12:16:32', 'version' => '1.251' }, { 'date' => '2011-09-01T16:06:19', 'version' => '1.252' }, { 'date' => '2011-09-02T16:03:35', 'version' => '1.253' }, { 'date' => '2011-09-04T15:21:52', 'version' => '1.254' }, { 'date' => '2011-09-15T15:23:39', 'version' => '1.255' }, { 'date' => '2011-09-16T12:28:51', 'version' => '1.256' }, { 'date' => '2011-09-23T10:52:00', 'version' => '1.257' }, { 'date' => '2011-10-14T14:45:06', 'version' => '1.258' }, { 'date' => '2011-10-16T10:17:53', 'version' => '1.259' }, { 'date' => '2011-10-28T13:28:02', 'version' => '1.260' }, { 'date' => '2011-11-18T17:02:26', 'version' => '1.261' }, { 'date' => '2011-11-19T11:55:30', 'version' => '1.262' }, { 'date' => '2011-11-29T15:43:38', 'version' => '1.263' }, { 'date' => '2011-11-30T07:50:25', 'version' => '1.264' }, { 'date' => '2011-12-06T18:26:54', 'version' => '1.265' }, { 'date' => '2012-02-06T11:55:29', 'version' => '2.001' }, { 'date' => '2012-02-08T09:49:49', 'version' => '2.002' }, { 'date' => '2012-02-08T13:14:22', 'version' => '2.003' }, { 'date' => '2012-02-09T11:28:18', 'version' => '2.004' }, { 'date' => '2012-02-23T18:25:32', 'version' => '2.005' }, { 'date' => '2012-02-25T11:30:41', 'version' => '2.006' }, { 'date' => '2012-02-26T16:34:50', 'version' => '2.007' }, { 'date' => '2012-03-01T12:40:23', 'version' => '2.008' }, { 'date' => '2012-03-13T13:11:49', 'version' => '2.009' }, { 'date' => '2012-03-13T13:15:03', 'version' => '2.010' }, { 'date' => '2012-03-19T21:41:44', 'version' => '2.011' }, { 'date' => '2012-04-05T11:41:54', 'version' => '2.012' }, { 'date' => '2012-04-06T12:10:46', 'version' => '2.013' }, { 'date' => '2012-05-04T13:57:13', 'version' => '2.014' }, { 'date' => '2012-05-14T10:06:13', 'version' => '2.015' }, { 'date' => '2012-05-20T08:38:36', 'version' => '2.016' }, { 'date' => '2012-05-21T10:56:35', 'version' => '2.017' }, { 'date' => '2012-05-29T13:53:06', 'version' => '2.018' }, { 'date' => '2012-06-05T12:34:15', 'version' => '2.019' }, { 'date' => '2012-06-18T08:34:26', 'version' => '2.020' }, { 'date' => '2012-06-27T14:44:55', 'version' => '2.021_01' }, { 'date' => '2012-06-28T15:30:52', 'version' => '2.021' }, { 'date' => '2012-07-03T14:47:31', 'version' => '2.022' }, { 'date' => '2012-07-04T13:50:37', 'version' => '2.023' }, { 'date' => '2012-09-04T11:30:02', 'version' => '2.024' }, { 'date' => '2012-09-10T10:52:02', 'version' => '2.025' }, { 'date' => '2012-09-20T17:12:09', 'version' => '2.026_1' }, { 'date' => '2012-09-21T10:38:47', 'version' => '2.026_2' }, { 'date' => '2012-09-27T11:53:42', 'version' => '2.026' }, { 'date' => '2012-10-30T12:48:16', 'version' => '2.027' }, { 'date' => '2012-11-27T12:44:55', 'version' => '2.028' }, { 'date' => '2012-11-28T13:31:04', 'version' => '2.029' }, { 'date' => '2013-02-27T18:37:05', 'version' => '2.030_01' }, { 'date' => '2013-03-23T09:47:53', 'version' => '2.030' }, { 'date' => '2013-04-03T17:22:28', 'version' => '2.031' }, { 'date' => '2013-04-15T11:28:33', 'version' => '2.032' }, { 'date' => '2013-04-15T19:27:14', 'version' => '2.033' }, { 'date' => '2013-04-17T19:29:52', 'version' => '2.034' }, { 'date' => '2013-04-27T15:05:09', 'version' => '2.035' }, { 'date' => '2013-05-25T17:53:04', 'version' => '2.036' }, { 'date' => '2013-06-15T17:46:45', 'version' => '2.037' }, { 'date' => '2013-07-03T19:30:32', 'version' => '2.038' }, { 'date' => '2013-07-18T18:12:07', 'version' => '2.039' }, { 'date' => '2013-07-20T09:46:11', 'version' => '2.040' }, { 'date' => '2013-08-14T17:58:40', 'version' => '2.041' }, { 'date' => '2013-09-15T17:41:45', 'version' => '2.042' }, { 'date' => '2013-09-20T17:35:06', 'version' => '2.043' }, { 'date' => '2013-10-13T16:02:40', 'version' => '2.044' }, { 'date' => '2013-10-18T17:48:15', 'version' => '2.045' }, { 'date' => '2013-12-15T13:07:37', 'version' => '2.046' }, { 'date' => '2014-01-25T15:54:37', 'version' => '2.047' }, { 'date' => '2014-02-23T18:02:19', 'version' => '2.048' }, { 'date' => '2014-02-26T19:45:44', 'version' => '2.049' }, { 'date' => '2014-02-27T18:12:32', 'version' => '2.050' }, { 'date' => '2014-03-06T18:23:11', 'version' => '2.051' }, { 'date' => '2014-03-23T16:20:43', 'version' => '2.052' }, { 'date' => '2014-03-25T19:11:57', 'version' => '2.053' }, { 'date' => '2014-04-01T17:51:50', 'version' => '2.054' }, { 'date' => '2014-05-02T11:33:28', 'version' => '2.055' }, { 'date' => '2014-05-18T19:34:53', 'version' => '2.056' }, { 'date' => '2014-06-12T19:32:47', 'version' => '2.057' }, { 'date' => '2014-06-19T19:43:18', 'version' => '2.058' }, { 'date' => '2014-06-29T15:08:02', 'version' => '2.059' }, { 'date' => '2014-08-19T12:43:59', 'version' => '2.060' }, { 'date' => '2014-09-23T19:21:04', 'version' => '2.061' }, { 'date' => '2014-11-23T19:45:05', 'version' => '2.062' }, { 'date' => '2014-11-28T17:55:21', 'version' => '2.063' }, { 'date' => '2014-12-04T18:47:05', 'version' => '2.064' }, { 'date' => '2015-01-06T20:16:15', 'version' => '2.065' }, { 'date' => '2015-02-15T16:13:00', 'version' => '2.066' }, { 'date' => '2015-03-01T18:38:28', 'version' => '2.067' }, { 'date' => '2015-03-29T13:39:56', 'version' => '2.068' }, { 'date' => '2015-04-25T19:29:15', 'version' => '2.069' }, { 'date' => '2015-05-03T14:00:52', 'version' => '2.070' }, { 'date' => '2015-05-23T11:15:16', 'version' => '2.071' }, { 'date' => '2015-07-18T19:31:43', 'version' => '2.072' }, { 'date' => '2015-07-19T07:35:51', 'version' => '2.073' }, { 'date' => '2015-09-30T18:56:39', 'version' => '2.074' }, { 'date' => '2015-11-22T20:11:19', 'version' => '2.075' }, { 'date' => '2016-01-14T18:13:20', 'version' => '2.076' }, { 'date' => '2016-01-20T19:55:36', 'version' => '2.077' }, { 'date' => '2016-01-24T18:48:46', 'version' => '2.078' }, { 'date' => '2016-02-12T20:44:28', 'version' => '2.079' }, { 'date' => '2016-02-27T17:59:55', 'version' => '2.080' }, { 'date' => '2016-02-29T19:01:45', 'version' => '2.081' }, { 'date' => '2016-03-29T18:22:30', 'version' => '2.082' }, { 'date' => '2016-04-20T18:32:29', 'version' => '2.083' }, { 'date' => '2016-05-26T17:35:53', 'version' => '2.084' }, { 'date' => '2016-05-29T17:13:14', 'version' => '2.085' }, { 'date' => '2016-06-04T19:28:08', 'version' => '2.086' }, { 'date' => '2016-06-29T17:35:35', 'version' => '2.087' }, { 'date' => '2016-07-09T18:06:03', 'version' => '2.088' }, { 'date' => '2016-09-04T13:17:52', 'version' => '2.089' }, { 'date' => '2016-09-10T16:07:07', 'version' => '2.090' }, { 'date' => '2016-09-13T17:05:56', 'version' => '2.091' }, { 'date' => '2016-09-23T17:46:04', 'version' => '2.092' }, { 'date' => '2016-11-08T18:33:39', 'version' => '2.093' }, { 'date' => '2016-11-09T18:23:05', 'version' => '2.094' }, { 'date' => '2016-12-06T18:01:00', 'version' => '2.095' }, { 'date' => '2016-12-11T20:28:14', 'version' => '2.096' }, { 'date' => '2016-12-22T17:35:34', 'version' => '2.097' }, { 'date' => '2017-02-26T18:58:23', 'version' => '2.098' }, { 'date' => '2017-03-05T17:09:37', 'version' => '2.099' }, { 'date' => '2017-03-18T12:06:34', 'version' => '2.100' }, { 'date' => '2017-04-28T17:40:56', 'version' => '2.101' }, { 'date' => '2017-05-14T19:10:40', 'version' => '2.102' }, { 'date' => '2017-05-25T08:15:17', 'version' => '2.103' }, { 'date' => '2017-06-03T13:23:33', 'version' => '2.104' }, { 'date' => '2017-06-09T17:26:55', 'version' => '2.105' }, { 'date' => '2017-07-16T14:07:23', 'version' => '2.106' }, { 'date' => '2017-08-30T19:12:10', 'version' => '2.107' }, { 'date' => '2017-08-31T17:23:43', 'version' => '2.108' }, { 'date' => '2017-09-18T17:52:57', 'version' => '2.109' }, { 'date' => '2017-09-21T19:12:32', 'version' => '2.110' }, { 'date' => '2017-09-22T18:41:04', 'version' => '2.111' }, { 'date' => '2017-10-01T09:12:45', 'version' => '2.112' }, { 'date' => '2017-10-12T19:07:46', 'version' => '2.113' }, { 'date' => '2017-11-11T16:35:03', 'version' => '2.114' }, { 'date' => '2017-12-14T18:03:18', 'version' => '2.115' }, { 'date' => '2017-12-16T09:52:09', 'version' => '2.116' }, { 'date' => '2018-02-03T18:09:35', 'version' => '2.117' }, { 'date' => '2018-03-26T18:33:19', 'version' => '2.118' }, { 'date' => '2018-04-02T16:55:50', 'version' => '2.119' }, { 'date' => '2018-04-08T07:56:03', 'version' => '2.120' }, { 'date' => '2018-04-15T17:08:18', 'version' => '2.121' }, { 'date' => '2018-04-17T17:20:14', 'version' => '2.122' }, { 'date' => '2018-05-01T17:18:09', 'version' => '2.123' }, { 'date' => '2018-06-09T17:16:59', 'version' => '2.124' }, { 'date' => '2018-06-24T12:47:24', 'version' => '2.125' }, { 'date' => '2018-08-20T13:10:09', 'version' => '2.126' }, { 'date' => '2018-09-30T16:44:13', 'version' => '2.127' }, { 'date' => '2018-11-21T19:33:41', 'version' => '2.128' }, { 'date' => '2018-12-05T18:44:58', 'version' => '2.129' }, { 'date' => '2018-12-07T19:02:10', 'version' => '2.130' }, { 'date' => '2018-12-16T18:32:58', 'version' => '2.131' }, { 'date' => '2018-12-22T17:50:27', 'version' => '2.132' }, { 'date' => '2019-01-13T20:17:07', 'version' => '2.133' }, { 'date' => '2019-05-05T10:51:38', 'version' => '2.134' }, { 'date' => '2019-06-05T17:21:24', 'version' => '2.135' }, { 'date' => '2019-07-29T15:44:09', 'version' => '2.136' }, { 'date' => '2019-12-01T17:32:00', 'version' => '2.137' }, { 'date' => '2019-12-27T14:43:21', 'version' => '2.138' }, { 'date' => '2020-07-18T14:38:14', 'version' => '2.139' }, { 'date' => '2020-07-31T08:24:37', 'version' => '2.140' }, { 'date' => '2021-01-17T18:04:01', 'version' => '2.141' }, { 'date' => '2021-04-07T17:08:47', 'version' => '2.142' }, { 'date' => '2021-10-31T17:28:44', 'version' => '2.143' }, { 'date' => '2021-11-04T17:26:40', 'version' => '2.144' }, { 'date' => '2021-11-06T18:23:25', 'version' => '2.145' }, { 'date' => '2021-11-28T18:13:47', 'version' => '2.146' }, { 'date' => '2021-11-29T18:42:25', 'version' => '2.147' }, { 'date' => '2022-01-09T15:02:17', 'version' => '2.148' }, { 'date' => '2022-01-13T16:42:50', 'version' => '2.149' }, { 'date' => '2022-05-08T15:10:12', 'version' => '2.150' }, { 'date' => '2022-07-26T14:32:41', 'version' => '2.151' }, { 'date' => '2022-07-28T08:07:07', 'version' => '2.152' }, { 'date' => '2023-07-14T14:05:14', 'version' => '2.153' }, { 'date' => '2023-07-14T17:35:53', 'version' => '2.153' } ] }, 'Convert-ASN1' => { 'advisories' => [ { 'affected_versions' => '<0.27', 'cves' => [ 'CVE-2013-7488' ], 'description' => 'perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. ', 'distribution' => 'Convert-ASN1', 'fixed_versions' => undef, 'id' => 'CPANSA-Convert-ASN1-2013-7488', 'references' => [ 'https://github.com/gbarr/perl-Convert-ASN1/issues/14', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONNQSW4SSKMG5RUEFZJZA5T5R2WXEGQF/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6V3PJEQOT47ZO77263XPGS3Y3AJROI4X/' ], 'reported' => '2020-04-07', 'severity' => 'high' } ], 'main_module' => 'Convert::ASN1', 'versions' => [ { 'date' => '2000-04-03T21:52:45', 'version' => '0.04' }, { 'date' => '2000-05-12T10:14:51', 'version' => '0.05' }, { 'date' => '2000-05-22T11:08:54', 'version' => '0.06' }, { 'date' => '2000-05-30T14:31:54', 'version' => '0.07' }, { 'date' => '2001-02-05T22:44:53', 'version' => '0.08' }, { 'date' => '2001-04-19T23:07:25', 'version' => '0.09' }, { 'date' => '2001-04-20T06:40:05', 'version' => '0.10' }, { 'date' => '2001-06-11T13:37:41', 'version' => '0.11' }, { 'date' => '2001-07-31T17:11:59', 'version' => '0.12' }, { 'date' => '2001-08-26T07:23:52', 'version' => '0.13' }, { 'date' => '2001-09-10T18:07:31', 'version' => '0.14' }, { 'date' => '2002-01-22T11:33:25', 'version' => '0.15' }, { 'date' => '2002-08-20T00:05:24', 'version' => '0.16' }, { 'date' => '2003-05-12T17:52:00', 'version' => '0.17' }, { 'date' => '2003-10-08T14:31:56', 'version' => '0.18' }, { 'date' => '2005-04-19T00:51:07', 'version' => '0.19' }, { 'date' => '2006-02-22T01:29:15', 'version' => '0.20' }, { 'date' => '2007-02-03T02:50:32', 'version' => '0.21' }, { 'date' => '2008-09-15T19:39:08', 'version' => '0.22' }, { 'date' => '2012-05-03T21:33:29', 'version' => '0.23' }, { 'date' => '2012-06-04T22:12:03', 'version' => '0.24' }, { 'date' => '2012-06-09T00:32:31', 'version' => '0.25' }, { 'date' => '2012-06-09T18:31:05', 'version' => '0.26' }, { 'date' => '2014-06-25T18:49:11', 'version' => '0.27' }, { 'date' => '2021-05-23T21:05:04', 'version' => '0.28' }, { 'date' => '2021-05-24T21:29:37', 'version' => '0.29' }, { 'date' => '2021-05-30T00:58:54', 'version' => '0.30' }, { 'date' => '2021-06-03T01:30:40', 'version' => '0.31' }, { 'date' => '2021-09-21T21:46:25', 'version' => '0.32' }, { 'date' => '2021-09-22T22:51:23', 'version' => '0.33' }, { 'date' => '2023-08-07T22:47:22', 'version' => '0.34' } ] }, 'Convert-UUlib' => { 'advisories' => [ { 'affected_versions' => '<1.051', 'cves' => [ 'CVE-2005-1349' ], 'description' => 'Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. ', 'distribution' => 'Convert-UUlib', 'fixed_versions' => undef, 'id' => 'CPANSA-Convert-UUlib-2005-1349', 'references' => [ 'http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml', 'http://secunia.com/advisories/15130', 'http://www.securityfocus.com/bid/13401', 'http://www.mandriva.com/security/advisories?name=MDKSA-2006:022', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/20275' ], 'reported' => '2005-05-02', 'severity' => undef } ], 'main_module' => 'Convert::UUlib', 'versions' => [ { 'date' => '1999-05-08T20:44:28', 'version' => '0.03' }, { 'date' => '1999-05-25T19:26:16', 'version' => '0.05' }, { 'date' => '1999-07-29T21:35:05', 'version' => '0.06' }, { 'date' => '2000-07-16T20:52:56', 'version' => '0.11' }, { 'date' => '2001-05-04T21:14:40', 'version' => '0.111' }, { 'date' => '2001-06-14T16:49:29', 'version' => '0.2' }, { 'date' => '2001-09-16T01:45:11', 'version' => '0.201' }, { 'date' => '2002-03-31T22:10:15', 'version' => '0.21' }, { 'date' => '2002-03-31T22:52:00', 'version' => '0.21' }, { 'date' => '2002-04-05T22:18:55', 'version' => '0.211' }, { 'date' => '2002-04-06T02:39:32', 'version' => '0.212' }, { 'date' => '2002-07-27T19:20:26', 'version' => '0.213' }, { 'date' => '2002-10-13T18:14:28', 'version' => '0.3' }, { 'date' => '2002-10-15T23:26:09', 'version' => '0.31' }, { 'date' => '2003-11-24T16:10:49', 'version' => '1.0' }, { 'date' => '2004-03-16T20:05:14', 'version' => '1.01' }, { 'date' => '2004-04-18T14:51:27', 'version' => '1.02' }, { 'date' => '2004-04-18T20:16:15', 'version' => '1.03' }, { 'date' => '2004-12-28T14:12:40', 'version' => '1.04' }, { 'date' => '2005-03-03T17:52:16', 'version' => '1.051' }, { 'date' => '2005-12-05T23:58:50', 'version' => '1.06' }, { 'date' => '2006-12-10T16:45:11', 'version' => '1.07' }, { 'date' => '2006-12-16T22:31:30', 'version' => '1.08' }, { 'date' => '2007-05-25T17:40:35', 'version' => '1.09' }, { 'date' => '2008-06-13T13:27:38', 'version' => '1.10' }, { 'date' => '2008-06-13T13:34:18', 'version' => '1.11' }, { 'date' => '2008-10-13T12:13:26', 'version' => '1.12' }, { 'date' => '2009-08-28T23:26:34', 'version' => '1.3' }, { 'date' => '2009-09-16T07:05:05', 'version' => '1.31' }, { 'date' => '2009-09-16T18:10:46', 'version' => '1.32' }, { 'date' => '2009-10-28T08:05:40', 'version' => '1.33' }, { 'date' => '2010-12-14T21:21:33', 'version' => '1.34' }, { 'date' => '2011-05-29T15:23:57', 'version' => '1.4' }, { 'date' => '2015-07-11T01:57:19', 'version' => '1.5' }, { 'date' => '2019-10-24T15:19:15', 'version' => '1.6' }, { 'date' => '2020-02-17T22:21:21', 'version' => '1.62' }, { 'date' => '2020-02-29T21:09:26', 'version' => '1.7' }, { 'date' => '2020-03-16T23:54:43', 'version' => '1.71' }, { 'date' => '2020-12-17T01:25:02', 'version' => '1.8' } ] }, 'Cpanel-JSON-XS' => { 'advisories' => [ { 'affected_versions' => '<3.0225', 'cves' => [], 'description' => 'Overflow during processing of ill-formed UTF-8 strings. ', 'distribution' => 'Cpanel-JSON-XS', 'fixed_versions' => '>=3.0225', 'id' => 'CPANSA-Cpanel-JSON-XS-2016-02', 'references' => [ 'https://metacpan.org/changes/distribution/Cpanel-JSON-XS', 'https://github.com/rurban/Cpanel-JSON-XS/commit/f71768984ba7f50b0476c17a4f3b3f2ca88a6951', 'https://github.com/dankogai/p5-encode/issues/64' ], 'reported' => '2016-11-23' }, { 'affected_versions' => '<3.0218', 'cves' => [], 'description' => 'Possible overflows in av and hv length types. ', 'distribution' => 'Cpanel-JSON-XS', 'fixed_versions' => '>=3.0218', 'id' => 'CPANSA-Cpanel-JSON-XS-2016-01', 'references' => [ 'https://metacpan.org/changes/distribution/Cpanel-JSON-XS', 'https://github.com/rurban/Cpanel-JSON-XS/commit/6554531b39fac236321d8601d35eaaa75ae45e20' ], 'reported' => '2016-10-06' }, { 'affected_versions' => '<4.033', 'cves' => [ 'CVE-2022-48623' ], 'description' => 'Wrong error messages/sometimes crashes or endless loops with invalid JSON in relaxed mode ', 'distribution' => 'Cpanel-JSON-XS', 'fixed_versions' => '>=4.033', 'github_advisory_database' => 'https://github.com/advisories/GHSA-44qr-8pf6-6q33', 'id' => 'CPANSA-Cpanel-JSON-XS-2023-01', 'references' => [ 'https://metacpan.org/changes/distribution/Cpanel-JSON-XS', 'https://github.com/rurban/Cpanel-JSON-XS/issues/208', 'https://metacpan.org/release/RURBAN/Cpanel-JSON-XS-4.33/changes', 'https://nvd.nist.gov/vuln/detail/CVE-2022-48623', 'https://github.com/rurban/Cpanel-JSON-XS/commit/41f32396eee9395a40f9ed80145c37622560de9b', 'https://github.com/advisories/GHSA-44qr-8pf6-6q33' ], 'reported' => '2023-02-21' } ], 'main_module' => 'Cpanel::JSON::XS', 'versions' => [ { 'date' => '2013-03-01T00:52:41', 'version' => '2.33_03' }, { 'date' => '2013-03-01T22:07:06', 'version' => '2.33_04' }, { 'date' => '2013-03-27T16:53:34', 'version' => '2.3305' }, { 'date' => '2013-03-27T17:17:51', 'version' => '2.3306' }, { 'date' => '2013-03-27T22:58:47', 'version' => '2.3307' }, { 'date' => '2013-03-28T14:28:56', 'version' => '2.3308' }, { 'date' => '2013-03-28T15:12:42', 'version' => '2.3309' }, { 'date' => '2013-03-28T17:33:21', 'version' => '2.3310' }, { 'date' => '2013-06-26T16:24:40', 'version' => '2.3313' }, { 'date' => '2013-09-09T05:54:40', 'version' => '2.3314' }, { 'date' => '2013-10-02T20:06:47', 'version' => '2.3401' }, { 'date' => '2013-11-02T14:42:20', 'version' => '2.3402' }, { 'date' => '2013-11-02T15:17:41', 'version' => '2.3403' }, { 'date' => '2014-01-30T15:58:58', 'version' => '2.3404' }, { 'date' => '2014-04-15T21:17:11', 'version' => '3.0101' }, { 'date' => '2014-04-17T18:37:34', 'version' => '3.0102' }, { 'date' => '2014-04-21T17:49:09', 'version' => '3.0103' }, { 'date' => '2014-04-26T16:04:39', 'version' => '3.0104' }, { 'date' => '2014-11-06T10:38:31', 'version' => '3.0105' }, { 'date' => '2014-11-11T21:57:49', 'version' => '3.0106' }, { 'date' => '2014-11-28T12:16:29', 'version' => '3.0107' }, { 'date' => '2014-12-11T17:02:07', 'version' => '3.0108' }, { 'date' => '2014-12-12T10:24:33', 'version' => '3.0109' }, { 'date' => '2014-12-12T22:35:37', 'version' => '3.0110' }, { 'date' => '2014-12-13T18:40:06', 'version' => '3.0111' }, { 'date' => '2014-12-14T16:34:01', 'version' => '3.0112' }, { 'date' => '2014-12-15T12:23:32', 'version' => '3.0113' }, { 'date' => '2015-01-04T14:06:03', 'version' => '3.0114' }, { 'date' => '2015-01-31T21:42:51', 'version' => '3.0115' }, { 'date' => '2015-11-26T08:58:33', 'version' => '3.0201' }, { 'date' => '2015-11-26T13:16:40', 'version' => '3.0202' }, { 'date' => '2015-11-26T13:42:02', 'version' => '3.0203' }, { 'date' => '2015-11-26T22:30:26', 'version' => '3.0204' }, { 'date' => '2015-11-29T14:09:00', 'version' => '3.0205' }, { 'date' => '2015-11-30T16:16:48', 'version' => '3.0206' }, { 'date' => '2015-12-02T16:34:35', 'version' => '3.0207' }, { 'date' => '2015-12-02T22:46:58', 'version' => '3.0208' }, { 'date' => '2015-12-03T09:45:04', 'version' => '3.0209' }, { 'date' => '2015-12-03T11:59:24', 'version' => '3.0210' }, { 'date' => '2016-01-10T17:38:25', 'version' => '3.0211' }, { 'date' => '2016-02-27T13:30:04', 'version' => '3.0212' }, { 'date' => '2016-03-02T10:28:37', 'version' => '3.0213' }, { 'date' => '2016-04-12T08:40:05', 'version' => '3.0213_01' }, { 'date' => '2016-04-13T10:40:03', 'version' => '3.0213_02' }, { 'date' => '2016-06-02T16:18:51', 'version' => '3.0214' }, { 'date' => '2016-06-06T13:28:49', 'version' => '3.0215' }, { 'date' => '2016-06-12T12:14:20', 'version' => '3.0216' }, { 'date' => '2016-06-18T09:59:27', 'version' => '3.0217' }, { 'date' => '2016-10-04T10:11:33', 'version' => '3.0217_01' }, { 'date' => '2016-10-04T14:47:29', 'version' => '3.0217_02' }, { 'date' => '2016-10-06T08:46:17', 'version' => '3.0217_03' }, { 'date' => '2016-10-07T12:11:03', 'version' => '3.0217_04' }, { 'date' => '2016-10-07T17:22:48', 'version' => '3.0217_05' }, { 'date' => '2016-10-08T08:01:50', 'version' => '3.0217_06' }, { 'date' => '2016-10-13T12:47:31', 'version' => '3.0218' }, { 'date' => '2016-10-26T11:45:35', 'version' => '3.0219' }, { 'date' => '2016-10-28T08:34:28', 'version' => '3.0220' }, { 'date' => '2016-10-30T12:27:36', 'version' => '3.0221' }, { 'date' => '2016-10-30T15:04:32', 'version' => '3.0222' }, { 'date' => '2016-11-16T11:47:38', 'version' => '3.0223' }, { 'date' => '2016-11-20T11:31:34', 'version' => '3.0224' }, { 'date' => '2016-11-23T18:43:00', 'version' => '3.0225' }, { 'date' => '2017-02-11T13:24:48', 'version' => '3.0226' }, { 'date' => '2017-02-13T10:57:06', 'version' => '3.0227' }, { 'date' => '2017-03-07T23:57:39', 'version' => '3.0228' }, { 'date' => '2017-03-10T14:08:07', 'version' => '3.0229' }, { 'date' => '2017-03-12T09:52:13', 'version' => '3.0230' }, { 'date' => '2017-03-29T09:51:51', 'version' => '3.0231' }, { 'date' => '2017-05-01T05:35:12', 'version' => '3.0232' }, { 'date' => '2017-05-01T14:54:56', 'version' => '3.0233' }, { 'date' => '2017-07-27T15:43:41', 'version' => '3.0234' }, { 'date' => '2017-07-27T16:21:47', 'version' => '3.0235' }, { 'date' => '2017-07-27T20:15:25', 'version' => '3.0236' }, { 'date' => '2017-07-28T11:15:05', 'version' => '3.0237' }, { 'date' => '2017-08-25T20:53:56', 'version' => '3.0238' }, { 'date' => '2017-08-28T20:48:37', 'version' => '3.0239' }, { 'date' => '2018-01-30T11:52:27', 'version' => '3.99_01' }, { 'date' => '2018-01-31T12:58:24', 'version' => '3.99_02' }, { 'date' => '2018-01-31T17:18:58', 'version' => '3.99_03' }, { 'date' => '2018-02-02T01:57:54', 'version' => '4.00' }, { 'date' => '2018-02-03T11:50:36', 'version' => '4.01' }, { 'date' => '2018-02-27T16:08:55', 'version' => '4.02' }, { 'date' => '2018-06-21T11:16:14', 'version' => '4.03' }, { 'date' => '2018-06-22T17:37:07', 'version' => '4.04' }, { 'date' => '2018-08-19T16:55:22', 'version' => '4.05' }, { 'date' => '2018-08-23T07:50:22', 'version' => '4.06' }, { 'date' => '2018-11-02T09:51:34', 'version' => '4.07' }, { 'date' => '2018-11-28T14:26:40', 'version' => '4.08' }, { 'date' => '2019-02-15T10:09:53', 'version' => '4.09' }, { 'date' => '2019-03-18T07:50:15', 'version' => '4.10' }, { 'date' => '2019-03-26T16:46:53', 'version' => '4.11' }, { 'date' => '2019-06-11T08:04:04', 'version' => '4.12' }, { 'date' => '2019-10-14T14:14:37', 'version' => '4.13' }, { 'date' => '2019-10-15T15:16:21', 'version' => '4.14' }, { 'date' => '2019-10-22T07:01:03', 'version' => '4.15' }, { 'date' => '2019-11-04T15:51:01', 'version' => '4.16' }, { 'date' => '2019-11-05T13:48:29', 'version' => '4.17' }, { 'date' => '2019-12-13T15:54:58', 'version' => '4.18' }, { 'date' => '2020-02-06T15:07:47', 'version' => '4.19' }, { 'date' => '2020-08-12T12:18:46', 'version' => '4.20' }, { 'date' => '2020-08-13T06:56:18', 'version' => '4.21' }, { 'date' => '2020-09-04T19:26:28', 'version' => '4.22' }, { 'date' => '2020-09-05T10:21:25', 'version' => '4.23' }, { 'date' => '2020-10-02T09:05:37', 'version' => '4.24' }, { 'date' => '2020-10-28T07:04:49', 'version' => '4.25' }, { 'date' => '2021-04-12T06:34:32', 'version' => '4.26' }, { 'date' => '2021-10-14T19:19:01', 'version' => '4.27' }, { 'date' => '2022-05-05T14:46:07', 'version' => '4.28' }, { 'date' => '2022-05-27T15:32:51', 'version' => '4.29' }, { 'date' => '2022-06-16T19:19:38', 'version' => '4.30' }, { 'date' => '2022-08-10T14:25:08', 'version' => '4.31' }, { 'date' => '2022-08-13T07:13:40', 'version' => '4.32' }, { 'date' => '2023-02-21T16:34:10', 'version' => '4.33' }, { 'date' => '2023-02-21T18:39:09', 'version' => '4.34' }, { 'date' => '2023-02-22T15:40:53', 'version' => '4.35' }, { 'date' => '2023-03-02T15:11:52', 'version' => '4.36' }, { 'date' => '2023-07-04T10:35:53', 'version' => '4.37' } ] }, 'Crypt-CBC' => { 'advisories' => [ { 'affected_versions' => '<2.17', 'cves' => [ 'CVE-2006-0898' ], 'description' => 'Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael. ', 'distribution' => 'Crypt-CBC', 'fixed_versions' => '>=2.17', 'id' => 'CPANSA-Crypt-CBC-2006-0898', 'references' => [ 'https://metacpan.org/changes/distribution/Crypt-CBC', 'http://www.securityfocus.com/bid/16802', 'http://secunia.com/advisories/18755', 'http://www.debian.org/security/2006/dsa-996', 'http://secunia.com/advisories/19187', 'http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml', 'http://secunia.com/advisories/19303', 'http://www.novell.com/linux/security/advisories/2006_38_security.html', 'http://secunia.com/advisories/20899', 'http://securityreason.com/securityalert/488', 'http://www.redhat.com/support/errata/RHSA-2008-0261.html', 'http://secunia.com/advisories/31493', 'http://rhn.redhat.com/errata/RHSA-2008-0630.html', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/24954', 'http://www.securityfocus.com/archive/1/425966/100/0/threaded' ], 'reported' => '2006-02-25', 'severity' => undef } ], 'main_module' => 'Crypt::CBC', 'versions' => [ { 'date' => '1998-06-19T19:48:52', 'version' => '1.00' }, { 'date' => '1998-09-22T18:30:35', 'version' => '1.10' }, { 'date' => '1998-12-20T23:36:49', 'version' => '1.20' }, { 'date' => '2000-01-27T00:27:56', 'version' => '1.22' }, { 'date' => '2000-02-22T15:20:56', 'version' => '1.23' }, { 'date' => '2000-06-07T18:55:59', 'version' => '1.24' }, { 'date' => '2000-06-08T15:59:07', 'version' => '1.25' }, { 'date' => '2001-12-10T17:16:25', 'version' => '2.01' }, { 'date' => '2002-01-24T05:30:16', 'version' => '2.02' }, { 'date' => '2002-06-02T18:40:15', 'version' => '2.03' }, { 'date' => '2002-06-12T02:20:51', 'version' => '2.04' }, { 'date' => '2002-06-22T13:02:09', 'version' => '2.05' }, { 'date' => '2002-08-08T18:47:49', 'version' => '2.07' }, { 'date' => '2002-09-11T12:17:23', 'version' => '2.08' }, { 'date' => '2004-05-27T15:20:52', 'version' => '2.09' }, { 'date' => '2004-05-29T17:29:19', 'version' => '2.10' }, { 'date' => '2004-06-03T16:22:32', 'version' => '2.11' }, { 'date' => '2004-06-17T15:55:19', 'version' => '2.11' }, { 'date' => '2005-05-05T20:11:50', 'version' => '2.14' }, { 'date' => '2005-08-01T14:02:45', 'version' => '2.15' }, { 'date' => '2006-02-16T14:08:57', 'version' => '2.17' }, { 'date' => '2006-06-06T23:22:02', 'version' => '2.18' }, { 'date' => '2006-08-12T19:52:11', 'version' => '2.19' }, { 'date' => '2006-10-16T23:40:13', 'version' => '2.21' }, { 'date' => '2006-10-29T21:55:34', 'version' => '2.22' }, { 'date' => '2007-09-28T15:25:53', 'version' => '2.24' }, { 'date' => '2008-03-28T14:17:29', 'version' => '2.27' }, { 'date' => '2008-03-31T14:56:52', 'version' => '2.28' }, { 'date' => '2008-04-22T14:27:07', 'version' => '2.29' }, { 'date' => '2008-09-30T15:17:58', 'version' => '2.30' }, { 'date' => '2012-10-30T11:08:06', 'version' => '2.31' }, { 'date' => '2012-12-14T19:30:14', 'version' => '2.32' }, { 'date' => '2013-07-30T20:03:53', 'version' => '2.33' }, { 'date' => '2021-02-07T15:30:51', 'version' => '3.00' }, { 'date' => '2021-02-08T21:38:16', 'version' => '3.01' }, { 'date' => '2021-04-11T22:16:48', 'version' => '3.02' }, { 'date' => '2021-04-19T02:59:12', 'version' => '3.03' }, { 'date' => '2021-05-17T15:03:53', 'version' => '3.04' } ] }, 'Crypt-DSA' => { 'advisories' => [ { 'affected_versions' => '<=1.17', 'cves' => [ 'CVE-2011-3599' ], 'description' => 'The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack. ', 'distribution' => 'Crypt-DSA', 'fixed_versions' => undef, 'id' => 'CPANSA-Crypt-DSA-2011-3599', 'references' => [ 'https://rt.cpan.org/Public/Bug/Display.html?id=71421', 'https://bugzilla.redhat.com/show_bug.cgi?id=743567', 'http://www.openwall.com/lists/oss-security/2011/10/05/9', 'http://www.openwall.com/lists/oss-security/2011/10/05/5', 'http://secunia.com/advisories/46275', 'http://www.securityfocus.com/bid/49928', 'http://osvdb.org/76025' ], 'reported' => '2011-10-10', 'severity' => undef } ], 'main_module' => 'Crypt::DSA', 'versions' => [ { 'date' => '2001-03-24T01:21:08', 'version' => '0.02' }, { 'date' => '2001-04-07T07:44:41', 'version' => '0.03' }, { 'date' => '2001-04-23T00:09:38', 'version' => '0.10' }, { 'date' => '2001-05-02T23:26:09', 'version' => '0.11' }, { 'date' => '2001-05-04T06:12:08', 'version' => '0.12' }, { 'date' => '2005-05-26T16:19:59', 'version' => '0.13' }, { 'date' => '2006-05-08T18:43:01', 'version' => '0.14' }, { 'date' => '2009-08-19T11:11:31', 'version' => '0.15_01' }, { 'date' => '2009-09-11T12:47:36', 'version' => '1.16' }, { 'date' => '2011-06-17T01:49:57', 'version' => '1.17' } ] }, 'Crypt-JWT' => { 'advisories' => [ { 'affected_versions' => '<0.023', 'cves' => [ 'CVE-2019-1010263' ], 'description' => 'Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c. ', 'distribution' => 'Crypt-JWT', 'fixed_versions' => '>=0.023', 'id' => 'CPANSA-Crypt-JWT-2019-01', 'references' => [ 'https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c', 'https://www.openwall.com/lists/oss-security/2018/09/07/1' ], 'reported' => '2019-03-20', 'severity' => 'high' }, { 'affected_versions' => '<0.022', 'cves' => [ 'CVE-2019-1010161' ], 'description' => 'perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023. ', 'distribution' => 'Crypt-JWT', 'fixed_versions' => '>=0.022', 'id' => 'CPANSA-Crypt-JWT-2019-01', 'references' => [ 'https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483' ], 'reported' => '2019-03-20', 'severity' => 'high' } ], 'main_module' => 'Crypt::JWT', 'versions' => [ { 'date' => '2015-07-02T22:24:01', 'version' => '0.004' }, { 'date' => '2015-07-02T22:54:29', 'version' => '0.005' }, { 'date' => '2015-07-07T19:43:45', 'version' => '0.010' }, { 'date' => '2015-10-22T07:08:48', 'version' => '0.011' }, { 'date' => '2016-05-02T17:33:01', 'version' => '0.012' }, { 'date' => '2016-05-03T07:10:15', 'version' => '0.013' }, { 'date' => '2016-05-04T05:48:13', 'version' => '0.014' }, { 'date' => '2016-05-12T05:38:49', 'version' => '0.015' }, { 'date' => '2016-05-12T08:03:49', 'version' => '0.016' }, { 'date' => '2016-06-03T10:17:48', 'version' => '0.017' }, { 'date' => '2016-08-31T19:49:41', 'version' => '0.018' }, { 'date' => '2018-01-26T16:07:54', 'version' => '0.019' }, { 'date' => '2018-02-02T15:02:28', 'version' => '0.020' }, { 'date' => '2018-03-15T11:59:25', 'version' => '0.021' }, { 'date' => '2018-06-24T20:29:50', 'version' => '0.022' }, { 'date' => '2018-09-01T16:09:10', 'version' => '0.023' }, { 'date' => '2019-03-26T11:11:25', 'version' => '0.024' }, { 'date' => '2019-09-29T15:23:58', 'version' => '0.025' }, { 'date' => '2020-02-02T08:44:56', 'version' => '0.026' }, { 'date' => '2020-06-04T22:35:39', 'version' => '0.027' }, { 'date' => '2020-06-14T18:17:45', 'version' => '0.028' }, { 'date' => '2020-06-22T13:13:53', 'version' => '0.029' }, { 'date' => '2021-01-08T14:22:56', 'version' => '0.030' }, { 'date' => '2021-01-10T14:18:25', 'version' => '0.031' }, { 'date' => '2021-03-18T21:02:33', 'version' => '0.032' }, { 'date' => '2021-05-01T17:18:31', 'version' => '0.033' }, { 'date' => '2021-11-28T22:08:38', 'version' => '0.034' }, { 'date' => '2023-10-03T10:20:23', 'version' => '0.035' } ] }, 'Crypt-OpenSSL-DSA' => { 'advisories' => [ { 'affected_versions' => '<0.14', 'cves' => [ 'CVE-2009-0129' ], 'description' => 'Missing error check in do_verify, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature. ', 'distribution' => 'Crypt-OpenSSL-DSA', 'fixed_versions' => '>=0.14', 'id' => 'CPANSA-Crypt-OpenSSL-DSA-2009-01', 'references' => [ 'https://metacpan.org/changes/distribution/Crypt-OpenSSL-DSA', 'https://www.openwall.com/lists/oss-security/2009/01/12/4', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511519' ], 'reported' => '2009-01-15' } ], 'main_module' => 'Crypt::OpenSSL::DSA', 'versions' => [ { 'date' => '2001-09-19T04:45:14', 'version' => '0.01' }, { 'date' => '2001-09-24T17:32:49', 'version' => '0.02' }, { 'date' => '2002-02-07T05:57:36', 'version' => '0.03' }, { 'date' => '2002-09-24T04:52:06', 'version' => '0.04' }, { 'date' => '2002-09-26T00:21:17', 'version' => '0.10' }, { 'date' => '2003-01-06T19:08:08', 'version' => '0.11' }, { 'date' => '2005-05-23T01:44:36', 'version' => '0.12' }, { 'date' => '2005-10-15T21:37:10', 'version' => '0.13' }, { 'date' => '2012-10-16T22:55:16', 'version' => '0.14' }, { 'date' => '2015-02-03T21:57:37', 'version' => '0.15' }, { 'date' => '2016-10-27T11:25:18', 'version' => '0.16' }, { 'date' => '2016-10-27T18:54:42', 'version' => '0.17' }, { 'date' => '2016-11-17T10:33:35', 'version' => '0.18' }, { 'date' => '2017-01-13T08:24:56', 'version' => '0.19' }, { 'date' => '2021-03-20T12:31:50', 'version' => '0.20' } ] }, 'Crypt-Passwd-XS' => { 'advisories' => [ { 'affected_versions' => '<0.601', 'cves' => [ 'CVE-2012-2143' ], 'description' => 'The crypt_des (aka DES-based crypt) function does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. ', 'distribution' => 'Crypt-Passwd-XS', 'fixed_versions' => '>=0.601', 'id' => 'CPANSA-Crypt-Passwd-XS-2012-01', 'references' => [ 'https://metacpan.org/changes/distribution/Crypt-Passwd-XS' ], 'reported' => '2012-05-07' } ], 'main_module' => 'Crypt::Passwd::XS', 'versions' => [ { 'date' => '2010-11-14T21:18:18', 'version' => '0.4' }, { 'date' => '2010-11-17T02:03:54', 'version' => '0.501' }, { 'date' => '2010-11-17T23:25:17', 'version' => '0.503' }, { 'date' => '2010-11-20T00:37:33', 'version' => '0.504' }, { 'date' => '2010-11-24T00:59:34', 'version' => '0.505' }, { 'date' => '2011-03-09T16:18:01', 'version' => '0.506' }, { 'date' => '2011-03-09T21:40:38', 'version' => '0.507' }, { 'date' => '2011-07-26T16:37:20', 'version' => '0.600' }, { 'date' => '2012-12-06T19:57:57', 'version' => '0.601' } ] }, 'Crypt-Perl' => { 'advisories' => [ { 'affected_versions' => '<0.33', 'cves' => [ 'CVE-2020-17478' ], 'description' => 'ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm. ', 'distribution' => 'Crypt-Perl', 'fixed_versions' => '>=0.33', 'id' => 'CPANSA-Crypt-Perl-2020-01', 'references' => [ 'https://github.com/FGasper/p5-Crypt-Perl/compare/0.32...0.33' ], 'reported' => '2020-08-10', 'severity' => 'high' }, { 'affected_versions' => '<0.32', 'cves' => [ 'CVE-2020-13895' ], 'description' => 'Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail. ', 'distribution' => 'Crypt-Perl', 'fixed_versions' => '>=0.32', 'id' => 'CPANSA-Crypt-Perl-2020-02', 'references' => [ 'https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2', 'https://github.com/FGasper/p5-Crypt-Perl/issues/14' ], 'reported' => '2020-06-07', 'severity' => 'high' } ], 'main_module' => 'Crypt::Perl', 'versions' => [ { 'date' => '2016-12-14T06:20:54', 'version' => '0.01' }, { 'date' => '2016-12-17T05:33:45', 'version' => '0.02' }, { 'date' => '2016-12-19T14:55:23', 'version' => '0.021' }, { 'date' => '2016-12-19T22:19:39', 'version' => '0.022' }, { 'date' => '2016-12-20T08:45:47', 'version' => '0.03' }, { 'date' => '2016-12-20T18:44:49', 'version' => '0.031' }, { 'date' => '2016-12-21T05:18:09', 'version' => '0.032' }, { 'date' => '2016-12-23T05:59:32', 'version' => '0.033' }, { 'date' => '2016-12-29T16:03:59', 'version' => '0.1' }, { 'date' => '2016-12-31T06:23:01', 'version' => '0.11' }, { 'date' => '2017-01-02T21:24:31', 'version' => '0.12' }, { 'date' => '2017-01-03T14:55:13', 'version' => '0.13' }, { 'date' => '2017-01-03T16:30:45', 'version' => '0.14' }, { 'date' => '2017-01-04T00:12:29', 'version' => '0.15' }, { 'date' => '2017-02-02T09:09:40', 'version' => '0.15_1' }, { 'date' => '2017-02-03T03:31:34', 'version' => '0.16_rc1' }, { 'date' => '2017-02-03T03:38:07', 'version' => '0.15_2' }, { 'date' => '2017-02-03T07:21:32', 'version' => '0.15_3' }, { 'date' => '2017-02-07T04:16:06', 'version' => '0.16' }, { 'date' => '2017-02-08T07:56:45', 'version' => '0.16_1' }, { 'date' => '2017-02-08T09:25:41', 'version' => '0.17' }, { 'date' => '2017-02-09T04:07:34', 'version' => '0.17_1' }, { 'date' => '2018-06-18T01:48:20', 'version' => '0.18-TRIAL1' }, { 'date' => '2018-06-18T02:52:52', 'version' => '0.18-TRIAL2' }, { 'date' => '2018-06-18T12:03:17', 'version' => '0.18-TRIAL3' }, { 'date' => '2018-06-18T15:07:20', 'version' => '0.18-TRIAL4' }, { 'date' => '2018-06-18T20:34:04', 'version' => '0.18-TRIAL5' }, { 'date' => '2018-06-18T21:06:07', 'version' => '0.18-TRIAL6' }, { 'date' => '2018-06-18T21:47:43', 'version' => '0.18-TRIAL7' }, { 'date' => '2018-06-18T22:42:19', 'version' => '0.18' }, { 'date' => '2018-06-19T04:25:06', 'version' => '0.19' }, { 'date' => '2018-06-19T06:14:32', 'version' => '0.20-TRIAL1' }, { 'date' => '2018-06-19T14:23:57', 'version' => '0.20-TRIAL2' }, { 'date' => '2018-06-19T15:50:08', 'version' => '0.20' }, { 'date' => '2018-06-19T15:56:15', 'version' => '0.21' }, { 'date' => '2018-06-21T03:33:59', 'version' => '0.22-TRIAL1' }, { 'date' => '2018-06-21T13:31:18', 'version' => '0.22-TRIAL2' }, { 'date' => '2018-06-22T14:43:21', 'version' => '0.22' }, { 'date' => '2018-06-23T00:40:40', 'version' => '0.23-TRIAL1' }, { 'date' => '2018-06-25T14:35:15', 'version' => '0.23' }, { 'date' => '2018-07-23T03:11:37', 'version' => '0.24_TRIAL1' }, { 'date' => '2018-07-23T03:13:05', 'version' => '0.24_TRIAL2' }, { 'date' => '2018-07-23T03:16:58', 'version' => '0.24-TRIAL3' }, { 'date' => '2018-07-23T12:12:48', 'version' => '0.24-TRIAL4' }, { 'date' => '2018-07-24T22:03:18', 'version' => '0.24' }, { 'date' => '2018-07-25T01:54:45', 'version' => '0.25' }, { 'date' => '2018-07-28T19:52:07', 'version' => '0.26-TRIAL1' }, { 'date' => '2018-07-28T22:07:05', 'version' => '0.26' }, { 'date' => '2018-07-28T22:26:02', 'version' => '0.27-TRIAL1' }, { 'date' => '2018-07-29T02:05:05', 'version' => '0.27' }, { 'date' => '2018-08-25T00:24:23', 'version' => '0.28' }, { 'date' => '2018-08-25T02:38:45', 'version' => '0.29' }, { 'date' => '2018-12-22T02:29:37', 'version' => '0.30-TRIAL1' }, { 'date' => '2018-12-22T15:18:25', 'version' => '0.30-TRIAL2' }, { 'date' => '2018-12-24T03:14:46', 'version' => '0.30-TRIAL3' }, { 'date' => '2019-09-12T03:13:59', 'version' => '0.30' }, { 'date' => '2020-02-11T00:54:58', 'version' => '0.31_01' }, { 'date' => '2020-02-11T02:50:09', 'version' => '0.31_02' }, { 'date' => '2020-02-12T01:19:36', 'version' => '0.31' }, { 'date' => '2020-06-04T12:31:25', 'version' => '0.32_01' }, { 'date' => '2020-06-04T12:56:11', 'version' => '0.32_02' }, { 'date' => '2020-06-05T02:53:59', 'version' => '0.32' }, { 'date' => '2020-08-10T15:39:12', 'version' => '0.33' }, { 'date' => '2020-09-24T07:31:56', 'version' => '0.34_02' }, { 'date' => '2020-09-24T07:37:16', 'version' => '0.34_03' }, { 'date' => '2020-09-25T01:38:34', 'version' => '0.34_04' }, { 'date' => '2020-09-26T03:44:57', 'version' => '0.34_05' }, { 'date' => '2020-09-26T12:38:56', 'version' => '0.34_06' }, { 'date' => '2020-09-26T18:03:25', 'version' => '0.34_07' }, { 'date' => '2020-09-27T13:00:26', 'version' => '0.34_08' }, { 'date' => '2020-09-27T23:51:08', 'version' => '0.34_09' }, { 'date' => '2020-09-28T07:22:06', 'version' => '0.34' }, { 'date' => '2021-11-17T15:13:58', 'version' => '0.35_02' }, { 'date' => '2021-11-18T03:39:19', 'version' => '0.35' }, { 'date' => '2021-11-18T03:44:32', 'version' => '0.36' }, { 'date' => '2021-11-20T13:20:35', 'version' => '0.37_01' }, { 'date' => '2021-11-21T03:44:48', 'version' => '0.37_02' }, { 'date' => '2021-11-22T04:28:59', 'version' => '0.37_03' }, { 'date' => '2021-11-29T02:09:35', 'version' => '0.37_04' }, { 'date' => '2021-11-30T02:16:10', 'version' => '0.37_05' }, { 'date' => '2021-11-30T16:09:14', 'version' => '0.37_06' }, { 'date' => '2021-12-01T01:39:08', 'version' => '0.37_07' }, { 'date' => '2021-12-02T21:42:02', 'version' => '0.37_08' }, { 'date' => '2021-12-06T15:38:41', 'version' => '0.37_09' }, { 'date' => '2021-12-08T01:12:53', 'version' => '0.37_10' }, { 'date' => '2021-12-09T13:42:15', 'version' => '0.37_11' }, { 'date' => '2021-12-14T02:08:33', 'version' => '0.37_12' }, { 'date' => '2021-12-15T05:19:53', 'version' => '0.37_13' }, { 'date' => '2021-12-17T19:36:38', 'version' => '0.37' }, { 'date' => '2022-10-17T15:04:13', 'version' => '0.38' } ] }, 'CryptX' => { 'advisories' => [ { 'affected_versions' => '<0.062', 'cves' => [], 'description' => 'A user can pass anything as the tag into gcm_decrypt_verify() and it will return decrypted plaintext. ', 'distribution' => 'CryptX', 'fixed_versions' => undef, 'id' => 'CPANSA-CryptX-2018-01', 'references' => [ 'https://github.com/DCIT/perl-CryptX/issues/47', 'https://github.com/libtom/libtomcrypt/pull/451' ], 'reported' => '2018-10-26', 'severity' => undef } ], 'main_module' => 'CryptX', 'versions' => [ { 'date' => '2013-04-11T15:10:25', 'version' => '0.002' }, { 'date' => '2013-04-16T07:29:07', 'version' => '0.003' }, { 'date' => '2013-04-16T07:37:29', 'version' => '0.004' }, { 'date' => '2013-04-18T12:09:09', 'version' => '0.005' }, { 'date' => '2013-04-19T09:05:57', 'version' => '0.006' }, { 'date' => '2013-04-23T10:03:54', 'version' => '0.007' }, { 'date' => '2013-05-02T08:52:42', 'version' => '0.008' }, { 'date' => '2013-05-19T20:25:17', 'version' => '0.009' }, { 'date' => '2013-06-14T22:37:18', 'version' => '0.011' }, { 'date' => '2013-06-17T20:00:17', 'version' => '0.012' }, { 'date' => '2013-08-28T07:12:15', 'version' => '0.013' }, { 'date' => '2013-09-11T14:31:01', 'version' => '0.013_1' }, { 'date' => '2013-09-11T21:11:18', 'version' => '0.014' }, { 'date' => '2013-09-12T08:21:21', 'version' => '0.014_1' }, { 'date' => '2013-09-12T09:12:21', 'version' => '0.014_2' }, { 'date' => '2013-09-12T09:32:06', 'version' => '0.015' }, { 'date' => '2013-09-15T19:36:52', 'version' => '0.016' }, { 'date' => '2013-09-22T19:20:20', 'version' => '0.016_1' }, { 'date' => '2013-09-23T14:24:27', 'version' => '0.016_2' }, { 'date' => '2013-09-24T05:00:07', 'version' => '0.016_3' }, { 'date' => '2013-09-24T08:54:42', 'version' => '0.017' }, { 'date' => '2013-10-18T13:21:35', 'version' => '0.018' }, { 'date' => '2013-10-20T21:13:35', 'version' => '0.019' }, { 'date' => '2014-01-14T21:30:37', 'version' => '0.019_1' }, { 'date' => '2014-01-15T21:59:30', 'version' => '0.019_2' }, { 'date' => '2014-01-16T21:26:19', 'version' => '0.019_3' }, { 'date' => '2014-01-17T09:42:29', 'version' => '0.019_4' }, { 'date' => '2014-01-18T08:29:06', 'version' => '0.020' }, { 'date' => '2014-01-23T15:47:50', 'version' => '0.021' }, { 'date' => '2015-04-17T01:18:47', 'version' => '0.021_1' }, { 'date' => '2015-04-17T10:12:01', 'version' => '0.021_3' }, { 'date' => '2015-05-06T07:55:21', 'version' => '0.021_4' }, { 'date' => '2015-05-11T21:56:39', 'version' => '0.021_5' }, { 'date' => '2015-05-12T05:52:15', 'version' => '0.021_6' }, { 'date' => '2015-05-12T07:10:42', 'version' => '0.021_7' }, { 'date' => '2015-05-14T09:27:41', 'version' => '0.021_8' }, { 'date' => '2015-05-15T11:08:26', 'version' => '0.021_9' }, { 'date' => '2015-05-22T16:57:26', 'version' => '0.022' }, { 'date' => '2015-06-10T20:37:54', 'version' => '0.023' }, { 'date' => '2015-06-26T06:13:25', 'version' => '0.023_1' }, { 'date' => '2015-06-26T09:18:06', 'version' => '0.023_2' }, { 'date' => '2015-06-29T20:09:16', 'version' => '0.024' }, { 'date' => '2015-07-08T07:56:50', 'version' => '0.025' }, { 'date' => '2015-10-22T15:14:53', 'version' => '0.025_01' }, { 'date' => '2015-11-28T18:58:17', 'version' => '0.026' }, { 'date' => '2015-12-29T21:20:15', 'version' => '0.026_01' }, { 'date' => '2015-12-29T21:20:27', 'version' => '0.026_02' }, { 'date' => '2016-01-02T14:38:13', 'version' => '0.026_05' }, { 'date' => '2016-01-02T15:57:58', 'version' => '0.026_06' }, { 'date' => '2016-01-03T14:36:53', 'version' => '0.026_08' }, { 'date' => '2016-01-10T09:47:31', 'version' => '0.026_15' }, { 'date' => '2016-01-10T09:47:43', 'version' => '0.026_16' }, { 'date' => '2016-01-10T11:52:21', 'version' => '0.026_18' }, { 'date' => '2016-01-10T11:53:48', 'version' => '0.026_19' }, { 'date' => '2016-01-10T17:03:45', 'version' => '0.026_23' }, { 'date' => '2016-01-10T17:03:56', 'version' => '0.026_24' }, { 'date' => '2016-01-10T19:02:14', 'version' => '0.026_28' }, { 'date' => '2016-01-10T20:49:06', 'version' => '0.026_29' }, { 'date' => '2016-01-12T22:25:58', 'version' => '0.026_30' }, { 'date' => '2016-01-12T22:37:33', 'version' => '0.026_31' }, { 'date' => '2016-01-13T23:53:06', 'version' => '0.026_32' }, { 'date' => '2016-01-14T19:29:18', 'version' => '0.026_33' }, { 'date' => '2016-01-14T19:30:45', 'version' => '0.026_34' }, { 'date' => '2016-01-14T21:16:15', 'version' => '0.026_35' }, { 'date' => '2016-01-14T21:19:01', 'version' => '0.026_36' }, { 'date' => '2016-01-22T23:01:16', 'version' => '0.026_39' }, { 'date' => '2016-01-24T22:12:32', 'version' => '0.026_40' }, { 'date' => '2016-01-24T22:36:42', 'version' => '0.026_41' }, { 'date' => '2016-01-25T20:44:46', 'version' => '0.027' }, { 'date' => '2016-01-25T21:42:58', 'version' => '0.027_01' }, { 'date' => '2016-01-26T10:06:26', 'version' => '0.027_05' }, { 'date' => '2016-03-15T09:51:01', 'version' => '0.027_06' }, { 'date' => '2016-03-23T19:44:54', 'version' => '0.028' }, { 'date' => '2016-03-28T14:31:13', 'version' => '0.028_01' }, { 'date' => '2016-03-28T19:32:58', 'version' => '0.028_02' }, { 'date' => '2016-03-31T12:07:46', 'version' => '0.028_03' }, { 'date' => '2016-04-13T09:30:27', 'version' => '0.029' }, { 'date' => '2016-04-13T09:46:59', 'version' => '0.030' }, { 'date' => '2016-05-01T16:53:05', 'version' => '0.031' }, { 'date' => '2016-05-04T17:45:30', 'version' => '0.032' }, { 'date' => '2016-05-09T20:20:49', 'version' => '0.033' }, { 'date' => '2016-05-10T22:31:32', 'version' => '0.034' }, { 'date' => '2016-06-03T10:17:59', 'version' => '0.035' }, { 'date' => '2016-06-07T19:22:05', 'version' => '0.036' }, { 'date' => '2016-06-16T17:04:27', 'version' => '0.037' }, { 'date' => '2016-07-06T18:27:46', 'version' => '0.038' }, { 'date' => '2016-08-03T05:53:42', 'version' => '0.039' }, { 'date' => '2016-09-12T08:42:39', 'version' => '0.040' }, { 'date' => '2016-10-12T09:32:48', 'version' => '0.041' }, { 'date' => '2016-10-19T10:25:05', 'version' => '0.041_001' }, { 'date' => '2016-11-02T09:00:59', 'version' => '0.041_002' }, { 'date' => '2016-11-02T09:19:09', 'version' => '0.041_003' }, { 'date' => '2016-11-12T15:21:01', 'version' => '0.042' }, { 'date' => '2016-11-27T21:19:27', 'version' => '0.043' }, { 'date' => '2016-11-28T07:45:32', 'version' => '0.044' }, { 'date' => '2017-02-21T21:54:33', 'version' => '0.044_001' }, { 'date' => '2017-02-23T15:58:42', 'version' => '0.044_003' }, { 'date' => '2017-02-23T20:35:46', 'version' => '0.044_004' }, { 'date' => '2017-02-23T20:44:50', 'version' => '0.044_005' }, { 'date' => '2017-02-28T12:22:27', 'version' => '0.044_006' }, { 'date' => '2017-02-28T13:58:51', 'version' => '0.044_007' }, { 'date' => '2017-03-01T09:26:34', 'version' => '0.044_008' }, { 'date' => '2017-03-01T09:49:29', 'version' => '0.044_009' }, { 'date' => '2017-03-01T10:02:35', 'version' => '0.044_010' }, { 'date' => '2017-03-31T09:28:10', 'version' => '0.045' }, { 'date' => '2017-04-04T09:08:33', 'version' => '0.046' }, { 'date' => '2017-04-05T20:09:35', 'version' => '0.047' }, { 'date' => '2017-04-07T18:22:15', 'version' => '0.047_001' }, { 'date' => '2017-04-07T21:40:24', 'version' => '0.047_002' }, { 'date' => '2017-04-10T08:16:03', 'version' => '0.047_003' }, { 'date' => '2017-04-24T15:23:29', 'version' => '0.047_004' }, { 'date' => '2017-04-26T15:36:02', 'version' => '0.047_005' }, { 'date' => '2017-05-01T19:11:50', 'version' => '0.047_006' }, { 'date' => '2017-05-31T20:22:56', 'version' => '0.048' }, { 'date' => '2017-07-09T19:38:38', 'version' => '0.048_001' }, { 'date' => '2017-07-14T17:43:25', 'version' => '0.048_002' }, { 'date' => '2017-07-18T05:56:42', 'version' => '0.049' }, { 'date' => '2017-07-18T20:37:45', 'version' => '0.050' }, { 'date' => '2017-08-08T08:14:05', 'version' => '0.051' }, { 'date' => '2017-09-15T12:32:56', 'version' => '0.053' }, { 'date' => '2017-09-19T07:51:19', 'version' => '0.053_001' }, { 'date' => '2017-09-19T18:46:56', 'version' => '0.053_002' }, { 'date' => '2017-09-20T09:56:04', 'version' => '0.053_003' }, { 'date' => '2017-10-10T21:04:53', 'version' => '0.053_004' }, { 'date' => '2017-10-12T07:27:42', 'version' => '0.054' }, { 'date' => '2017-10-23T13:18:12', 'version' => '0.054_001' }, { 'date' => '2017-10-23T17:44:49', 'version' => '0.054_002' }, { 'date' => '2017-10-25T07:43:53', 'version' => '0.054_003' }, { 'date' => '2017-10-30T17:53:14', 'version' => '0.054_004' }, { 'date' => '2017-10-31T18:27:22', 'version' => '0.054_005' }, { 'date' => '2017-11-20T18:51:03', 'version' => '0.054_006' }, { 'date' => '2017-11-24T08:15:31', 'version' => '0.054_007' }, { 'date' => '2017-11-24T14:21:46', 'version' => '0.054_008' }, { 'date' => '2017-11-24T16:33:40', 'version' => '0.054_009' }, { 'date' => '2017-11-28T10:19:52', 'version' => '0.055' }, { 'date' => '2017-12-18T19:05:35', 'version' => '0.055_001' }, { 'date' => '2017-12-22T13:22:16', 'version' => '0.056' }, { 'date' => '2018-01-26T16:05:07', 'version' => '0.056_001' }, { 'date' => '2018-01-29T06:18:08', 'version' => '0.056_002' }, { 'date' => '2018-01-29T10:02:58', 'version' => '0.056_003' }, { 'date' => '2018-01-29T23:05:27', 'version' => '0.056_004' }, { 'date' => '2018-01-30T10:23:40', 'version' => '0.056_005' }, { 'date' => '2018-01-30T14:11:33', 'version' => '0.056_006' }, { 'date' => '2018-01-30T16:08:38', 'version' => '0.056_007' }, { 'date' => '2018-01-30T16:29:41', 'version' => '0.056_008' }, { 'date' => '2018-01-30T16:43:48', 'version' => '0.056_009' }, { 'date' => '2018-01-31T08:56:12', 'version' => '0.057' }, { 'date' => '2018-02-27T17:13:52', 'version' => '0.058' }, { 'date' => '2018-03-08T09:30:22', 'version' => '0.058_001' }, { 'date' => '2018-03-18T16:27:43', 'version' => '0.058_002' }, { 'date' => '2018-03-25T15:45:36', 'version' => '0.059' }, { 'date' => '2018-04-27T17:14:03', 'version' => '0.059_001' }, { 'date' => '2018-04-28T20:59:58', 'version' => '0.059_002' }, { 'date' => '2018-04-29T18:12:50', 'version' => '0.059_003' }, { 'date' => '2018-05-01T09:32:27', 'version' => '0.060' }, { 'date' => '2018-05-27T19:05:34', 'version' => '0.060_001' }, { 'date' => '2018-05-28T07:18:37', 'version' => '0.060_002' }, { 'date' => '2018-06-06T15:49:28', 'version' => '0.060_003' }, { 'date' => '2018-06-07T05:25:50', 'version' => '0.061' }, { 'date' => '2018-10-24T20:35:24', 'version' => '0.061_001' }, { 'date' => '2018-10-26T17:10:16', 'version' => '0.061_002' }, { 'date' => '2018-10-29T10:46:25', 'version' => '0.061_003' }, { 'date' => '2018-10-30T06:27:48', 'version' => '0.062' }, { 'date' => '2018-11-22T10:43:01', 'version' => '0.062_001' }, { 'date' => '2018-11-28T10:48:28', 'version' => '0.063' }, { 'date' => '2019-06-06T09:36:14', 'version' => '0.063_001' }, { 'date' => '2019-06-06T17:35:59', 'version' => '0.063_002' }, { 'date' => '2019-06-10T17:24:53', 'version' => '0.063_003' }, { 'date' => '2019-06-12T13:33:28', 'version' => '0.063_004' }, { 'date' => '2019-06-12T23:12:09', 'version' => '0.063_005' }, { 'date' => '2019-06-14T07:01:03', 'version' => '0.064' }, { 'date' => '2019-10-19T18:49:19', 'version' => '0.065' }, { 'date' => '2019-10-20T16:30:22', 'version' => '0.066' }, { 'date' => '2020-01-26T20:23:46', 'version' => '0.066_001' }, { 'date' => '2020-01-30T10:21:29', 'version' => '0.066_002' }, { 'date' => '2020-02-01T13:24:27', 'version' => '0.067' }, { 'date' => '2020-03-08T19:21:55', 'version' => '0.067_001' }, { 'date' => '2020-03-10T13:04:08', 'version' => '0.068' }, { 'date' => '2020-08-02T08:51:06', 'version' => '0.068_001' }, { 'date' => '2020-08-25T07:12:43', 'version' => '0.069' }, { 'date' => '2021-02-12T14:44:41', 'version' => '0.070' }, { 'date' => '2021-03-30T09:39:33', 'version' => '0.071' }, { 'date' => '2021-04-29T08:23:01', 'version' => '0.072' }, { 'date' => '2021-07-12T16:40:01', 'version' => '0.072_001' }, { 'date' => '2021-07-13T07:03:12', 'version' => '0.072_002' }, { 'date' => '2021-07-13T20:54:22', 'version' => '0.072_003' }, { 'date' => '2021-07-18T12:16:09', 'version' => '0.073' }, { 'date' => '2021-10-04T18:34:39', 'version' => '0.073_001' }, { 'date' => '2021-10-10T18:41:04', 'version' => '0.073_002' }, { 'date' => '2021-10-13T18:32:43', 'version' => '0.073_003' }, { 'date' => '2021-11-06T09:26:22', 'version' => '0.074' }, { 'date' => '2021-12-25T09:39:17', 'version' => '0.075' }, { 'date' => '2022-01-01T00:36:25', 'version' => '0.075_001' }, { 'date' => '2022-01-01T13:19:24', 'version' => '0.075_002' }, { 'date' => '2022-01-01T19:48:49', 'version' => '0.075_003' }, { 'date' => '2022-01-07T20:55:06', 'version' => '0.076' }, { 'date' => '2022-06-09T18:18:34', 'version' => '0.076_001' }, { 'date' => '2022-08-20T15:42:12', 'version' => '0.076_002' }, { 'date' => '2022-08-20T18:14:10', 'version' => '0.076_003' }, { 'date' => '2022-08-21T07:46:06', 'version' => '0.077' }, { 'date' => '2023-04-28T12:31:25', 'version' => '0.078' }, { 'date' => '2023-07-25T18:36:58', 'version' => '0.078_001' }, { 'date' => '2023-10-01T12:20:32', 'version' => '0.079' }, { 'date' => '2023-10-01T17:35:55', 'version' => '0.079_002' }, { 'date' => '2023-10-01T17:36:06', 'version' => '0.079_003' }, { 'date' => '2023-10-02T07:47:50', 'version' => '0.079_004' }, { 'date' => '2023-10-02T11:22:48', 'version' => '0.079_005' }, { 'date' => '2023-10-02T15:06:17', 'version' => '0.079_006' }, { 'date' => '2023-10-03T10:16:25', 'version' => '0.079_007' }, { 'date' => '2023-10-04T11:07:16', 'version' => '0.080' }, { 'date' => '2023-10-07T11:45:30', 'version' => '0.080_001' } ] }, 'DBD-MariaDB' => { 'advisories' => [ { 'affected_versions' => '<1.00', 'cves' => [ 'CVE-2018-2767' ], 'description' => 'SSL problems of MySQL and MariaDB clients. ', 'distribution' => 'DBD-MariaDB', 'fixed_versions' => '>=1.00', 'id' => 'CPANSA-DBD-MariaDB-2018-01', 'references' => [ 'https://metacpan.org/changes/distribution/DBD-MariaDB' ], 'reported' => '2017-07-01' }, { 'affected_versions' => '<1.00', 'cves' => [ 'CVE-2017-10788' ], 'description' => 'Use-after-free after calling mysql_stmt_close(). ', 'distribution' => 'DBD-MariaDB', 'fixed_versions' => '>=1.00', 'id' => 'CPANSA-DBD-MariaDB-2017-02', 'references' => [ 'https://metacpan.org/changes/distribution/DBD-MariaDB' ], 'reported' => '2017-07-01' }, { 'affected_versions' => '<1.00', 'cves' => [ 'CVE-2017-3302' ], 'description' => 'Leaking dangling pointers. ', 'distribution' => 'DBD-MariaDB', 'fixed_versions' => '>=1.00', 'id' => 'CPANSA-DBD-MariaDB-2017-01', 'references' => [ 'https://metacpan.org/changes/distribution/DBD-MariaDB' ], 'reported' => '2017-07-01' } ], 'main_module' => 'DBD::MariaDB', 'versions' => [ { 'date' => '2018-06-26T14:23:29', 'version' => '0.90_01' }, { 'date' => '2018-07-12T13:36:05', 'version' => '1.00' }, { 'date' => '2018-12-05T12:21:26', 'version' => '1.10' }, { 'date' => '2019-01-02T15:38:57', 'version' => '1.11' }, { 'date' => '2019-02-22T16:31:33', 'version' => '1.20' }, { 'date' => '2019-02-27T11:08:40', 'version' => '1.21' }, { 'date' => '2022-04-21T23:16:33', 'version' => '1.22' }, { 'date' => '2023-09-10T14:27:09', 'version' => '1.23' } ] }, 'DBD-Pg' => { 'advisories' => [ { 'affected_versions' => '<2.19.0', 'cves' => [ 'CVE-2012-1151' ], 'description' => 'Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. ', 'distribution' => 'DBD-Pg', 'fixed_versions' => undef, 'id' => 'CPANSA-DBD-Pg-2012-1151', 'references' => [ 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536', 'https://rt.cpan.org/Public/Bug/Display.html?id=75642', 'http://secunia.com/advisories/48319', 'https://bugzilla.redhat.com/show_bug.cgi?id=801733', 'http://www.openwall.com/lists/oss-security/2012/03/10/4', 'http://secunia.com/advisories/48307', 'http://www.debian.org/security/2012/dsa-2431', 'http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes', 'http://www.openwall.com/lists/oss-security/2012/03/09/6', 'http://rhn.redhat.com/errata/RHSA-2012-1116.html', 'http://secunia.com/advisories/48824', 'http://security.gentoo.org/glsa/glsa-201204-08.xml', 'http://www.mandriva.com/security/advisories?name=MDVSA-2012:112', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/73855', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/73854' ], 'reported' => '2012-09-09', 'severity' => undef }, { 'affected_versions' => '=1.49', 'cves' => [ 'CVE-2009-0663' ], 'description' => 'Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. ', 'distribution' => 'DBD-Pg', 'fixed_versions' => undef, 'id' => 'CPANSA-DBD-Pg-2009-0663', 'references' => [ 'http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz', 'https://launchpad.net/bugs/cve/2009-0663', 'http://www.debian.org/security/2009/dsa-1780', 'http://secunia.com/advisories/34909', 'http://www.securityfocus.com/bid/34755', 'http://www.redhat.com/support/errata/RHSA-2009-0479.html', 'http://secunia.com/advisories/35058', 'http://www.redhat.com/support/errata/RHSA-2009-1067.html', 'http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html', 'http://secunia.com/advisories/35685', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/50467', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499' ], 'reported' => '2009-04-30', 'severity' => undef }, { 'affected_versions' => '<2.0.0', 'cves' => [ 'CVE-2009-1341' ], 'description' => 'Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns. ', 'distribution' => 'DBD-Pg', 'fixed_versions' => '>=2.0.0', 'id' => 'CPANSA-DBD-Pg-2009-1341', 'references' => [ 'http://rt.cpan.org/Public/Bug/Display.html?id=21392', 'https://launchpad.net/bugs/cve/2009-1341', 'http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz', 'http://www.debian.org/security/2009/dsa-1780', 'http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes', 'http://secunia.com/advisories/34909', 'http://www.securityfocus.com/bid/34757', 'http://www.redhat.com/support/errata/RHSA-2009-0479.html', 'http://secunia.com/advisories/35058', 'http://www.redhat.com/support/errata/RHSA-2009-1067.html', 'http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html', 'http://secunia.com/advisories/35685', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/50387', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680' ], 'reported' => '2009-04-30', 'severity' => undef } ], 'main_module' => 'DBD::Pg', 'versions' => [ { 'date' => '1997-03-13T21:11:59', 'version' => '0.1' }, { 'date' => '1997-04-28T20:48:18', 'version' => '0.3' }, { 'date' => '1997-08-10T20:45:01', 'version' => '0.5' }, { 'date' => '1997-08-16T06:48:54', 'version' => '0.51' }, { 'date' => '1997-08-17T09:14:26', 'version' => '0.52' }, { 'date' => '1997-08-23T20:41:48', 'version' => '0.61' }, { 'date' => '1997-08-26T21:39:36', 'version' => '0.62' }, { 'date' => '1997-10-05T18:41:32', 'version' => '0.63' }, { 'date' => '1998-02-02T21:05:57', 'version' => '0.64' }, { 'date' => '1998-02-15T09:59:55', 'version' => '0.65' }, { 'date' => '1998-02-19T21:13:44', 'version' => '0.66' }, { 'date' => '1998-02-21T16:49:34', 'version' => '0.67' }, { 'date' => '1998-03-03T21:22:18', 'version' => '0.68' }, { 'date' => '1998-03-06T22:15:44', 'version' => '0.69' }, { 'date' => '1998-04-20T20:14:28', 'version' => '0.72' }, { 'date' => '1998-06-03T15:15:54', 'version' => '0.73' }, { 'date' => '1998-11-05T21:41:28', 'version' => '0.89' }, { 'date' => '1999-01-16T06:10:32', 'version' => '0.90' }, { 'date' => '1999-02-14T20:41:05', 'version' => '0.91' }, { 'date' => '1999-06-16T19:06:21', 'version' => '0.92' }, { 'date' => '1999-09-29T21:25:02', 'version' => '0.93' }, { 'date' => '2000-07-07T10:45:34', 'version' => '0.94' }, { 'date' => '2000-07-10T18:07:30', 'version' => '0.95' }, { 'date' => '2001-04-09T17:58:20', 'version' => '0.96' }, { 'date' => '2001-04-20T21:11:46', 'version' => '0.97' }, { 'date' => '2001-04-25T14:13:22', 'version' => '0.98' }, { 'date' => '2001-05-24T17:36:05', 'version' => '0.99' }, { 'date' => '2001-05-27T14:14:13', 'version' => '1.00' }, { 'date' => '2001-06-27T18:03:08', 'version' => '1.01' }, { 'date' => '2002-03-06T23:05:52', 'version' => '1.10' }, { 'date' => '2002-03-07T01:34:18', 'version' => '1.11' }, { 'date' => '2002-04-10T02:03:57', 'version' => '1.12' }, { 'date' => '2002-04-27T20:50:11', 'version' => '1.13' }, { 'date' => '2002-11-27T17:57:11', 'version' => '1.20' }, { 'date' => '2003-01-13T06:46:43', 'version' => '1.21' }, { 'date' => '2003-03-27T04:46:08', 'version' => '1.22' }, { 'date' => '2003-09-10T02:12:07', 'version' => '1.31_5' }, { 'date' => '2003-10-29T21:33:29', 'version' => '1.31_7' }, { 'date' => '2003-11-10T03:52:37', 'version' => '1.31_8' }, { 'date' => '2003-11-14T22:17:30', 'version' => '1.31_9' }, { 'date' => '2003-11-18T18:34:28', 'version' => '1.31' }, { 'date' => '2004-02-13T18:57:25', 'version' => '1.32_1' }, { 'date' => '2004-02-19T02:40:51', 'version' => '1.32_2' }, { 'date' => '2004-02-25T19:23:08', 'version' => '1.32' }, { 'date' => '2005-02-06T21:18:12', 'version' => '1.39_02' }, { 'date' => '2005-02-22T06:07:17', 'version' => '1.40' }, { 'date' => '2005-03-31T12:35:04', 'version' => '1.40_1' }, { 'date' => '2005-03-31T23:34:15', 'version' => '1.40_2' }, { 'date' => '2005-04-01T23:56:01', 'version' => '1.40_03' }, { 'date' => '2005-04-05T02:47:47', 'version' => '1.40_04' }, { 'date' => '2005-04-06T22:53:50', 'version' => '1.41' }, { 'date' => '2005-05-07T18:48:36', 'version' => '1.41_1' }, { 'date' => '2005-05-19T03:23:24', 'version' => '1.41_2' }, { 'date' => '2005-05-21T14:56:23', 'version' => '1.42' }, { 'date' => '2005-06-22T00:42:23', 'version' => '1.42_1' }, { 'date' => '2005-06-23T12:09:13', 'version' => '1.43' }, { 'date' => '2005-09-13T01:39:06', 'version' => '1.43_1' }, { 'date' => '2006-02-13T03:50:51', 'version' => '1.43_2' }, { 'date' => '2006-02-22T03:00:40', 'version' => '1.44' }, { 'date' => '2006-02-26T19:15:10', 'version' => '1.45' }, { 'date' => '2006-03-17T17:17:03', 'version' => '1.46' }, { 'date' => '2006-03-19T21:19:12', 'version' => '1.47' }, { 'date' => '2006-04-05T15:39:30', 'version' => '1.48' }, { 'date' => '2006-05-05T16:40:59', 'version' => '1.49' }, { 'date' => '2008-01-17T14:34:38', 'version' => '2.0.0' }, { 'date' => '2008-01-17T22:47:38', 'version' => '2.0.0_2' }, { 'date' => '2008-01-18T04:21:25', 'version' => '2.0.0_3' }, { 'date' => '2008-01-18T16:25:19', 'version' => '2.0.0_4' }, { 'date' => '2008-01-19T19:05:27', 'version' => '2.0.0_5' }, { 'date' => '2008-01-23T19:19:45', 'version' => '2.0.0_6' }, { 'date' => '2008-01-26T17:48:03', 'version' => '2.0.0_7' }, { 'date' => '2008-01-28T17:08:31', 'version' => '2.0.0_8' }, { 'date' => '2008-01-28T21:21:19', 'version' => '2.0.0_9' }, { 'date' => '2008-02-10T19:34:31', 'version' => '2.0.0' }, { 'date' => '2008-02-17T04:58:29', 'version' => '2.0.0_1' }, { 'date' => '2008-02-17T13:10:04', 'version' => '2.0.0_2' }, { 'date' => '2008-02-17T18:17:25', 'version' => '2.0.1_1' }, { 'date' => '2008-02-18T02:28:30', 'version' => '2.0.1_2' }, { 'date' => '2008-02-18T23:52:09', 'version' => '2.0.1_3' }, { 'date' => '2008-02-19T02:09:09', 'version' => '2.1.0' }, { 'date' => '2008-02-19T04:45:29', 'version' => '2.1.1' }, { 'date' => '2008-02-19T15:36:06', 'version' => '2.1.1_1' }, { 'date' => '2008-02-20T02:56:37', 'version' => '2.1.2' }, { 'date' => '2008-02-21T00:31:43', 'version' => '2.1.3' }, { 'date' => '2008-02-26T01:59:20', 'version' => '2.1.3_1' }, { 'date' => '2008-02-26T13:50:47', 'version' => '2.1.3_2' }, { 'date' => '2008-02-28T04:08:34', 'version' => '2.2.0' }, { 'date' => '2008-03-02T03:01:12', 'version' => '2.2.1' }, { 'date' => '2008-03-03T17:14:01', 'version' => '2.2.2' }, { 'date' => '2008-03-19T14:50:06', 'version' => '2.3.0' }, { 'date' => '2008-03-21T16:41:42', 'version' => '2.4.0' }, { 'date' => '2008-03-23T16:55:36', 'version' => '2.5.0' }, { 'date' => '2008-04-07T19:16:57', 'version' => '2.5.1' }, { 'date' => '2008-04-14T15:57:23', 'version' => '2.5.2_1' }, { 'date' => '2008-04-16T18:16:11', 'version' => '2.6.0' }, { 'date' => '2008-04-22T18:06:55', 'version' => '2.6.1' }, { 'date' => '2008-04-28T21:15:56', 'version' => '2.6.1_1' }, { 'date' => '2008-04-30T23:18:14', 'version' => '2.6.2' }, { 'date' => '2008-05-01T16:03:12', 'version' => '2.6.3' }, { 'date' => '2008-05-02T17:09:20', 'version' => '2.6.4' }, { 'date' => '2008-05-07T14:10:57', 'version' => '2.6.5' }, { 'date' => '2008-05-07T20:41:03', 'version' => '2.6.6' }, { 'date' => '2008-05-10T22:37:02', 'version' => '2.7.0' }, { 'date' => '2008-05-11T20:58:52', 'version' => '2.7.1' }, { 'date' => '2008-05-14T13:19:24', 'version' => '2.7.2' }, { 'date' => '2008-06-02T01:33:26', 'version' => '2.8.0' }, { 'date' => '2008-06-12T04:06:28', 'version' => '2.8.1' }, { 'date' => '2008-06-30T02:21:03', 'version' => '2.8.2' }, { 'date' => '2008-07-07T02:09:01', 'version' => '2.8.3' }, { 'date' => '2008-07-10T18:18:54', 'version' => '2.8.4' }, { 'date' => '2008-07-13T14:41:49', 'version' => '2.8.5' }, { 'date' => '2008-07-21T15:23:39', 'version' => '2.8.6' }, { 'date' => '2008-07-24T05:27:41', 'version' => '2.8.7' }, { 'date' => '2008-08-03T19:48:22', 'version' => '2.9.0' }, { 'date' => '2008-08-18T03:49:13', 'version' => '2.9.1' }, { 'date' => '2008-08-18T14:00:03', 'version' => '2.9.2' }, { 'date' => '2008-08-27T02:46:34', 'version' => '2.10.0' }, { 'date' => '2008-08-31T16:29:33', 'version' => '2.10.1' }, { 'date' => '2008-09-01T01:40:52', 'version' => '2.10.2' }, { 'date' => '2008-09-01T01:48:43', 'version' => '2.10.3' }, { 'date' => '2008-09-16T15:35:48', 'version' => '2.10.4' }, { 'date' => '2008-09-16T15:43:37', 'version' => '2.10.5' }, { 'date' => '2008-09-19T13:38:32', 'version' => '2.10.6' }, { 'date' => '2008-09-23T03:13:47', 'version' => '2.10.7' }, { 'date' => '2008-10-13T11:50:18', 'version' => '2.11.0' }, { 'date' => '2008-10-14T04:21:14', 'version' => '2.11.1' }, { 'date' => '2008-10-16T00:55:38', 'version' => '2.11.2' }, { 'date' => '2008-11-03T13:51:55', 'version' => '2.11.3' }, { 'date' => '2008-11-12T22:11:37', 'version' => '2.11.4' }, { 'date' => '2008-11-24T23:56:25', 'version' => '2.11.5' }, { 'date' => '2008-11-30T23:05:28', 'version' => '2.11.6' }, { 'date' => '2008-12-13T17:02:24', 'version' => '2.11.7' }, { 'date' => '2008-12-28T19:24:29', 'version' => '2.11.8' }, { 'date' => '2009-03-24T02:23:04', 'version' => '2.11.8_1' }, { 'date' => '2009-03-26T18:53:00', 'version' => '2.11.8_2' }, { 'date' => '2009-03-28T14:56:16', 'version' => '2.12.0' }, { 'date' => '2009-04-14T02:14:44', 'version' => '2.13.0' }, { 'date' => '2009-04-23T16:30:10', 'version' => '2.13.1' }, { 'date' => '2009-07-13T19:43:16', 'version' => '2.13.1_1' }, { 'date' => '2009-07-14T14:34:31', 'version' => '2.13.1_2' }, { 'date' => '2009-07-15T21:12:47', 'version' => '2.13.1_3' }, { 'date' => '2009-07-17T01:15:13', 'version' => '2.13.1_4' }, { 'date' => '2009-07-20T23:54:06', 'version' => '2.13.1_5' }, { 'date' => '2009-07-21T16:03:25', 'version' => '2.13.1_6' }, { 'date' => '2009-07-21T21:43:56', 'version' => '2.13.1_7' }, { 'date' => '2009-07-27T22:45:52', 'version' => '2.14.0' }, { 'date' => '2009-07-28T17:05:35', 'version' => '2.14.1' }, { 'date' => '2009-08-04T04:08:56', 'version' => '2.14.1_1' }, { 'date' => '2009-08-04T18:18:51', 'version' => '2.15.0' }, { 'date' => '2009-08-07T15:05:27', 'version' => '2.15.1' }, { 'date' => '2009-12-17T15:41:55', 'version' => '2.8.8' }, { 'date' => '2009-12-17T17:14:41', 'version' => '2.16.0' }, { 'date' => '2010-01-20T21:13:23', 'version' => '2.16.1' }, { 'date' => '2010-04-06T18:56:34', 'version' => '2.17.0' }, { 'date' => '2010-04-08T15:32:24', 'version' => '2.17.1' }, { 'date' => '2010-11-21T05:14:52', 'version' => '2.17.2' }, { 'date' => '2011-03-27T03:53:00', 'version' => '2.17.2_1' }, { 'date' => '2011-03-29T00:36:37', 'version' => '2.18.0' }, { 'date' => '2011-05-09T16:40:13', 'version' => '2.18.1' }, { 'date' => '2011-06-19T18:46:40', 'version' => '2.99.9_1' }, { 'date' => '2011-06-20T20:47:06', 'version' => '2.99.9_2' }, { 'date' => '2012-03-09T22:51:54', 'version' => '2.19.0' }, { 'date' => '2012-03-11T03:28:47', 'version' => '2.19.1' }, { 'date' => '2012-03-12T20:58:56', 'version' => '2.19.2' }, { 'date' => '2012-08-21T17:18:39', 'version' => '2.19.3' }, { 'date' => '2013-11-16T03:47:03', 'version' => '2.20.1_1' }, { 'date' => '2013-11-21T03:22:26', 'version' => '2.20.1_2' }, { 'date' => '2013-11-26T19:03:57', 'version' => '2.20.1_3' }, { 'date' => '2013-11-27T19:35:07', 'version' => '2.20.1_4' }, { 'date' => '2014-01-11T20:31:09', 'version' => '2.20.1_6' }, { 'date' => '2014-02-04T01:38:37', 'version' => '3.0.0' }, { 'date' => '2014-04-05T11:08:15', 'version' => '3.1.0' }, { 'date' => '2014-04-06T13:17:49', 'version' => '3.1.1' }, { 'date' => '2014-05-15T17:20:49', 'version' => '3.2.0' }, { 'date' => '2014-05-20T16:38:44', 'version' => '3.2.1' }, { 'date' => '2014-05-31T18:50:07', 'version' => '3.3.0' }, { 'date' => '2014-08-16T19:09:15', 'version' => '3.4.0' }, { 'date' => '2014-08-20T20:38:19', 'version' => '3.4.1' }, { 'date' => '2014-09-25T21:16:23', 'version' => '3.4.2' }, { 'date' => '2015-01-06T20:41:04', 'version' => '3.5.0' }, { 'date' => '2015-02-07T13:09:54', 'version' => '3.5.0_1' }, { 'date' => '2015-02-16T19:17:14', 'version' => '3.5.0_2' }, { 'date' => '2015-02-17T21:20:22', 'version' => '3.5.1' }, { 'date' => '2015-09-29T15:46:33', 'version' => '3.5.2' }, { 'date' => '2015-10-01T14:06:04', 'version' => '3.5.3' }, { 'date' => '2017-04-05T10:23:22', 'version' => '3.5.9_1' }, { 'date' => '2017-04-17T13:34:12', 'version' => '3.6.0' }, { 'date' => '2017-05-22T16:49:32', 'version' => '3.6.1' }, { 'date' => '2017-05-23T14:25:49', 'version' => '3.6.2' }, { 'date' => '2017-09-22T16:30:49', 'version' => '3.6.9_1' }, { 'date' => '2017-09-23T02:10:34', 'version' => '3.6.9_2' }, { 'date' => '2017-09-24T19:30:09', 'version' => '3.7.0' }, { 'date' => '2018-02-11T19:23:39', 'version' => '3.7.1' }, { 'date' => '2018-02-12T13:39:58', 'version' => 'v3.7.3' }, { 'date' => '2018-02-13T04:10:10', 'version' => '3.7.4' }, { 'date' => '2019-04-26T02:20:41', 'version' => '3.8.0' }, { 'date' => '2019-07-06T19:44:25', 'version' => '3.8.1' }, { 'date' => '2019-07-25T15:48:44', 'version' => '3.8.9_1' }, { 'date' => '2019-08-13T21:10:51', 'version' => '3.9.0' }, { 'date' => '2019-08-15T19:46:43', 'version' => '3.9.1' }, { 'date' => '2019-09-03T15:18:09', 'version' => '3.10.0' }, { 'date' => '2020-01-14T03:27:38', 'version' => '3.10.1' }, { 'date' => '2020-01-17T22:34:46', 'version' => '3.10.2' }, { 'date' => '2020-01-20T21:01:45', 'version' => '3.10.3' }, { 'date' => '2020-02-03T17:19:38', 'version' => '3.10.4' }, { 'date' => '2020-03-23T17:47:23', 'version' => '3.10.5' }, { 'date' => '2020-04-23T16:46:52', 'version' => '3.11.0' }, { 'date' => '2020-04-28T15:12:38', 'version' => '3.11.1' }, { 'date' => '2020-05-07T18:35:28', 'version' => '3.12.0' }, { 'date' => '2020-06-03T13:39:22', 'version' => '3.12.1' }, { 'date' => '2020-06-04T15:30:54', 'version' => '3.12.2' }, { 'date' => '2020-06-05T17:59:13', 'version' => '3.12.3' }, { 'date' => '2020-06-08T20:38:00', 'version' => '3.12.3_1' }, { 'date' => '2020-06-15T21:25:55', 'version' => '3.12.3_2' }, { 'date' => '2020-06-17T15:53:25', 'version' => '3.13.0' }, { 'date' => '2020-07-20T00:24:23', 'version' => '3.14.0' }, { 'date' => '2020-08-12T16:17:33', 'version' => '3.14.1' }, { 'date' => '2020-08-13T13:36:09', 'version' => '3.14.2' }, { 'date' => '2021-05-21T21:20:28', 'version' => '3.15.0' }, { 'date' => '2022-02-14T15:39:15', 'version' => '3.15.1' }, { 'date' => '2022-08-08T18:03:02', 'version' => '3.16.0' }, { 'date' => '2023-03-06T00:06:35', 'version' => '3.16.1' }, { 'date' => '2023-04-04T19:49:11', 'version' => '3.16.2' }, { 'date' => '2023-04-04T20:43:26', 'version' => '3.16.3' }, { 'date' => '2023-08-24T00:42:24', 'version' => '3.17.0' }, { 'date' => '2023-12-06T23:47:13', 'version' => '3.18.0' } ] }, 'DBD-SQLite' => { 'advisories' => [ { 'affected_versions' => '<1.65_03', 'cves' => [ 'CVE-2020-15358' ], 'description' => 'In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2020-15358', 'references' => [ 'https://www.sqlite.org/src/info/10fa79d00f8091e5', 'https://www.sqlite.org/src/timeline?p=version-3.32.3&bt=version-3.32.2', 'https://www.sqlite.org/src/tktview?name=8f157e8010', 'https://security.netapp.com/advisory/ntap-20200709-0001/', 'https://security.gentoo.org/glsa/202007-26', 'https://usn.ubuntu.com/4438-1/', 'https://www.oracle.com/security-alerts/cpuoct2020.html', 'https://support.apple.com/kb/HT211931', 'https://support.apple.com/kb/HT211844', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211843', 'https://support.apple.com/kb/HT211847', 'http://seclists.org/fulldisclosure/2020/Nov/19', 'http://seclists.org/fulldisclosure/2020/Nov/22', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'http://seclists.org/fulldisclosure/2020/Dec/32', 'https://www.oracle.com/security-alerts/cpujan2021.html', 'https://support.apple.com/kb/HT212147', 'http://seclists.org/fulldisclosure/2021/Feb/14', 'https://www.oracle.com/security-alerts/cpuApr2021.html', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf', 'https://www.oracle.com/security-alerts/cpuapr2022.html' ], 'reported' => '2020-06-27', 'severity' => 'medium' }, { 'affected_versions' => '<1.65_03', 'cves' => [ 'CVE-2020-13632' ], 'description' => 'ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2020-13632', 'references' => [ 'https://bugs.chromium.org/p/chromium/issues/detail?id=1080459', 'https://sqlite.org/src/info/a4dd148928ea65bd', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/', 'https://security.netapp.com/advisory/ntap-20200608-0002/', 'https://usn.ubuntu.com/4394-1/', 'https://www.oracle.com/security-alerts/cpujul2020.html', 'https://security.gentoo.org/glsa/202007-26', 'https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc', 'https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html', 'https://www.oracle.com/security-alerts/cpuoct2020.html', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2020-05-27', 'severity' => 'medium' }, { 'affected_versions' => '<1.65_03', 'cves' => [ 'CVE-2020-13631' ], 'description' => 'SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2020-13631', 'references' => [ 'https://bugs.chromium.org/p/chromium/issues/detail?id=1080459', 'https://sqlite.org/src/info/eca0ba2cf4c0fdf7', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/', 'https://security.netapp.com/advisory/ntap-20200608-0002/', 'https://usn.ubuntu.com/4394-1/', 'https://www.oracle.com/security-alerts/cpujul2020.html', 'https://security.gentoo.org/glsa/202007-26', 'https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc', 'https://www.oracle.com/security-alerts/cpuoct2020.html', 'https://support.apple.com/kb/HT211931', 'https://support.apple.com/kb/HT211844', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211843', 'https://support.apple.com/kb/HT211952', 'http://seclists.org/fulldisclosure/2020/Nov/19', 'http://seclists.org/fulldisclosure/2020/Nov/22', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'https://support.apple.com/kb/HT211935', 'http://seclists.org/fulldisclosure/2020/Dec/32', 'https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2020-05-27', 'severity' => 'medium' }, { 'affected_versions' => '<1.65_03', 'cves' => [ 'CVE-2020-13630' ], 'description' => 'ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2020-13630', 'references' => [ 'https://bugs.chromium.org/p/chromium/issues/detail?id=1080459', 'https://sqlite.org/src/info/0d69f76f0865f962', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/', 'https://security.netapp.com/advisory/ntap-20200608-0002/', 'https://usn.ubuntu.com/4394-1/', 'https://www.oracle.com/security-alerts/cpujul2020.html', 'https://security.gentoo.org/glsa/202007-26', 'https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc', 'https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html', 'https://www.oracle.com/security-alerts/cpuoct2020.html', 'https://support.apple.com/kb/HT211931', 'https://support.apple.com/kb/HT211844', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211843', 'https://support.apple.com/kb/HT211952', 'http://seclists.org/fulldisclosure/2020/Nov/19', 'http://seclists.org/fulldisclosure/2020/Nov/22', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'https://support.apple.com/kb/HT211935', 'http://seclists.org/fulldisclosure/2020/Dec/32', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2020-05-27', 'severity' => 'high' }, { 'affected_versions' => '<1.65_03', 'cves' => [ 'CVE-2020-13435' ], 'description' => 'SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2020-13435', 'references' => [ 'https://www.sqlite.org/src/info/7a5279a25c57adf1', 'https://security.netapp.com/advisory/ntap-20200528-0004/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/', 'https://usn.ubuntu.com/4394-1/', 'https://www.oracle.com/security-alerts/cpujul2020.html', 'https://security.gentoo.org/glsa/202007-26', 'https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc', 'https://support.apple.com/kb/HT211931', 'https://support.apple.com/kb/HT211844', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211843', 'https://support.apple.com/kb/HT211952', 'http://seclists.org/fulldisclosure/2020/Nov/19', 'http://seclists.org/fulldisclosure/2020/Nov/22', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'https://support.apple.com/kb/HT211935', 'http://seclists.org/fulldisclosure/2020/Dec/32', 'https://www.oracle.com/security-alerts/cpuApr2021.html' ], 'reported' => '2020-05-24', 'severity' => 'medium' }, { 'affected_versions' => '<1.65_03', 'cves' => [ 'CVE-2020-13434' ], 'description' => 'SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2020-13434', 'references' => [ 'https://www.sqlite.org/src/info/23439ea582241138', 'https://www.sqlite.org/src/info/d08d3405878d394e', 'https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html', 'https://security.netapp.com/advisory/ntap-20200528-0004/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7KXQWHIY2MQP4LNM6ODWJENMXYYQYBN/', 'https://usn.ubuntu.com/4394-1/', 'https://www.oracle.com/security-alerts/cpujul2020.html', 'https://security.gentoo.org/glsa/202007-26', 'https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc', 'https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html', 'https://support.apple.com/kb/HT211931', 'https://support.apple.com/kb/HT211844', 'https://support.apple.com/kb/HT211850', 'https://support.apple.com/kb/HT211843', 'https://support.apple.com/kb/HT211952', 'http://seclists.org/fulldisclosure/2020/Nov/19', 'http://seclists.org/fulldisclosure/2020/Nov/22', 'http://seclists.org/fulldisclosure/2020/Nov/20', 'https://support.apple.com/kb/HT211935', 'http://seclists.org/fulldisclosure/2020/Dec/32', 'https://www.oracle.com/security-alerts/cpuApr2021.html', 'https://www.oracle.com/security-alerts/cpuapr2022.html' ], 'reported' => '2020-05-24', 'severity' => 'medium' }, { 'affected_versions' => '<1.65_03', 'cves' => [ 'CVE-2020-11656' ], 'description' => 'In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2020-11656', 'references' => [ 'https://www3.sqlite.org/cgi/src/info/b64674919f673602', 'https://www.sqlite.org/src/info/d09f8c3621d5f7f8', 'https://security.netapp.com/advisory/ntap-20200416-0001/', 'https://www.oracle.com/security-alerts/cpujul2020.html', 'https://security.gentoo.org/glsa/202007-26', 'https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc', 'https://www.oracle.com/security-alerts/cpuoct2020.html', 'https://www.oracle.com/security-alerts/cpujan2021.html', 'https://www.oracle.com/security-alerts/cpuApr2021.html', 'https://www.tenable.com/security/tns-2021-14', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2020-04-09', 'severity' => 'critical' }, { 'affected_versions' => '<1.65_03', 'cves' => [ 'CVE-2020-11655' ], 'description' => 'SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object\'s initialization is mishandled. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2020-11655', 'references' => [ 'https://www3.sqlite.org/cgi/src/info/4a302b42c7bf5e11', 'https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c', 'https://security.netapp.com/advisory/ntap-20200416-0001/', 'https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html', 'https://usn.ubuntu.com/4394-1/', 'https://www.oracle.com/security-alerts/cpujul2020.html', 'https://security.gentoo.org/glsa/202007-26', 'https://security.FreeBSD.org/advisories/FreeBSD-SA-20:22.sqlite.asc', 'https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html', 'https://www.oracle.com/security-alerts/cpuoct2020.html', 'https://www.oracle.com/security-alerts/cpujan2021.html', 'https://www.oracle.com/security-alerts/cpuApr2021.html', 'https://www.tenable.com/security/tns-2021-14', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2020-04-09', 'severity' => 'high' }, { 'affected_versions' => '<1.65_03', 'cves' => [ 'CVE-2020-9327' ], 'description' => 'In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2020-9327', 'references' => [ 'https://www.sqlite.org/cgi/src/info/4374860b29383380', 'https://www.sqlite.org/cgi/src/info/abc473fb8fb99900', 'https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e', 'https://security.netapp.com/advisory/ntap-20200313-0002/', 'https://security.gentoo.org/glsa/202003-16', 'https://usn.ubuntu.com/4298-1/', 'https://www.oracle.com/security-alerts/cpujul2020.html', 'https://www.oracle.com/security-alerts/cpuoct2020.html', 'https://www.oracle.com/security-alerts/cpujan2021.html', 'https://www.oracle.com/security-alerts/cpuApr2021.html', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2020-02-21', 'severity' => 'high' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-20218' ], 'description' => 'selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-20218', 'references' => [ 'https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387', 'https://usn.ubuntu.com/4298-1/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://security.gentoo.org/glsa/202007-26', 'https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html', 'https://lists.debian.org/debian-lts-announce/2020/12/msg00016.html' ], 'reported' => '2020-01-02', 'severity' => 'high' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19959' ], 'description' => 'ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded \'\\\\0\' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19959', 'references' => [ 'https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec', 'https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1', 'https://security.netapp.com/advisory/ntap-20200204-0001/', 'https://usn.ubuntu.com/4298-1/', 'https://www.oracle.com/security-alerts/cpuapr2020.html' ], 'reported' => '2020-01-03', 'severity' => 'high' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19926', 'CVE-2019-19880' ], 'description' => 'multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19926', 'references' => [ 'https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089', 'https://security.netapp.com/advisory/ntap-20200114-0003/', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html', 'https://access.redhat.com/errata/RHSA-2020:0514', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html', 'https://www.debian.org/security/2020/dsa-4638', 'https://usn.ubuntu.com/4298-1/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://usn.ubuntu.com/4298-2/', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-12-23', 'severity' => 'high' }, { 'affected_versions' => '>=1.19_01,<1.63_03', 'cves' => [ 'CVE-2019-8457' ], 'description' => 'SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.63_04', 'id' => 'CPANSA-DBD-SQLite-2019-8457', 'references' => [ 'https://www.sqlite.org/src/info/90acdbfce9c08858', 'https://www.sqlite.org/releaselog/3_28_0.html', 'https://usn.ubuntu.com/4004-1/', 'https://usn.ubuntu.com/4004-2/', 'https://security.netapp.com/advisory/ntap-20190606-0002/', 'https://usn.ubuntu.com/4019-1/', 'https://usn.ubuntu.com/4019-2/', 'http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/', 'https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html', 'https://www.oracle.com/security-alerts/cpujan2020.html', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://www.oracle.com/security-alerts/cpujul2020.html', 'https://kc.mcafee.com/corporate/index?page=content&id=SB10365' ], 'reported' => '2019-05-30', 'severity' => 'critical' }, { 'affected_versions' => '>=1.61_03,<1.63_03', 'cves' => [ 'CVE-2019-5018' ], 'description' => 'An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.63_04', 'id' => 'CPANSA-DBD-SQLite-2019-5018', 'references' => [ 'https://talosintelligence.com/vulnerability_reports/TALOS-2019-0777', 'http://www.securityfocus.com/bid/108294', 'http://packetstormsecurity.com/files/152809/Sqlite3-Window-Function-Remote-Code-Execution.html', 'https://security.netapp.com/advisory/ntap-20190521-0001/', 'https://security.gentoo.org/glsa/201908-09', 'https://usn.ubuntu.com/4205-1/' ], 'reported' => '2019-05-10', 'severity' => 'high' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19925' ], 'description' => 'zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19925', 'references' => [ 'https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618', 'https://security.netapp.com/advisory/ntap-20200114-0003/', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html', 'https://access.redhat.com/errata/RHSA-2020:0514', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html', 'https://www.debian.org/security/2020/dsa-4638', 'https://usn.ubuntu.com/4298-1/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-12-24', 'severity' => 'high' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19924' ], 'description' => 'SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19924', 'references' => [ 'https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3', 'https://security.netapp.com/advisory/ntap-20200114-0003/', 'https://usn.ubuntu.com/4298-1/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E', 'https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-12-24', 'severity' => 'medium' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19923' ], 'description' => 'flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19923', 'references' => [ 'https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35', 'https://security.netapp.com/advisory/ntap-20200114-0003/', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html', 'https://access.redhat.com/errata/RHSA-2020:0514', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html', 'https://www.debian.org/security/2020/dsa-4638', 'https://usn.ubuntu.com/4298-1/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-12-24', 'severity' => 'high' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19880' ], 'description' => 'exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19880', 'references' => [ 'https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54', 'https://security.netapp.com/advisory/ntap-20200114-0001/', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00010.html', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00015.html', 'https://access.redhat.com/errata/RHSA-2020:0514', 'http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00025.html', 'https://www.debian.org/security/2020/dsa-4638', 'https://usn.ubuntu.com/4298-1/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-12-18', 'severity' => 'high' }, { 'affected_versions' => '<=1.65_02', 'cves' => [ 'CVE-2019-19646' ], 'description' => 'pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19646', 'references' => [ 'https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd', 'https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3', 'https://www.sqlite.org/', 'https://security.netapp.com/advisory/ntap-20191223-0001/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://www.tenable.com/security/tns-2021-14', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-12-09', 'severity' => 'critical' }, { 'affected_versions' => '<=1.65_02', 'cves' => [ 'CVE-2019-19645' ], 'description' => 'alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19645', 'references' => [ 'https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06', 'https://security.netapp.com/advisory/ntap-20191223-0001/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://usn.ubuntu.com/4394-1/', 'https://www.tenable.com/security/tns-2021-14', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-12-09', 'severity' => 'medium' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19603' ], 'description' => 'SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19603', 'references' => [ 'https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13', 'https://www.sqlite.org/', 'https://security.netapp.com/advisory/ntap-20191223-0001/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://usn.ubuntu.com/4394-1/', 'https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-12-09', 'severity' => 'high' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19317' ], 'description' => 'lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19317', 'references' => [ 'https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8', 'https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3', 'https://security.netapp.com/advisory/ntap-20191223-0001/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-12-05', 'severity' => 'critical' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19244' ], 'description' => 'sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19244', 'references' => [ 'https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348', 'https://usn.ubuntu.com/4205-1/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-11-25', 'severity' => 'high' }, { 'affected_versions' => '=1.65_02', 'cves' => [ 'CVE-2019-19242' ], 'description' => 'SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.65_03', 'id' => 'CPANSA-DBD-SQLite-2019-19242', 'references' => [ 'https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c', 'https://usn.ubuntu.com/4205-1/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf' ], 'reported' => '2019-11-27', 'severity' => 'medium' }, { 'affected_versions' => '<1.61_01', 'cves' => [ 'CVE-2018-20506' ], 'description' => 'SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.61_01', 'id' => 'CPANSA-DBD-SQLite-2018-20506', 'references' => [ 'https://support.apple.com/kb/HT209451', 'https://support.apple.com/kb/HT209450', 'https://support.apple.com/kb/HT209448', 'https://support.apple.com/kb/HT209447', 'https://support.apple.com/kb/HT209446', 'https://support.apple.com/kb/HT209443', 'https://sqlite.org/src/info/940f2adc8541a838', 'https://seclists.org/bugtraq/2019/Jan/39', 'https://seclists.org/bugtraq/2019/Jan/33', 'https://seclists.org/bugtraq/2019/Jan/32', 'https://seclists.org/bugtraq/2019/Jan/31', 'https://seclists.org/bugtraq/2019/Jan/29', 'https://seclists.org/bugtraq/2019/Jan/28', 'http://www.securityfocus.com/bid/106698', 'http://seclists.org/fulldisclosure/2019/Jan/69', 'http://seclists.org/fulldisclosure/2019/Jan/68', 'http://seclists.org/fulldisclosure/2019/Jan/67', 'http://seclists.org/fulldisclosure/2019/Jan/66', 'http://seclists.org/fulldisclosure/2019/Jan/64', 'http://seclists.org/fulldisclosure/2019/Jan/62', 'http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html', 'https://security.netapp.com/advisory/ntap-20190502-0004/', 'https://usn.ubuntu.com/4019-1/', 'https://usn.ubuntu.com/4019-2/', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html', 'https://kc.mcafee.com/corporate/index?page=content&id=SB10365' ], 'reported' => '2019-04-03', 'severity' => 'high' }, { 'affected_versions' => '=1.59_02', 'cves' => [ 'CVE-2018-20505' ], 'description' => 'SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.59_03', 'id' => 'CPANSA-DBD-SQLite-2018-20505', 'references' => [ 'https://support.apple.com/kb/HT209451', 'https://support.apple.com/kb/HT209450', 'https://support.apple.com/kb/HT209448', 'https://support.apple.com/kb/HT209447', 'https://support.apple.com/kb/HT209446', 'https://support.apple.com/kb/HT209443', 'https://sqlite.org/src/info/1a84668dcfdebaf12415d', 'https://seclists.org/bugtraq/2019/Jan/39', 'https://seclists.org/bugtraq/2019/Jan/33', 'https://seclists.org/bugtraq/2019/Jan/32', 'https://seclists.org/bugtraq/2019/Jan/31', 'https://seclists.org/bugtraq/2019/Jan/29', 'https://seclists.org/bugtraq/2019/Jan/28', 'http://www.securityfocus.com/bid/106698', 'http://seclists.org/fulldisclosure/2019/Jan/69', 'http://seclists.org/fulldisclosure/2019/Jan/68', 'http://seclists.org/fulldisclosure/2019/Jan/67', 'http://seclists.org/fulldisclosure/2019/Jan/66', 'http://seclists.org/fulldisclosure/2019/Jan/64', 'http://seclists.org/fulldisclosure/2019/Jan/62', 'https://security.netapp.com/advisory/ntap-20190502-0004/', 'https://usn.ubuntu.com/4019-1/' ], 'reported' => '2019-04-03', 'severity' => 'high' }, { 'affected_versions' => '<1.61_01', 'cves' => [ 'CVE-2018-20346' ], 'description' => 'SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.61_01', 'id' => 'CPANSA-DBD-SQLite-2018-20346', 'references' => [ 'https://www.sqlite.org/releaselog/3_25_3.html', 'https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html', 'https://crbug.com/900910', 'https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e', 'https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html', 'https://bugzilla.redhat.com/show_bug.cgi?id=1659677', 'https://bugzilla.redhat.com/show_bug.cgi?id=1659379', 'https://blade.tencent.com/magellan/index_en.html', 'https://access.redhat.com/articles/3758321', 'https://worthdoingbadly.com/sqlitebug/', 'https://sqlite.org/src/info/d44318f59044162e', 'https://sqlite.org/src/info/940f2adc8541a838', 'https://news.ycombinator.com/item?id=18685296', 'https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html', 'https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html', 'https://www.synology.com/security/advisory/Synology_SA_18_61', 'http://www.securityfocus.com/bid/106323', 'https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc', 'http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html', 'http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html', 'https://security.gentoo.org/glsa/201904-21', 'https://usn.ubuntu.com/4019-1/', 'https://usn.ubuntu.com/4019-2/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/', 'https://support.apple.com/HT209448', 'https://support.apple.com/HT209447', 'https://support.apple.com/HT209446', 'https://support.apple.com/HT209451', 'https://support.apple.com/HT209443', 'https://support.apple.com/HT209450', 'https://www.oracle.com/security-alerts/cpuapr2020.html', 'https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html', 'https://kc.mcafee.com/corporate/index?page=content&id=SB10365' ], 'reported' => '2018-12-21', 'severity' => 'high' }, { 'affected_versions' => '<1.59_01', 'cves' => [ 'CVE-2018-8740' ], 'description' => 'In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.59_01', 'id' => 'CPANSA-DBD-SQLite-2018-8740', 'references' => [ 'https://www.sqlite.org/cgi/src/timeline?r=corrupt-schema', 'https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349', 'https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964', 'https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b', 'http://www.securityfocus.com/bid/103466', 'https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html', 'http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/', 'https://usn.ubuntu.com/4205-1/', 'https://usn.ubuntu.com/4394-1/', 'https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html', 'https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E', 'https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E' ], 'reported' => '2018-03-17', 'severity' => 'high' }, { 'affected_versions' => [ '=1.55_06', '<=1.55_03' ], 'cves' => [ 'CVE-2017-10989' ], 'description' => 'The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.55_07', 'id' => 'CPANSA-DBD-SQLite-2017-10989', 'references' => [ 'https://sqlite.org/src/info/66de6f4a', 'https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937', 'https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405', 'https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26', 'http://marc.info/?l=sqlite-users&m=149933696214713&w=2', 'http://www.securityfocus.com/bid/99502', 'http://www.securitytracker.com/id/1039427', 'https://support.apple.com/HT208144', 'https://support.apple.com/HT208115', 'https://support.apple.com/HT208113', 'https://support.apple.com/HT208112', 'http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html', 'https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html', 'http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00050.html', 'https://usn.ubuntu.com/4019-1/', 'https://usn.ubuntu.com/4019-2/' ], 'reported' => '2017-07-07', 'severity' => 'critical' }, { 'affected_versions' => '>=1.51_04', 'cves' => [ 'CVE-2016-6153' ], 'description' => 'os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.51_05', 'id' => 'CPANSA-DBD-SQLite-2016-6153', 'references' => [ 'http://www.openwall.com/lists/oss-security/2016/07/01/1', 'http://www.securityfocus.com/bid/91546', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/', 'https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt', 'https://www.sqlite.org/releaselog/3_13_0.html', 'http://www.sqlite.org/cgi/src/info/67985761aa93fb61', 'http://www.openwall.com/lists/oss-security/2016/07/01/2', 'http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html', 'https://www.tenable.com/security/tns-2016-20', 'https://usn.ubuntu.com/4019-1/', 'https://usn.ubuntu.com/4019-2/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/' ], 'reported' => '2016-09-26', 'severity' => 'medium' }, { 'affected_versions' => '<=1.47_01', 'cves' => [ 'CVE-2015-3416' ], 'description' => 'The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.47_02', 'id' => 'CPANSA-DBD-SQLite-2015-3416', 'references' => [ 'http://www.sqlite.org/src/info/c494171f77dc2e5e04cb6d865e688448f04e5920', 'http://seclists.org/fulldisclosure/2015/Apr/31', 'http://www.debian.org/security/2015/dsa-3252', 'http://www.mandriva.com/security/advisories?name=MDVSA-2015:217', 'http://www.ubuntu.com/usn/USN-2698-1', 'https://support.apple.com/HT205267', 'http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html', 'http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html', 'https://support.apple.com/HT205213', 'http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html', 'http://www.securitytracker.com/id/1033703', 'https://security.gentoo.org/glsa/201507-05', 'http://rhn.redhat.com/errata/RHSA-2015-1635.html', 'http://rhn.redhat.com/errata/RHSA-2015-1634.html', 'http://www.securityfocus.com/bid/74228', 'http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html' ], 'reported' => '2015-04-24', 'severity' => undef }, { 'affected_versions' => '<=1.47_01', 'cves' => [ 'CVE-2015-3415' ], 'description' => 'The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.47_02', 'id' => 'CPANSA-DBD-SQLite-2015-3415', 'references' => [ 'https://www.sqlite.org/src/info/02e3c88fbf6abdcf3975fb0fb71972b0ab30da30', 'http://seclists.org/fulldisclosure/2015/Apr/31', 'http://www.debian.org/security/2015/dsa-3252', 'http://www.mandriva.com/security/advisories?name=MDVSA-2015:217', 'http://www.ubuntu.com/usn/USN-2698-1', 'https://support.apple.com/HT205267', 'http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html', 'http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html', 'https://support.apple.com/HT205213', 'http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html', 'http://www.securitytracker.com/id/1033703', 'https://security.gentoo.org/glsa/201507-05', 'http://rhn.redhat.com/errata/RHSA-2015-1635.html', 'http://www.securityfocus.com/bid/74228', 'http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html' ], 'reported' => '2015-04-24', 'severity' => undef }, { 'affected_versions' => '<=1.47_01', 'cves' => [ 'CVE-2015-3414' ], 'description' => 'SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.47_02', 'id' => 'CPANSA-DBD-SQLite-2015-3414', 'references' => [ 'https://www.sqlite.org/src/info/eddc05e7bb31fae74daa86e0504a3478b99fa0f2', 'http://seclists.org/fulldisclosure/2015/Apr/31', 'http://www.debian.org/security/2015/dsa-3252', 'http://www.mandriva.com/security/advisories?name=MDVSA-2015:217', 'http://www.ubuntu.com/usn/USN-2698-1', 'https://support.apple.com/HT205267', 'http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html', 'http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html', 'https://support.apple.com/HT205213', 'http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html', 'http://www.securitytracker.com/id/1033703', 'https://security.gentoo.org/glsa/201507-05', 'http://rhn.redhat.com/errata/RHSA-2015-1635.html', 'http://www.securityfocus.com/bid/74228', 'http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html' ], 'reported' => '2015-04-24', 'severity' => undef }, { 'affected_versions' => '=1.47_01', 'cves' => [ 'CVE-2013-7443' ], 'description' => 'Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. ', 'distribution' => 'DBD-SQLite', 'fixed_versions' => '>=1.47_02', 'id' => 'CPANSA-DBD-SQLite-2013-7443', 'references' => [ 'https://www.sqlite.org/src/info/520070ec7fbaac73eda0e0123596b7bb3e9a6897', 'https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1448758', 'https://www.sqlite.org/src/info/ac5852d6403c9c9628ca0aa7be135c702f000698', 'http://ubuntu.com/usn/usn-2698-1', 'http://www.openwall.com/lists/oss-security/2015/07/14/5', 'http://www.openwall.com/lists/oss-security/2015/07/15/4', 'http://www.securityfocus.com/bid/76089' ], 'reported' => '2015-08-12', 'severity' => undef } ], 'main_module' => 'DBD::SQLite', 'versions' => [ { 'date' => '2002-02-19T18:56:55', 'version' => '0.05' }, { 'date' => '2002-02-22T07:29:26', 'version' => '0.06' }, { 'date' => '2002-02-23T11:19:51', 'version' => '0.07' }, { 'date' => '2002-02-25T12:59:46', 'version' => '0.08' }, { 'date' => '2002-02-27T19:46:01', 'version' => '0.09' }, { 'date' => '2002-02-28T11:11:10', 'version' => '0.10' }, { 'date' => '2002-03-13T12:16:23', 'version' => '0.11' }, { 'date' => '2002-03-21T16:49:25', 'version' => '0.12' }, { 'date' => '2002-03-26T22:39:39', 'version' => '0.13' }, { 'date' => '2002-03-28T15:59:02', 'version' => '0.14' }, { 'date' => '2002-04-02T10:48:10', 'version' => '0.15' }, { 'date' => '2002-06-17T23:50:53', 'version' => '0.16' }, { 'date' => '2002-06-26T13:59:05', 'version' => '0.17' }, { 'date' => '2002-07-12T13:46:37', 'version' => '0.18' }, { 'date' => '2002-08-13T22:19:45', 'version' => '0.19' }, { 'date' => '2002-10-17T16:25:57', 'version' => '0.20' }, { 'date' => '2002-10-18T07:08:42', 'version' => '0.21' }, { 'date' => '2002-12-18T18:02:11', 'version' => '0.22' }, { 'date' => '2002-12-29T16:25:29', 'version' => '0.23' }, { 'date' => '2003-01-29T16:47:23', 'version' => '0.24' }, { 'date' => '2003-03-06T22:24:48', 'version' => '0.25' }, { 'date' => '2003-07-31T15:16:06', 'version' => '0.26' }, { 'date' => '2003-08-18T20:17:31', 'version' => '0.27' }, { 'date' => '2003-08-25T13:42:07', 'version' => '0.28' }, { 'date' => '2003-12-05T15:42:05', 'version' => '0.29' }, { 'date' => '2004-02-08T18:45:02', 'version' => '0.30' }, { 'date' => '2004-02-14T19:18:16', 'version' => '0.31' }, { 'date' => '2004-07-21T21:19:33', 'version' => '1.00' }, { 'date' => '2004-08-01T04:49:09', 'version' => '1.01' }, { 'date' => '2004-08-02T18:35:42', 'version' => '1.02' }, { 'date' => '2004-08-09T15:43:59', 'version' => '1.03' }, { 'date' => '2004-08-23T15:14:21', 'version' => '1.04' }, { 'date' => '2004-09-10T15:46:34', 'version' => '1.05' }, { 'date' => '2004-09-21T17:26:28', 'version' => '1.06' }, { 'date' => '2004-10-12T09:07:33', 'version' => '1.07' }, { 'date' => '2005-02-26T13:47:33', 'version' => '1.08' }, { 'date' => '2005-06-20T15:42:32', 'version' => '1.09' }, { 'date' => '2005-12-01T20:56:30', 'version' => '1.10' }, { 'date' => '2005-12-02T19:13:29', 'version' => '1.11' }, { 'date' => '2006-04-10T02:24:08', 'version' => '1.12' }, { 'date' => '2006-09-08T05:02:06', 'version' => '1.13' }, { 'date' => '2007-09-19T19:25:09', 'version' => '1.14' }, { 'date' => '2009-03-27T11:11:41', 'version' => '1.19_01' }, { 'date' => '2009-03-28T16:46:41', 'version' => '1.19_02' }, { 'date' => '2009-03-30T21:58:59', 'version' => '1.19_03' }, { 'date' => '2009-03-31T20:31:37', 'version' => '1.19_04' }, { 'date' => '2009-04-02T04:24:12', 'version' => '1.19_05' }, { 'date' => '2009-04-03T19:21:54', 'version' => '1.19_06' }, { 'date' => '2009-04-04T00:49:42', 'version' => '1.19_07' }, { 'date' => '2009-04-04T04:29:03', 'version' => '1.19_08' }, { 'date' => '2009-04-05T03:16:37', 'version' => '1.19_09' }, { 'date' => '2009-04-05T19:43:04', 'version' => '1.19_10' }, { 'date' => '2009-04-07T14:00:36', 'version' => '1.20' }, { 'date' => '2009-04-08T01:24:11', 'version' => '1.21' }, { 'date' => '2009-04-08T02:05:13', 'version' => '1.22_01' }, { 'date' => '2009-04-08T11:49:36', 'version' => '1.22_02' }, { 'date' => '2009-04-09T09:40:39', 'version' => '1.22_03' }, { 'date' => '2009-04-11T01:58:53', 'version' => '1.22_04' }, { 'date' => '2009-04-14T15:52:05', 'version' => '1.22_05' }, { 'date' => '2009-04-15T14:59:20', 'version' => '1.22_06' }, { 'date' => '2009-04-16T05:40:28', 'version' => '1.22_07' }, { 'date' => '2009-04-17T09:08:15', 'version' => '1.22_08' }, { 'date' => '2009-04-19T09:53:00', 'version' => '1.23' }, { 'date' => '2009-04-22T02:14:33', 'version' => '1.24_01' }, { 'date' => '2009-04-23T00:50:02', 'version' => '1.24_02' }, { 'date' => '2009-04-23T10:20:49', 'version' => '1.25' }, { 'date' => '2009-05-05T06:04:00', 'version' => '1.26_01' }, { 'date' => '2009-06-19T06:56:29', 'version' => '1.26_02' }, { 'date' => '2009-08-12T06:01:13', 'version' => '1.26_03' }, { 'date' => '2009-10-06T06:23:40', 'version' => '1.26_04' }, { 'date' => '2009-10-15T04:05:19', 'version' => '1.26_05' }, { 'date' => '2009-10-28T11:16:12', 'version' => '1.26_06' }, { 'date' => '2009-11-16T01:47:37', 'version' => '1.26_07' }, { 'date' => '2009-11-23T11:15:09', 'version' => '1.27' }, { 'date' => '2009-12-23T11:44:07', 'version' => '1.28_01' }, { 'date' => '2010-01-03T05:56:21', 'version' => '1.28_02' }, { 'date' => '2010-01-08T09:14:18', 'version' => '1.29' }, { 'date' => '2010-03-10T15:55:37', 'version' => '1.30_01' }, { 'date' => '2010-03-30T11:45:57', 'version' => '1.30_02' }, { 'date' => '2010-05-31T03:13:24', 'version' => '1.30_03' }, { 'date' => '2010-08-25T09:25:41', 'version' => '1.30_04' }, { 'date' => '2010-08-27T15:31:59', 'version' => '1.30_05' }, { 'date' => '2010-09-09T01:49:17', 'version' => '1.30_06' }, { 'date' => '2010-09-15T07:30:11', 'version' => '1.31' }, { 'date' => '2010-12-10T05:14:51', 'version' => '1.32_01' }, { 'date' => '2011-03-07T06:57:51', 'version' => '1.32_02' }, { 'date' => '2011-05-12T05:05:38', 'version' => '1.32_03' }, { 'date' => '2011-05-20T02:39:29', 'version' => '1.32_04' }, { 'date' => '2011-05-30T07:39:31', 'version' => '1.33' }, { 'date' => '2011-09-21T16:26:23', 'version' => '1.34_01' }, { 'date' => '2011-10-21T06:13:45', 'version' => '1.34_02' }, { 'date' => '2011-11-01T03:51:19', 'version' => '1.34_03' }, { 'date' => '2011-11-29T00:16:47', 'version' => '1.35' }, { 'date' => '2012-01-19T06:15:08', 'version' => '1.36_01' }, { 'date' => '2012-02-23T04:11:05', 'version' => '1.36_02' }, { 'date' => '2012-05-07T22:56:21', 'version' => '1.36_03' }, { 'date' => '2012-05-19T09:46:14', 'version' => '1.36_04' }, { 'date' => '2012-06-09T14:43:03', 'version' => '1.37' }, { 'date' => '2012-09-24T10:18:25', 'version' => '1.38_01' }, { 'date' => '2013-04-09T05:03:21', 'version' => '1.38_02' }, { 'date' => '2013-05-21T05:14:23', 'version' => '1.38_03' }, { 'date' => '2013-05-29T07:11:57', 'version' => '1.38_04' }, { 'date' => '2013-05-31T04:39:53', 'version' => '1.38_05' }, { 'date' => '2013-06-09T15:10:40', 'version' => '1.39' }, { 'date' => '2013-07-28T05:31:53', 'version' => '1.40' }, { 'date' => '2013-08-27T06:41:37', 'version' => '1.41_01' }, { 'date' => '2013-08-29T18:53:29', 'version' => '1.41_02' }, { 'date' => '2013-09-04T17:57:50', 'version' => '1.41_03' }, { 'date' => '2014-01-12T01:19:09', 'version' => '1.41_04' }, { 'date' => '2014-01-22T03:53:26', 'version' => '1.41_05' }, { 'date' => '2014-02-12T02:53:38', 'version' => '1.41_06' }, { 'date' => '2014-03-13T13:44:52', 'version' => '1.41_07' }, { 'date' => '2014-03-19T15:29:13', 'version' => '1.42' }, { 'date' => '2014-03-25T18:50:08', 'version' => '1.43_01' }, { 'date' => '2014-03-25T19:58:13', 'version' => '1.43_02' }, { 'date' => '2014-06-12T05:01:15', 'version' => '1.43_03' }, { 'date' => '2014-07-21T01:13:47', 'version' => '1.43_04' }, { 'date' => '2014-07-21T05:45:41', 'version' => '1.43_05' }, { 'date' => '2014-07-22T00:31:31', 'version' => '1.43_06' }, { 'date' => '2014-07-29T17:03:09', 'version' => '1.43_07' }, { 'date' => '2014-08-21T09:01:11', 'version' => '1.43_08' }, { 'date' => '2014-10-20T07:50:46', 'version' => '1.43_09' }, { 'date' => '2014-10-22T14:15:00', 'version' => '1.44' }, { 'date' => '2014-10-22T15:33:37', 'version' => '1.45_01' }, { 'date' => '2014-10-23T08:21:27', 'version' => '1.45_02' }, { 'date' => '2014-10-24T17:57:53', 'version' => '1.45_03' }, { 'date' => '2014-10-28T08:28:00', 'version' => '1.45_04' }, { 'date' => '2014-11-25T04:07:43', 'version' => '1.45_05' }, { 'date' => '2014-11-26T08:52:49', 'version' => '1.45_06' }, { 'date' => '2014-12-10T06:23:03', 'version' => '1.46' }, { 'date' => '2015-02-17T07:00:46', 'version' => '1.47_01' }, { 'date' => '2015-04-16T13:30:38', 'version' => '1.47_02' }, { 'date' => '2015-04-16T14:45:00', 'version' => '1.47_03' }, { 'date' => '2015-05-01T17:37:17', 'version' => '1.47_04' }, { 'date' => '2015-05-08T13:49:32', 'version' => '1.47_05' }, { 'date' => '2015-06-11T16:10:44', 'version' => '1.48' }, { 'date' => '2015-08-04T11:18:05', 'version' => '1.49_01' }, { 'date' => '2015-10-10T03:43:45', 'version' => '1.49_02' }, { 'date' => '2015-11-05T05:52:27', 'version' => '1.49_03' }, { 'date' => '2015-11-24T12:59:11', 'version' => '1.49_04' }, { 'date' => '2016-01-11T13:32:43', 'version' => '1.49_05' }, { 'date' => '2016-01-15T03:40:44', 'version' => '1.49_06' }, { 'date' => '2016-01-21T01:11:59', 'version' => '1.49_07' }, { 'date' => '2016-01-30T00:55:58', 'version' => '1.49_08' }, { 'date' => '2016-02-10T15:04:42', 'version' => '1.50' }, { 'date' => '2016-02-20T01:03:50', 'version' => '1.51_01' }, { 'date' => '2016-02-20T01:49:29', 'version' => '1.51_02' }, { 'date' => '2016-02-20T11:06:51', 'version' => '1.51_03' }, { 'date' => '2016-03-07T04:33:35', 'version' => '1.51_04' }, { 'date' => '2016-06-23T01:22:57', 'version' => '1.51_05' }, { 'date' => '2016-10-15T00:21:14', 'version' => '1.51_06' }, { 'date' => '2016-10-16T05:16:29', 'version' => '1.51_07' }, { 'date' => '2016-11-15T13:02:35', 'version' => '1.52' }, { 'date' => '2016-11-26T01:34:30', 'version' => '1.53_01' }, { 'date' => '2016-12-24T02:36:45', 'version' => '1.54' }, { 'date' => '2017-01-03T15:42:47', 'version' => '1.55_01' }, { 'date' => '2017-01-07T16:49:21', 'version' => '1.55_02' }, { 'date' => '2017-02-14T01:31:43', 'version' => '1.55_03' }, { 'date' => '2017-11-21T17:07:32', 'version' => '1.55_04' }, { 'date' => '2017-12-15T18:52:29', 'version' => '1.55_05' }, { 'date' => '2018-01-27T07:33:51', 'version' => '1.55_06' }, { 'date' => '2018-01-27T07:42:58', 'version' => '1.55_07' }, { 'date' => '2018-02-28T09:01:25', 'version' => '1.56' }, { 'date' => '2018-03-21T06:45:29', 'version' => '1.57_01' }, { 'date' => '2018-03-28T11:56:19', 'version' => '1.58' }, { 'date' => '2018-09-16T19:25:50', 'version' => '1.59_01' }, { 'date' => '2018-09-30T06:09:34', 'version' => '1.59_02' }, { 'date' => '2018-11-03T12:14:20', 'version' => '1.59_03' }, { 'date' => '2018-12-01T02:42:29', 'version' => '1.60' }, { 'date' => '2018-12-01T08:01:30', 'version' => '1.61_01' }, { 'date' => '2018-12-01T09:10:18', 'version' => '1.61_02' }, { 'date' => '2018-12-19T13:03:22', 'version' => '1.61_03' }, { 'date' => '2018-12-22T06:37:21', 'version' => '1.61_04' }, { 'date' => '2018-12-28T17:59:27', 'version' => '1.62' }, { 'date' => '2019-01-25T22:31:45', 'version' => '1.63_01' }, { 'date' => '2019-02-13T19:09:44', 'version' => '1.63_02' }, { 'date' => '2019-02-14T16:56:40', 'version' => '1.63_03' }, { 'date' => '2019-05-24T16:39:18', 'version' => '1.63_04' }, { 'date' => '2019-07-11T17:50:51', 'version' => '1.63_05' }, { 'date' => '2019-08-12T09:02:59', 'version' => '1.64' }, { 'date' => '2020-01-18T01:56:18', 'version' => '1.65_01' }, { 'date' => '2020-02-08T13:02:59', 'version' => '1.65_02' }, { 'date' => '2020-07-26T16:42:08', 'version' => '1.65_03' }, { 'date' => '2020-08-30T02:14:15', 'version' => '1.66' }, { 'date' => '2020-11-24T12:57:56', 'version' => '1.67_01' }, { 'date' => '2020-12-05T17:06:24', 'version' => '1.67_02' }, { 'date' => '2021-03-30T21:37:13', 'version' => '1.67_03' }, { 'date' => '2021-05-30T22:56:01', 'version' => '1.67_04' }, { 'date' => '2021-06-12T23:39:11', 'version' => '1.67_05' }, { 'date' => '2021-06-14T03:49:54', 'version' => '1.67_06' }, { 'date' => '2021-06-19T00:57:41', 'version' => '1.67_07' }, { 'date' => '2021-07-22T05:30:17', 'version' => '1.68' }, { 'date' => '2021-07-29T21:09:19', 'version' => '1.69_01' }, { 'date' => '2021-07-30T14:21:39', 'version' => '1.69_02' }, { 'date' => '2021-08-01T10:20:33', 'version' => '1.70' }, { 'date' => '2021-12-01T17:03:29', 'version' => '1.71_01' }, { 'date' => '2022-01-06T20:51:05', 'version' => '1.71_02' }, { 'date' => '2022-02-23T10:49:28', 'version' => '1.71_03' }, { 'date' => '2022-02-26T00:59:40', 'version' => '1.71_04' }, { 'date' => '2022-02-26T02:49:09', 'version' => '1.71_05' }, { 'date' => '2022-03-12T02:54:15', 'version' => '1.71_06' }, { 'date' => '2022-10-25T18:36:30', 'version' => '1.71_07' }, { 'date' => '2022-11-03T16:28:17', 'version' => '1.72' }, { 'date' => '2023-07-09T01:04:52', 'version' => '1.73_01' }, { 'date' => '2023-09-19T17:26:03', 'version' => '1.74' } ] }, 'DBD-mysql' => { 'advisories' => [ { 'affected_versions' => '<4.044', 'cves' => [ 'CVE-2017-10788' ], 'description' => 'The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. ', 'distribution' => 'DBD-mysql', 'fixed_versions' => '>=4.044', 'id' => 'CPANSA-DBD-mysql-2017-02', 'references' => [ 'https://github.com/perl5-dbi/DBD-mysql/issues/120', 'http://www.securityfocus.com/bid/99374', 'http://seclists.org/oss-sec/2017/q2/443' ], 'reported' => '2017-04-13' }, { 'affected_versions' => '<4.044', 'cves' => [ 'CVE-2017-10789' ], 'description' => 'The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting\'s documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. ', 'distribution' => 'DBD-mysql', 'fixed_versions' => '>=4.044', 'id' => 'CPANSA-DBD-mysql-2017-01', 'references' => [ 'https://github.com/perl5-dbi/DBD-mysql/pull/114' ], 'reported' => '2017-03-23' }, { 'affected_versions' => '>=2.9003,<4.039', 'cves' => [ 'CVE-2016-1249' ], 'description' => 'Out-of-bounds read. ', 'distribution' => 'DBD-mysql', 'fixed_versions' => '<2.9003,>=4.039', 'id' => 'CPANSA-DBD-mysql-2016-03', 'references' => [ 'https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe' ], 'reported' => '2016-11-16' }, { 'affected_versions' => '<4.037', 'cves' => [ 'CVE-2016-1246' ], 'description' => 'Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. ', 'distribution' => 'DBD-mysql', 'fixed_versions' => '>=4.037', 'id' => 'CPANSA-DBD-mysql-2016-02', 'references' => [ 'https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2', 'http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html' ], 'reported' => '2016-10-02' }, { 'affected_versions' => '<4.034', 'cves' => [ 'CVE-2015-8949' ], 'description' => 'Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login. ', 'distribution' => 'DBD-mysql', 'fixed_versions' => '>=4.034', 'id' => 'CPANSA-DBD-mysql-2016-01', 'references' => [ 'https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156' ], 'reported' => '2016-08-19' }, { 'affected_versions' => '<4.041', 'cves' => [ 'CVE-2016-1251' ], 'description' => 'There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. ', 'distribution' => 'DBD-mysql', 'fixed_versions' => '>=4.041', 'id' => 'CPANSA-DBD-mysql-2015-01', 'references' => [ 'https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1' ], 'reported' => '2015-12-27' }, { 'affected_versions' => '<4.028', 'cves' => [ 'CVE-2014-9906' ], 'description' => 'Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection. ', 'distribution' => 'DBD-mysql', 'fixed_versions' => '>=4.028', 'id' => 'CPANSA-DBD-mysql-2014-01', 'references' => [ 'https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc', 'https://rt.cpan.org/Public/Bug/Display.html?id=97625' ], 'reported' => '2014-07-30' } ], 'main_module' => 'DBD::mysql', 'versions' => [ { 'date' => '2000-04-15T20:17:36', 'version' => 'v1.2212.' }, { 'date' => '2001-05-06T21:47:46', 'version' => '2.0900' }, { 'date' => '2001-05-25T21:24:45', 'version' => '2.0901' }, { 'date' => '2001-07-09T21:10:17', 'version' => '2.0902' }, { 'date' => '2001-10-28T22:53:19', 'version' => '2.0903' }, { 'date' => '2001-10-31T04:01:07', 'version' => '2.1000' }, { 'date' => '2001-11-04T17:55:04', 'version' => '2.1001' }, { 'date' => '2001-11-04T18:22:30', 'version' => '2.1002' }, { 'date' => '2001-11-05T20:14:34', 'version' => '2.1003' }, { 'date' => '2001-11-13T01:24:26', 'version' => '2.1004' }, { 'date' => '2001-12-13T09:07:53', 'version' => '2.1005' }, { 'date' => '2001-12-27T18:10:04', 'version' => '2.1007' }, { 'date' => '2001-12-27T18:10:21', 'version' => '2.1006' }, { 'date' => '2001-12-28T17:06:05', 'version' => '2.1008' }, { 'date' => '2002-01-01T20:02:26', 'version' => '2.1009' }, { 'date' => '2002-01-07T21:33:21', 'version' => '2.1010' }, { 'date' => '2002-02-12T11:09:53', 'version' => '2.1011' }, { 'date' => '2002-04-12T07:21:06', 'version' => '2.1012' }, { 'date' => '2002-04-15T07:49:36', 'version' => '2.1013' }, { 'date' => '2002-04-17T21:24:26', 'version' => '2.1014' }, { 'date' => '2002-04-29T20:53:41', 'version' => '2.1015' }, { 'date' => '2002-05-01T20:07:05', 'version' => '2.1016' }, { 'date' => '2002-05-02T20:59:04', 'version' => '2.1017' }, { 'date' => '2002-08-13T17:52:25', 'version' => '2.1018' }, { 'date' => '2002-09-16T18:42:20', 'version' => '2.1019' }, { 'date' => '2002-09-23T20:42:50', 'version' => '2.1020' }, { 'date' => '2002-12-17T20:46:14', 'version' => '2.1021' }, { 'date' => '2003-01-03T02:46:24', 'version' => '2.1022' }, { 'date' => '2003-01-19T21:19:03', 'version' => '2.1023' }, { 'date' => '2003-01-20T12:08:27', 'version' => '2.1024' }, { 'date' => '2003-02-07T21:09:44', 'version' => '2.1025' }, { 'date' => '2003-03-03T20:46:27', 'version' => '2.1026' }, { 'date' => '2003-05-31T18:08:15', 'version' => '2.1027' }, { 'date' => '2003-06-25T16:12:36', 'version' => '2.1028' }, { 'date' => '2003-06-27T04:32:05', 'version' => '2.9002' }, { 'date' => '2003-09-12T17:04:42', 'version' => '2.9003_1' }, { 'date' => '2003-10-27T03:39:04', 'version' => '2.9003' }, { 'date' => '2004-07-01T03:24:14', 'version' => '2.9004_2' }, { 'date' => '2004-07-14T03:07:34', 'version' => '2.9004' }, { 'date' => '2004-10-20T17:27:25', 'version' => '2.9005_1' }, { 'date' => '2004-10-28T00:39:25', 'version' => '2.9005_3' }, { 'date' => '2005-03-29T02:43:14', 'version' => '2.9005' }, { 'date' => '2005-04-04T04:27:00', 'version' => '2.9006' }, { 'date' => '2005-04-27T00:13:49', 'version' => '2.9015_3' }, { 'date' => '2005-04-27T00:14:06', 'version' => '2.9007' }, { 'date' => '2005-06-06T01:39:20', 'version' => '2.9008' }, { 'date' => '2005-07-01T01:48:20', 'version' => '3.0000' }, { 'date' => '2005-07-03T21:56:11', 'version' => '3.0000_0' }, { 'date' => '2005-07-04T15:53:40', 'version' => '3.0001_0' }, { 'date' => '2005-07-04T16:16:00', 'version' => '3.0001_1' }, { 'date' => '2005-07-07T01:14:17', 'version' => '3.0001' }, { 'date' => '2005-07-07T01:22:39', 'version' => '3.0001_2' }, { 'date' => '2005-07-08T05:37:13', 'version' => '3.0001_3' }, { 'date' => '2005-07-11T16:49:47', 'version' => '3.0002' }, { 'date' => '2005-08-04T02:50:35', 'version' => '3.0002_1' }, { 'date' => '2005-09-26T23:22:57', 'version' => '3.0002_2' }, { 'date' => '2005-09-28T18:58:55', 'version' => '3.0002_3' }, { 'date' => '2005-11-06T21:47:29', 'version' => '3.0002_4' }, { 'date' => '2006-02-01T23:20:01', 'version' => '3.0002_5' }, { 'date' => '2006-05-04T17:49:06', 'version' => '3.0003' }, { 'date' => '2006-05-04T17:49:23', 'version' => '3.0003_1' }, { 'date' => '2006-05-21T17:28:22', 'version' => '3.0004' }, { 'date' => '2006-05-21T17:28:33', 'version' => '3.0004_1' }, { 'date' => '2006-06-10T01:21:49', 'version' => '3.0005_1' }, { 'date' => '2006-06-10T01:22:01', 'version' => '3.0005' }, { 'date' => '2006-06-11T17:05:25', 'version' => '3.0006' }, { 'date' => '2006-06-11T17:05:36', 'version' => '3.0006_1' }, { 'date' => '2006-09-08T23:12:02', 'version' => '3.0007' }, { 'date' => '2006-09-08T23:13:45', 'version' => '3.0007_1' }, { 'date' => '2006-10-07T12:59:23', 'version' => '3.0007_2' }, { 'date' => '2006-10-16T13:42:13', 'version' => '3.0008' }, { 'date' => '2006-10-16T13:42:24', 'version' => '3.0008_1' }, { 'date' => '2006-12-24T14:11:04', 'version' => '4.00' }, { 'date' => '2007-01-08T01:11:12', 'version' => '4.001' }, { 'date' => '2007-03-02T03:32:59', 'version' => '4.002' }, { 'date' => '2007-03-02T14:13:37', 'version' => '4.003' }, { 'date' => '2007-03-22T22:31:22', 'version' => '4.004' }, { 'date' => '2007-06-08T15:33:34', 'version' => '4.005' }, { 'date' => '2007-12-26T22:50:48', 'version' => '4.006' }, { 'date' => '2008-05-11T15:56:07', 'version' => '4.007' }, { 'date' => '2008-08-15T14:06:50', 'version' => '4.008' }, { 'date' => '2008-10-22T01:05:54', 'version' => '4.009' }, { 'date' => '2008-10-24T14:00:41', 'version' => '4.010' }, { 'date' => '2009-04-14T02:40:31', 'version' => '4.011' }, { 'date' => '2009-06-19T02:08:06', 'version' => '4.012' }, { 'date' => '2009-09-16T18:37:29', 'version' => '4.013' }, { 'date' => '2010-04-15T03:17:58', 'version' => '4.014' }, { 'date' => '2010-07-09T19:48:58', 'version' => '4.015' }, { 'date' => '2010-07-10T16:50:49', 'version' => '4.016' }, { 'date' => '2010-08-12T05:50:17', 'version' => '4.017' }, { 'date' => '2010-10-26T16:59:27', 'version' => '4.018' }, { 'date' => '2011-05-09T01:28:25', 'version' => '4.019' }, { 'date' => '2011-08-20T18:45:49', 'version' => '4.020' }, { 'date' => '2012-04-28T14:18:16', 'version' => '4.021' }, { 'date' => '2012-08-30T02:00:19', 'version' => '4.022' }, { 'date' => '2013-04-12T21:48:10', 'version' => '4.023' }, { 'date' => '2013-09-17T16:04:11', 'version' => '4.024' }, { 'date' => '2013-11-04T18:29:18', 'version' => '4.025' }, { 'date' => '2014-01-16T01:33:03', 'version' => '4.026' }, { 'date' => '2014-03-19T14:25:36', 'version' => '4.027' }, { 'date' => '2014-08-01T19:59:28', 'version' => '4.028' }, { 'date' => '2014-12-09T02:39:44', 'version' => '4.029' }, { 'date' => '2015-01-28T03:53:42', 'version' => '4.030_01' }, { 'date' => '2015-03-02T20:44:31', 'version' => '4.030_02' }, { 'date' => '2015-03-06T20:12:05', 'version' => '4.031' }, { 'date' => '2015-04-16T22:28:43', 'version' => '4.032_01' }, { 'date' => '2015-07-21T12:15:24', 'version' => '4.032' }, { 'date' => '2015-10-25T19:59:17', 'version' => '4.032_03' }, { 'date' => '2015-10-27T03:37:29', 'version' => '4.033' }, { 'date' => '2015-12-15T07:16:36', 'version' => '4.033_01' }, { 'date' => '2015-12-18T07:00:41', 'version' => '4.033_02' }, { 'date' => '2016-07-04T19:32:50', 'version' => '4.033_03' }, { 'date' => '2016-07-06T06:32:05', 'version' => '4.034' }, { 'date' => '2016-07-09T05:50:13', 'version' => '4.035' }, { 'date' => '2016-08-01T06:29:25', 'version' => '4.035_01' }, { 'date' => '2016-08-11T08:11:18', 'version' => '4.035_02' }, { 'date' => '2016-08-19T15:52:10', 'version' => '4.035_03' }, { 'date' => '2016-08-23T05:59:26', 'version' => '4.036' }, { 'date' => '2016-10-03T07:00:29', 'version' => '4.037' }, { 'date' => '2016-10-14T20:56:49', 'version' => '4.037_01' }, { 'date' => '2016-10-19T19:37:55', 'version' => '4.037_02' }, { 'date' => '2016-10-20T02:33:04', 'version' => '4.038' }, { 'date' => '2016-10-30T08:45:31', 'version' => '4.038_01' }, { 'date' => '2016-11-16T03:57:57', 'version' => '4.039' }, { 'date' => '2016-11-19T19:56:51', 'version' => '4.040' }, { 'date' => '2016-11-28T20:40:41', 'version' => '4.041' }, { 'date' => '2016-12-13T06:59:09', 'version' => '4.041_01' }, { 'date' => '2017-02-28T20:57:20', 'version' => '4.041_02' }, { 'date' => '2017-03-08T20:32:52', 'version' => '4.042' }, { 'date' => '2017-06-29T21:12:09', 'version' => '4.043' }, { 'date' => '2018-01-23T01:53:30', 'version' => '4.044' }, { 'date' => '2018-02-07T21:43:00', 'version' => '4.044' }, { 'date' => '2018-02-08T20:30:55', 'version' => '4.045' }, { 'date' => '2018-02-08T20:48:11', 'version' => '4.046' }, { 'date' => '2018-03-09T20:27:44', 'version' => '4.046_01' }, { 'date' => '2018-09-09T03:02:20', 'version' => '4.047' }, { 'date' => '2018-09-15T12:46:51', 'version' => '4.048' }, { 'date' => '2018-11-17T18:58:09', 'version' => '4.049' }, { 'date' => '2019-01-09T09:07:15', 'version' => '4.050' }, { 'date' => '2019-10-07T10:06:13', 'version' => '4.018_01' }, { 'date' => '2023-10-04T07:10:45', 'version' => '4.051' }, { 'date' => '2023-10-04T07:20:03', 'version' => '5.001' }, { 'date' => '2023-10-24T09:02:42', 'version' => '5.002' }, { 'date' => '2023-12-01T07:13:15', 'version' => '4.052' }, { 'date' => '2023-12-01T07:14:42', 'version' => '5.003' } ] }, 'DBD-mysqlPP' => { 'advisories' => [ { 'affected_versions' => '<0.93', 'cves' => [], 'description' => 'SQL injection. ', 'distribution' => 'DBD-mysqlPP', 'fixed_versions' => '>=0.03', 'id' => 'CPANSA-DBD-mysqlPP-2011-01', 'references' => [ 'https://metacpan.org/changes/distribution/DBD-mysqlPP', 'https://jvn.jp/en/jp/JVN51216285/index.html' ], 'reported' => '2011-10-14', 'severity' => 'high' } ], 'main_module' => 'DBD::mysqlPP', 'versions' => [ { 'date' => '2002-04-04T07:20:36', 'version' => '0.02' }, { 'date' => '2002-04-15T10:26:39', 'version' => '0.03' }, { 'date' => '2003-01-24T11:14:14', 'version' => '0.04' }, { 'date' => '2011-10-21T23:07:07', 'version' => '0.05' }, { 'date' => '2011-10-26T22:17:22', 'version' => '0.06' }, { 'date' => '2011-11-17T22:24:50', 'version' => '0.07' } ] }, 'DBI' => { 'advisories' => [ { 'affected_versions' => '<1.643', 'cves' => [ 'CVE-2020-14393' ], 'description' => 'A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. ', 'distribution' => 'DBI', 'fixed_versions' => '>=1.643', 'id' => 'CPANSA-DBI-2020-01', 'references' => [ 'https://metacpan.org/changes/distribution/DBI', 'https://bugzilla.redhat.com/show_bug.cgi?id=1877409' ], 'reported' => '2020-09-16', 'severity' => 'high' }, { 'affected_versions' => '<1.643', 'cves' => [ 'CVE-2020-14392' ], 'description' => 'An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service\'s availability. ', 'distribution' => 'DBI', 'fixed_versions' => '>=1.643', 'id' => 'CPANSA-DBI-2020-03', 'references' => [ 'https://metacpan.org/changes/distribution/DBI', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/', 'https://bugzilla.redhat.com/show_bug.cgi?id=1877402', 'https://bugzilla.redhat.com/show_bug.cgi?id=1877402', 'https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html', 'http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00067.html', 'http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00074.html', 'https://usn.ubuntu.com/4503-1/' ], 'reported' => '2020-06-17', 'severity' => 'high' }, { 'affected_versions' => '<1.643', 'cves' => [ 'CVE-2019-20919' ], 'description' => 'An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. ', 'distribution' => 'DBI', 'fixed_versions' => '>=1.643', 'id' => 'CPANSA-DBI-2020-02', 'references' => [ 'https://metacpan.org/changes/distribution/DBI', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXLKODJ7B57GITDEZZXNSHPK4VBYXYHR/', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20919', 'https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff', 'https://bugzilla.redhat.com/show_bug.cgi?id=1877405', 'https://lists.debian.org/debian-lts-announce/2020/09/msg00026.html', 'https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/US6VXPKVAYHOKNFSAFLM3FWNYZSJKQHS/', 'https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KJN7E27GD6QQ2CRGEJ3TNW2DJFXA2AKN/', 'https://ubuntu.com/security/notices/USN-4534-1' ], 'reported' => '2020-09-17', 'severity' => 'high' }, { 'affected_versions' => '<1.632', 'cves' => [], 'description' => 'DBD::File drivers open files from folders other than specifically passed using the f_dir attribute. ', 'distribution' => 'DBI', 'fixed_versions' => '>=1.632', 'id' => 'CPANSA-DBI-2014-01', 'references' => [ 'https://metacpan.org/changes/distribution/DBI', 'https://rt.cpan.org/Public/Bug/Display.html?id=99508' ], 'reported' => '2014-10-15', 'severity' => 'high' }, { 'affected_versions' => '<1.47', 'cves' => [ 'CVE-2005-0077' ], 'description' => 'Allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. ', 'distribution' => 'DBI', 'fixed_versions' => '>=1.47', 'id' => 'CPANSA-DBI-2005-01', 'references' => [ 'https://metacpan.org/changes/distribution/DBI' ], 'reported' => '2005-05-02' }, { 'affected_versions' => '<1.643', 'cves' => [ 'CVE-2014-10402' ], 'description' => 'An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. ', 'distribution' => 'DBI', 'fixed_versions' => undef, 'id' => 'CPANSA-DBI-2014-10402', 'references' => [ 'https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590' ], 'reported' => '2020-09-16', 'severity' => 'medium' }, { 'affected_versions' => '<1.632', 'cves' => [ 'CVE-2014-10401' ], 'description' => 'An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. ', 'distribution' => 'DBI', 'fixed_versions' => undef, 'id' => 'CPANSA-DBI-2014-10401', 'references' => [ 'https://rt.cpan.org/Public/Bug/Display.html?id=99508', 'https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014', 'https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a', 'https://usn.ubuntu.com/4509-1/' ], 'reported' => '2020-09-11', 'severity' => 'medium' }, { 'affected_versions' => '<1.628', 'cves' => [ 'CVE-2013-7491' ], 'description' => 'An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. ', 'distribution' => 'DBI', 'fixed_versions' => undef, 'id' => 'CPANSA-DBI-2013-7491', 'references' => [ 'https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d', 'https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.628-22nd-July-2013', 'https://rt.cpan.org/Public/Bug/Display.html?id=85562' ], 'reported' => '2020-09-11', 'severity' => 'medium' }, { 'affected_versions' => '<1.632', 'cves' => [ 'CVE-2013-7490' ], 'description' => 'An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. ', 'distribution' => 'DBI', 'fixed_versions' => undef, 'id' => 'CPANSA-DBI-2013-7490', 'references' => [ 'https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766', 'https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014', 'https://rt.cpan.org/Public/Bug/Display.html?id=86744#txn-1880941', 'https://usn.ubuntu.com/4509-1/' ], 'reported' => '2020-09-11', 'severity' => 'medium' } ], 'main_module' => 'DBI', 'versions' => [ { 'date' => '1995-10-27T08:14:00', 'version' => '0.64' }, { 'date' => '1996-02-15T22:07:00', 'version' => '0.67' }, { 'date' => '1996-04-22T10:22:00', 'version' => '0.68' }, { 'date' => '1996-05-07T19:46:00', 'version' => '0.69' }, { 'date' => '1996-06-16T21:08:00', 'version' => '0.70' }, { 'date' => '1996-07-10T00:49:00', 'version' => '0.71' }, { 'date' => '1996-09-23T16:33:00', 'version' => '0.72' }, { 'date' => '1996-10-15T00:58:00', 'version' => '0.73' }, { 'date' => '1997-01-14T16:59:00', 'version' => '0.74' }, { 'date' => '1997-01-27T21:59:00', 'version' => '0.75' }, { 'date' => '1997-02-03T18:54:00', 'version' => '0.76' }, { 'date' => '1997-02-21T14:27:00', 'version' => '0.77' }, { 'date' => '1997-03-28T14:36:00', 'version' => '0.78' }, { 'date' => '1997-04-07T18:28:00', 'version' => '0.79' }, { 'date' => '1997-05-07T11:45:00', 'version' => '0.80' }, { 'date' => '1997-05-07T14:05:00', 'version' => '0.81' }, { 'date' => '1997-05-23T15:56:00', 'version' => '0.82' }, { 'date' => '1997-06-11T21:40:00', 'version' => '0.83' }, { 'date' => '1997-06-20T15:36:00', 'version' => '0.84' }, { 'date' => '1997-06-25T10:25:00', 'version' => '0.85' }, { 'date' => '1997-07-16T16:38:00', 'version' => '0.001' }, { 'date' => '1997-07-18T11:27:00', 'version' => '0.87' }, { 'date' => '1997-07-22T21:27:00', 'version' => '0.88' }, { 'date' => '1997-07-25T13:46:55', 'version' => '0.89' }, { 'date' => '1997-09-05T19:38:52', 'version' => '0.90' }, { 'date' => '1997-12-10T17:15:14', 'version' => '0.91' }, { 'date' => '1998-02-05T20:45:45', 'version' => '0.92' }, { 'date' => '1998-02-13T15:21:52', 'version' => '0.93' }, { 'date' => '1998-08-10T03:23:46', 'version' => '0.94' }, { 'date' => '1998-08-11T13:21:19', 'version' => '0.95' }, { 'date' => '1998-08-14T20:38:42', 'version' => '1.00' }, { 'date' => '1998-09-02T14:59:47', 'version' => '1.01' }, { 'date' => '1998-09-04T12:29:52', 'version' => '1.02' }, { 'date' => '1999-01-18T21:52:15', 'version' => '1.06' }, { 'date' => '1999-05-13T01:49:11', 'version' => '1.08' }, { 'date' => '1999-06-02T13:44:40', 'version' => '1.08' }, { 'date' => '1999-06-09T20:57:59', 'version' => '1.09' }, { 'date' => '1999-06-13T23:52:03', 'version' => '1.10' }, { 'date' => '1999-06-17T13:22:36', 'version' => '1.11' }, { 'date' => '1999-06-29T23:07:41', 'version' => '1.12' }, { 'date' => '1999-07-12T03:28:41', 'version' => '1.13' }, { 'date' => '2000-06-11T02:39:59', 'version' => '1.03_80' }, { 'date' => '2000-06-14T20:30:57', 'version' => '1.14' }, { 'date' => '2001-03-30T15:03:31', 'version' => '1.15' }, { 'date' => '2001-05-29T23:25:57', 'version' => '1.16' }, { 'date' => '2001-06-04T17:12:30', 'version' => '1.17' }, { 'date' => '2001-06-04T19:00:37', 'version' => '1.18' }, { 'date' => '2001-07-20T22:29:24', 'version' => '1.19' }, { 'date' => '2001-08-24T23:32:10', 'version' => '1.20' }, { 'date' => '2002-01-10T15:25:45', 'version' => '1.201' }, { 'date' => '2002-02-07T03:30:16', 'version' => '1.21' }, { 'date' => '2002-03-13T14:18:00', 'version' => '1.21' }, { 'date' => '2002-05-22T13:42:15', 'version' => '1.22' }, { 'date' => '2002-05-25T17:38:03', 'version' => '1.23' }, { 'date' => '2002-06-05T03:32:38', 'version' => '1.24' }, { 'date' => '2002-06-05T22:42:04', 'version' => '1.25' }, { 'date' => '2002-06-13T12:30:47', 'version' => '1.26' }, { 'date' => '2002-06-13T15:19:06', 'version' => '1.27' }, { 'date' => '2002-06-14T13:13:53', 'version' => '1.28' }, { 'date' => '2002-06-26T09:34:24', 'version' => '1.28' }, { 'date' => '2002-07-15T11:24:40', 'version' => '1.29' }, { 'date' => '2002-07-18T14:27:25', 'version' => '1.30' }, { 'date' => '2002-11-30T00:49:54', 'version' => '1.31' }, { 'date' => '2002-12-01T23:01:26', 'version' => '1.32' }, { 'date' => '2002-12-20T16:23:29', 'version' => '1.32' }, { 'date' => '2003-02-26T18:01:24', 'version' => '1.32_90' }, { 'date' => '2003-02-27T00:25:32', 'version' => '1.33' }, { 'date' => '2003-02-28T17:53:35', 'version' => '1.34' }, { 'date' => '2003-03-07T22:02:20', 'version' => '1.35' }, { 'date' => '2003-05-14T11:13:39', 'version' => '1.36' }, { 'date' => '2003-05-15T18:02:26', 'version' => '1.37' }, { 'date' => '2003-08-25T20:36:26', 'version' => '1.38' }, { 'date' => '2003-11-27T23:46:40', 'version' => '1.39' }, { 'date' => '2004-01-08T14:04:59', 'version' => '1.39' }, { 'date' => '2004-02-23T14:54:21', 'version' => '1.41' }, { 'date' => '2004-03-12T16:40:08', 'version' => '1.41' }, { 'date' => '2004-07-05T10:02:05', 'version' => '1.43' }, { 'date' => '2004-10-05T21:27:23', 'version' => '1.44' }, { 'date' => '2004-10-06T13:49:20', 'version' => '1.45' }, { 'date' => '2004-11-16T12:38:32', 'version' => '1.46' }, { 'date' => '2005-02-02T11:28:46', 'version' => '1.47' }, { 'date' => '2005-03-14T17:03:33', 'version' => '1.48' }, { 'date' => '2005-11-29T19:59:40', 'version' => '1.49' }, { 'date' => '2005-12-14T16:55:16', 'version' => '1.50' }, { 'date' => '2006-04-19T15:56:38', 'version' => '1.45' }, { 'date' => '2006-06-06T12:08:36', 'version' => '1.51' }, { 'date' => '2006-08-08T21:13:32', 'version' => '1.52' }, { 'date' => '2006-11-02T00:38:01', 'version' => '1.53' }, { 'date' => '2007-02-23T17:15:23', 'version' => '1.54' }, { 'date' => '2007-05-04T14:56:38', 'version' => '1.55' }, { 'date' => '2007-05-10T14:04:04', 'version' => '1.56' }, { 'date' => '2007-05-13T22:00:58', 'version' => '1.56' }, { 'date' => '2007-06-13T16:45:34', 'version' => '1.57' }, { 'date' => '2007-06-15T17:06:42', 'version' => '1.57' }, { 'date' => '2007-06-18T15:15:31', 'version' => '1.57' }, { 'date' => '2007-06-25T22:11:47', 'version' => '1.58' }, { 'date' => '2007-08-22T17:02:10', 'version' => '1.59' }, { 'date' => '2007-08-23T12:22:26', 'version' => '1.59' }, { 'date' => '2007-08-23T13:59:53', 'version' => '1.59' }, { 'date' => '2007-08-24T09:19:29', 'version' => '1.59' }, { 'date' => '2007-10-16T13:12:55', 'version' => '1.601' }, { 'date' => '2007-10-21T22:12:52', 'version' => '1.601' }, { 'date' => '2008-02-09T22:06:13', 'version' => '1.602' }, { 'date' => '2008-03-22T00:11:03', 'version' => '1.603' }, { 'date' => '2008-03-24T14:11:41', 'version' => '1.604' }, { 'date' => '2008-06-16T19:19:43', 'version' => '1.605' }, { 'date' => '2008-07-22T21:01:09', 'version' => '1.606' }, { 'date' => '2008-07-22T21:50:54', 'version' => '1.607' }, { 'date' => '2009-05-02T22:58:48', 'version' => '1.608' }, { 'date' => '2009-05-05T12:05:19', 'version' => '1.608' }, { 'date' => '2009-06-05T22:57:34', 'version' => '1.609' }, { 'date' => '2009-06-08T10:29:18', 'version' => '1.609' }, { 'date' => '2010-03-02T21:26:39', 'version' => '1.611' }, { 'date' => '2010-04-22T11:06:31', 'version' => '1.611' }, { 'date' => '2010-04-27T15:13:32', 'version' => '1.611' }, { 'date' => '2010-04-29T19:54:44', 'version' => '1.611' }, { 'date' => '2010-05-28T10:29:17', 'version' => '1.612' }, { 'date' => '2010-06-15T22:47:23', 'version' => '1.612' }, { 'date' => '2010-06-16T19:18:05', 'version' => '1.612' }, { 'date' => '2010-07-02T14:26:03', 'version' => '1.612' }, { 'date' => '2010-07-15T15:00:53', 'version' => '1.612' }, { 'date' => '2010-07-16T19:36:42', 'version' => '1.612' }, { 'date' => '2010-07-22T17:34:16', 'version' => '1.613' }, { 'date' => '2010-07-25T15:50:15', 'version' => '1.613' }, { 'date' => '2010-07-30T14:17:33', 'version' => '1.614' }, { 'date' => '2010-08-16T16:34:58', 'version' => '1.614' }, { 'date' => '2010-08-30T20:11:00', 'version' => '1.614' }, { 'date' => '2010-08-30T20:26:37', 'version' => '1.614' }, { 'date' => '2010-08-30T20:56:09', 'version' => '1.614' }, { 'date' => '2010-09-02T15:44:21', 'version' => '1.614' }, { 'date' => '2010-09-09T10:24:11', 'version' => '1.614' }, { 'date' => '2010-09-16T16:23:50', 'version' => '1.614' }, { 'date' => '2010-09-17T09:48:02', 'version' => '1.614' }, { 'date' => '2010-09-21T10:14:29', 'version' => '1.615' }, { 'date' => '2010-09-22T12:28:20', 'version' => '1.615' }, { 'date' => '2010-12-18T21:51:52', 'version' => '1.616' }, { 'date' => '2010-12-21T23:26:46', 'version' => '1.616' }, { 'date' => '2010-12-29T14:39:48', 'version' => '1.616' }, { 'date' => '2010-12-30T10:26:51', 'version' => '1.616' }, { 'date' => '2012-01-02T17:12:53', 'version' => '1.617' }, { 'date' => '2012-01-28T09:34:18', 'version' => '1.617' }, { 'date' => '2012-01-30T10:06:49', 'version' => '1.617' }, { 'date' => '2012-02-07T22:54:02', 'version' => '1.618' }, { 'date' => '2012-02-13T18:24:33', 'version' => '1.618' }, { 'date' => '2012-02-23T11:05:45', 'version' => '1.618' }, { 'date' => '2012-02-25T14:24:39', 'version' => '1.618' }, { 'date' => '2012-04-18T11:57:55', 'version' => '1.619' }, { 'date' => '2012-04-20T20:21:54', 'version' => '1.619' }, { 'date' => '2012-04-23T22:09:14', 'version' => '1.619' }, { 'date' => '2012-04-25T12:46:54', 'version' => '1.620' }, { 'date' => '2012-05-21T13:06:09', 'version' => '1.621' }, { 'date' => '2012-05-22T22:17:06', 'version' => '1.621' }, { 'date' => '2012-06-06T16:51:00', 'version' => '1.622' }, { 'date' => '2012-07-13T15:24:35', 'version' => '1.623' }, { 'date' => '2012-10-30T13:01:14', 'version' => '1.623' }, { 'date' => '2012-11-19T23:27:04', 'version' => '1.623' }, { 'date' => '2012-12-13T16:26:23', 'version' => '1.623' }, { 'date' => '2012-12-21T17:22:01', 'version' => '1.623' }, { 'date' => '2013-01-02T10:09:42', 'version' => '1.623' }, { 'date' => '2013-03-22T20:41:50', 'version' => '1.624' }, { 'date' => '2013-03-28T21:59:38', 'version' => '1.625' }, { 'date' => '2013-05-15T11:28:03', 'version' => '1.626' }, { 'date' => '2013-05-16T20:30:50', 'version' => '1.627' }, { 'date' => '2013-06-24T21:56:27', 'version' => '1.628' }, { 'date' => '2013-06-24T22:12:23', 'version' => '1.628' }, { 'date' => '2013-06-30T19:08:08', 'version' => '1.628' }, { 'date' => '2013-07-02T11:27:23', 'version' => '1.628' }, { 'date' => '2013-07-22T13:22:40', 'version' => '1.628' }, { 'date' => '2013-10-11T12:28:12', 'version' => '1.629' }, { 'date' => '2013-10-13T16:02:52', 'version' => '1.629' }, { 'date' => '2013-10-15T12:24:53', 'version' => '1.629' }, { 'date' => '2013-10-22T11:58:53', 'version' => '1.629_50' }, { 'date' => '2013-10-28T12:51:39', 'version' => '1.630' }, { 'date' => '2014-01-13T13:51:01', 'version' => '1.631' }, { 'date' => '2014-01-16T11:34:34', 'version' => '1.631' }, { 'date' => '2014-01-20T11:12:44', 'version' => '1.631' }, { 'date' => '2014-10-23T14:08:22', 'version' => '1.631' }, { 'date' => '2014-11-05T11:15:07', 'version' => '1.632' }, { 'date' => '2015-01-08T14:31:52', 'version' => '1.632' }, { 'date' => '2015-01-11T13:26:05', 'version' => '1.633' }, { 'date' => '2015-07-18T13:16:07', 'version' => '1.633' }, { 'date' => '2015-07-19T14:34:22', 'version' => '1.633_91' }, { 'date' => '2015-07-22T15:27:59', 'version' => '1.633_92' }, { 'date' => '2015-08-02T16:52:48', 'version' => '1.633_93' }, { 'date' => '2015-08-03T14:52:56', 'version' => '1.634' }, { 'date' => '2016-04-23T15:28:02', 'version' => '1.634' }, { 'date' => '2016-04-24T11:57:03', 'version' => '1.635' }, { 'date' => '2016-04-24T22:20:56', 'version' => '1.636' }, { 'date' => '2017-08-14T10:10:55', 'version' => '1.637' }, { 'date' => '2017-08-16T09:02:40', 'version' => '1.637' }, { 'date' => '2017-12-28T14:40:44', 'version' => '1.639' }, { 'date' => '2018-01-28T20:50:53', 'version' => '1.640' }, { 'date' => '2018-03-19T18:06:08', 'version' => '1.641' }, { 'date' => '2018-10-28T15:08:54', 'version' => '1.641_90' }, { 'date' => '2018-10-29T10:43:41', 'version' => '1.642' }, { 'date' => '2020-01-26T20:48:52', 'version' => '1.642_90' }, { 'date' => '2020-01-31T19:02:41', 'version' => '1.643' } ] }, 'DBIx-Custom' => { 'advisories' => [ { 'affected_versions' => '<0.1641', 'cves' => [], 'description' => 'SQL injection when passing special column names. ', 'distribution' => 'DBIx-Custom', 'fixed_versions' => '>=0.1641', 'id' => 'CPANSA-DBIx-Custom-2011-01', 'references' => [ 'https://metacpan.org/changes/distribution/DBIx-Custom', 'https://github.com/yuki-kimoto/DBIx-Custom/commit/5b00b9f9a966e7abecabd91710c8fa893784d919' ], 'reported' => '2011-01-27', 'severity' => 'high' } ], 'main_module' => 'DBIx::Custom', 'versions' => [ { 'date' => '2009-11-08T04:18:19', 'version' => '0.0101' }, { 'date' => '2009-11-09T10:46:44', 'version' => '0.0201' }, { 'date' => '2009-11-12T14:12:47', 'version' => '0.0301' }, { 'date' => '2009-11-15T11:43:40', 'version' => '0.0401' }, { 'date' => '2009-11-16T11:10:52', 'version' => '0.0501' }, { 'date' => '2009-11-17T12:37:33', 'version' => '0.0502' }, { 'date' => '2009-11-19T12:05:50', 'version' => '0.0601' }, { 'date' => '2009-11-19T13:37:39', 'version' => '0.0602' }, { 'date' => '2009-11-20T12:08:31', 'version' => '0.0603' }, { 'date' => '2009-11-23T13:39:53', 'version' => '0.0604' }, { 'date' => '2009-11-23T14:45:46', 'version' => '0.0605' }, { 'date' => '2009-11-25T13:57:52', 'version' => '0.0701' }, { 'date' => '2009-12-01T07:30:25', 'version' => '0.0702' }, { 'date' => '2009-12-02T13:59:36', 'version' => '0.0801' }, { 'date' => '2009-12-09T14:27:53', 'version' => '0.0901' }, { 'date' => '2009-12-22T13:40:07', 'version' => '0.0902' }, { 'date' => '2010-01-18T12:42:57', 'version' => '0.0903' }, { 'date' => '2010-01-21T14:29:12', 'version' => '0.0904' }, { 'date' => '2010-01-22T12:51:23', 'version' => '0.0905' }, { 'date' => '2010-01-24T09:49:30', 'version' => '0.0906' }, { 'date' => '2010-01-30T00:15:17', 'version' => '0.1001' }, { 'date' => '2010-01-30T03:51:04', 'version' => '0.1101' }, { 'date' => '2010-05-01T13:02:19', 'version' => '0.1301' }, { 'date' => '2010-05-01T23:29:22', 'version' => '0.1401' }, { 'date' => '2010-05-02T06:04:57', 'version' => '0.1402' }, { 'date' => '2010-05-26T15:13:04', 'version' => '0.1501' }, { 'date' => '2010-05-27T14:00:04', 'version' => '0.1502' }, { 'date' => '2010-05-28T13:28:16', 'version' => '0.1503' }, { 'date' => '2010-06-25T12:11:33', 'version' => '0.1602' }, { 'date' => '2010-07-14T13:55:33', 'version' => '0.1603' }, { 'date' => '2010-08-03T14:43:14', 'version' => '0.1604' }, { 'date' => '2010-08-05T15:17:49', 'version' => '0.1605' }, { 'date' => '2010-08-05T15:24:36', 'version' => '0.1606' }, { 'date' => '2010-08-06T14:57:35', 'version' => '0.1607' }, { 'date' => '2010-08-07T05:49:19', 'version' => '0.1608' }, { 'date' => '2010-08-08T04:45:12', 'version' => '0.1609' }, { 'date' => '2010-08-08T12:44:43', 'version' => '0.1610' }, { 'date' => '2010-08-09T12:08:31', 'version' => '0.1611' }, { 'date' => '2010-08-10T11:19:41', 'version' => '0.1612' }, { 'date' => '2010-08-10T12:35:17', 'version' => '0.1613' }, { 'date' => '2010-08-12T15:01:01', 'version' => '0.1614' }, { 'date' => '2010-08-15T04:00:44', 'version' => '0.1615' }, { 'date' => '2010-08-24T10:18:06', 'version' => '0.1616' }, { 'date' => '2010-09-07T12:12:04', 'version' => '0.1617' }, { 'date' => '2010-10-17T05:44:56', 'version' => '0.1618' }, { 'date' => '2010-10-20T15:01:35', 'version' => '0.1619' }, { 'date' => '2010-10-21T14:38:05', 'version' => '0.1620' }, { 'date' => '2010-11-10T06:54:46', 'version' => '0.1621' }, { 'date' => '2010-12-20T14:58:38', 'version' => '0.1622' }, { 'date' => '2010-12-21T16:10:25', 'version' => '0.1623' }, { 'date' => '2010-12-22T08:41:09', 'version' => '0.1624' }, { 'date' => '2011-01-01T16:08:48', 'version' => '0.1625' }, { 'date' => '2011-01-02T04:21:11', 'version' => '0.1626' }, { 'date' => '2011-01-04T15:18:21', 'version' => '0.1627' }, { 'date' => '2011-01-12T07:29:29', 'version' => '0.1628' }, { 'date' => '2011-01-12T15:35:11', 'version' => '0.1629' }, { 'date' => '2011-01-13T15:41:25', 'version' => '0.1630' }, { 'date' => '2011-01-17T15:53:44', 'version' => '0.1631' }, { 'date' => '2011-01-18T14:43:16', 'version' => '0.1632' }, { 'date' => '2011-01-18T15:22:37', 'version' => '0.1633' }, { 'date' => '2011-01-19T14:52:48', 'version' => '0.1634' }, { 'date' => '2011-01-21T14:04:02', 'version' => '0.1635' }, { 'date' => '2011-01-22T13:02:55', 'version' => '0.1636' }, { 'date' => '2011-01-24T12:58:40', 'version' => '0.1637' }, { 'date' => '2011-01-25T12:32:26', 'version' => '0.1638' }, { 'date' => '2011-01-26T09:23:22', 'version' => '0.1639' }, { 'date' => '2011-01-26T13:59:10', 'version' => '0.1640' }, { 'date' => '2011-01-27T05:19:14', 'version' => '0.1641' }, { 'date' => '2011-01-28T12:18:42', 'version' => '0.1642' }, { 'date' => '2011-02-09T08:54:11', 'version' => '0.1643' }, { 'date' => '2011-02-11T14:07:25', 'version' => '0.1644' }, { 'date' => '2011-02-14T15:24:30', 'version' => '0.1645' }, { 'date' => '2011-02-18T17:48:52', 'version' => '0.1646' }, { 'date' => '2011-02-19T00:30:41', 'version' => '0.1647' }, { 'date' => '2011-02-21T16:13:29', 'version' => '0.1648' }, { 'date' => '2011-02-22T14:53:08', 'version' => '0.1649' }, { 'date' => '2011-02-24T05:45:44', 'version' => '0.1650' }, { 'date' => '2011-02-24T14:35:20', 'version' => '0.1651' }, { 'date' => '2011-02-25T14:39:56', 'version' => '0.1652' }, { 'date' => '2011-02-28T13:18:03', 'version' => '0.1653' }, { 'date' => '2011-03-06T14:32:11', 'version' => '0.1654' }, { 'date' => '2011-03-08T14:59:08', 'version' => '0.1655' }, { 'date' => '2011-03-09T13:44:35', 'version' => '0.1656' }, { 'date' => '2011-03-10T15:44:50', 'version' => '0.1657' }, { 'date' => '2011-03-11T16:23:11', 'version' => '0.1658' }, { 'date' => '2011-03-12T08:20:07', 'version' => '0.1659' }, { 'date' => '2011-03-14T11:16:27', 'version' => '0.1660' }, { 'date' => '2011-03-15T16:32:52', 'version' => '0.1661' }, { 'date' => '2011-03-19T14:40:50', 'version' => '0.1662' }, { 'date' => '2011-03-21T03:53:25', 'version' => '0.1663' }, { 'date' => '2011-03-24T14:45:52', 'version' => '0.1664' }, { 'date' => '2011-03-25T14:25:43', 'version' => '0.1665' }, { 'date' => '2011-03-29T17:26:27', 'version' => '0.1666' }, { 'date' => '2011-03-30T08:03:39', 'version' => '0.1667' }, { 'date' => '2011-03-30T15:04:03', 'version' => '0.1668' }, { 'date' => '2011-03-30T15:25:45', 'version' => '0.1669' }, { 'date' => '2011-04-01T15:29:33', 'version' => '0.1670' }, { 'date' => '2011-04-02T16:31:44', 'version' => '0.1671' }, { 'date' => '2011-04-04T13:37:34', 'version' => '0.1672' }, { 'date' => '2011-04-05T11:45:54', 'version' => '0.1673' }, { 'date' => '2011-04-05T11:59:11', 'version' => '0.1674' }, { 'date' => '2011-04-11T13:47:34', 'version' => '0.1675' }, { 'date' => '2011-04-11T14:55:38', 'version' => '0.1676' }, { 'date' => '2011-04-12T15:17:24', 'version' => '0.1677' }, { 'date' => '2011-04-18T13:36:31', 'version' => '0.1678' }, { 'date' => '2011-04-19T11:07:27', 'version' => '0.1679' }, { 'date' => '2011-04-25T14:05:23', 'version' => '0.1680' }, { 'date' => '2011-04-26T14:07:02', 'version' => '0.1681' }, { 'date' => '2011-05-23T14:40:41', 'version' => '0.1682' }, { 'date' => '2011-06-06T11:52:44', 'version' => '0.1683' }, { 'date' => '2011-06-07T13:07:20', 'version' => '0.1684' }, { 'date' => '2011-06-08T10:32:35', 'version' => '0.1685' }, { 'date' => '2011-06-08T12:24:07', 'version' => '0.1686' }, { 'date' => '2011-06-09T13:59:44', 'version' => '0.1687' }, { 'date' => '2011-06-10T13:26:20', 'version' => '0.1688' }, { 'date' => '2011-06-12T03:22:26', 'version' => '0.1689' }, { 'date' => '2011-06-12T12:01:43', 'version' => '0.1690' }, { 'date' => '2011-06-13T13:31:21', 'version' => '0.1691' }, { 'date' => '2011-06-14T13:27:31', 'version' => '0.1692' }, { 'date' => '2011-06-15T08:51:43', 'version' => '0.1693' }, { 'date' => '2011-06-17T14:38:23', 'version' => '0.1694' }, { 'date' => '2011-06-20T13:08:47', 'version' => '0.1695' }, { 'date' => '2011-06-21T13:12:38', 'version' => '0.1696' }, { 'date' => '2011-06-24T13:42:00', 'version' => '0.1697' }, { 'date' => '2011-06-27T13:23:13', 'version' => '0.1698' }, { 'date' => '2011-06-28T14:39:21', 'version' => '0.1699' }, { 'date' => '2011-07-01T11:04:37', 'version' => '0.1700' }, { 'date' => '2011-07-11T13:19:20', 'version' => '0.1701' }, { 'date' => '2011-07-26T14:09:43', 'version' => '0.1702' }, { 'date' => '2011-07-28T04:59:20', 'version' => '0.1703' }, { 'date' => '2011-07-29T13:45:24', 'version' => '0.1704' }, { 'date' => '2011-07-29T14:35:38', 'version' => '0.1705' }, { 'date' => '2011-07-30T04:25:21', 'version' => '0.1706' }, { 'date' => '2011-07-30T05:16:05', 'version' => '0.1707' }, { 'date' => '2011-07-30T14:32:34', 'version' => '0.1708' }, { 'date' => '2011-08-01T12:48:52', 'version' => '0.1709' }, { 'date' => '2011-08-02T13:30:15', 'version' => '0.1710' }, { 'date' => '2011-08-09T14:11:24', 'version' => '0.1711' }, { 'date' => '2011-08-10T16:16:52', 'version' => '0.1712' }, { 'date' => '2011-08-12T13:45:58', 'version' => '0.1713' }, { 'date' => '2011-08-13T13:38:02', 'version' => '0.1714' }, { 'date' => '2011-08-14T03:47:28', 'version' => '0.1715' }, { 'date' => '2011-08-15T14:00:28', 'version' => '0.1716' }, { 'date' => '2011-08-16T04:03:16', 'version' => '0.1717' }, { 'date' => '2011-08-20T09:40:46', 'version' => '0.1718' }, { 'date' => '2011-08-22T13:43:21', 'version' => '0.1720' }, { 'date' => '2011-08-26T14:11:53', 'version' => '0.1721' }, { 'date' => '2011-09-02T15:12:10', 'version' => '0.1722' }, { 'date' => '2011-09-12T12:24:14', 'version' => '0.1723' }, { 'date' => '2011-09-16T15:15:54', 'version' => '0.1724' }, { 'date' => '2011-09-27T11:48:33', 'version' => '0.1725' }, { 'date' => '2011-09-30T11:21:45', 'version' => '0.1726' }, { 'date' => '2011-10-03T10:43:32', 'version' => '0.1727' }, { 'date' => '2011-10-05T04:10:35', 'version' => '0.1728' }, { 'date' => '2011-10-05T08:12:55', 'version' => '0.1729' }, { 'date' => '2011-10-10T11:35:23', 'version' => '0.1730' }, { 'date' => '2011-10-11T14:30:46', 'version' => '0.1731' }, { 'date' => '2011-10-20T11:56:08', 'version' => '0.1732' }, { 'date' => '2011-10-21T22:47:50', 'version' => '0.1733' }, { 'date' => '2011-10-22T22:02:37', 'version' => '0.1734' }, { 'date' => '2011-10-23T00:11:48', 'version' => '0.1735' }, { 'date' => '2011-10-23T13:08:15', 'version' => '0.1736' }, { 'date' => '2011-10-24T14:07:44', 'version' => '0.1737' }, { 'date' => '2011-10-25T14:31:15', 'version' => '0.1738' }, { 'date' => '2011-10-26T01:14:58', 'version' => '0.1739' }, { 'date' => '2011-10-27T12:59:00', 'version' => '0.1740' }, { 'date' => '2011-10-28T11:49:57', 'version' => '0.1741' }, { 'date' => '2011-10-31T15:37:07', 'version' => '0.1742' }, { 'date' => '2011-11-01T12:02:38', 'version' => '0.1743' }, { 'date' => '2011-11-03T13:38:04', 'version' => '0.1744' }, { 'date' => '2011-11-04T14:16:11', 'version' => '0.1745' }, { 'date' => '2011-11-07T12:19:53', 'version' => '0.1746' }, { 'date' => '2011-11-11T11:59:27', 'version' => '0.1747' }, { 'date' => '2011-11-16T00:36:45', 'version' => '0.20_01' }, { 'date' => '2011-11-16T08:50:11', 'version' => '0.2100' }, { 'date' => '2011-11-21T11:05:36', 'version' => '0.2101' }, { 'date' => '2011-11-25T14:34:26', 'version' => '0.2102' }, { 'date' => '2011-11-28T10:38:56', 'version' => '0.2103' }, { 'date' => '2011-11-29T13:48:49', 'version' => '0.2104' }, { 'date' => '2012-01-14T13:39:10', 'version' => '0.2105' }, { 'date' => '2012-01-20T15:16:34', 'version' => '0.2106' }, { 'date' => '2012-01-25T08:56:44', 'version' => '0.2107' }, { 'date' => '2012-01-29T14:30:53', 'version' => '0.2108' }, { 'date' => '2012-02-07T13:31:49', 'version' => '0.2109' }, { 'date' => '2012-02-10T14:51:17', 'version' => '0.2110' }, { 'date' => '2012-02-11T14:45:41', 'version' => '0.2111' }, { 'date' => '2012-02-28T14:33:03', 'version' => '0.22' }, { 'date' => '2012-03-01T00:07:11', 'version' => '0.23' }, { 'date' => '2012-03-02T14:57:03', 'version' => '0.24' }, { 'date' => '2012-03-19T11:58:43', 'version' => '0.25' }, { 'date' => '2012-07-11T08:20:53', 'version' => '0.26' }, { 'date' => '2012-09-17T13:15:26', 'version' => '0.27' }, { 'date' => '2013-03-04T11:25:17', 'version' => '0.28' }, { 'date' => '2014-02-03T09:21:29', 'version' => '0.29' }, { 'date' => '2014-02-04T00:17:32', 'version' => '0.30' }, { 'date' => '2015-01-13T01:36:24', 'version' => '0.31' }, { 'date' => '2015-01-13T05:24:10', 'version' => '0.32' }, { 'date' => '2015-01-13T07:52:20', 'version' => '0.33' }, { 'date' => '2015-01-15T02:04:26', 'version' => '0.34' }, { 'date' => '2015-05-23T05:44:25', 'version' => '0.35' }, { 'date' => '2015-05-25T02:52:16', 'version' => '0.36' }, { 'date' => '2016-05-21T07:00:46', 'version' => '0.37' }, { 'date' => '2017-03-16T07:48:58', 'version' => '0.38' }, { 'date' => '2017-03-29T02:29:03', 'version' => '0.39' }, { 'date' => '2017-03-30T01:41:11', 'version' => '0.40' }, { 'date' => '2017-11-06T15:17:26', 'version' => '0.41' }, { 'date' => '2019-10-15T04:14:26', 'version' => '0.41_99' }, { 'date' => '2019-10-19T08:52:17', 'version' => '0.42' }, { 'date' => '2020-04-01T05:39:43', 'version' => '0.43' }, { 'date' => '2020-08-03T00:46:29', 'version' => '0.44' }, { 'date' => '2021-12-16T00:31:02', 'version' => '0.45' } ] }, 'Dancer' => { 'advisories' => [ { 'affected_versions' => '<1.3114', 'cves' => [ 'CVE-2012-5572' ], 'description' => 'CRLF injection vulnerability in the cookie method allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name. ', 'distribution' => 'Dancer', 'fixed_versions' => '>=1.3114', 'id' => 'CPANSA-Dancer-2014-01', 'references' => [ 'https://metacpan.org/changes/distribution/Dancer', 'https://github.com/PerlDancer/Dancer/commit/46ef9124f3149f697455061499ac7cee40930349' ], 'reported' => '2014-05-30' }, { 'affected_versions' => '<1.3051', 'cves' => [ 'CVE-2011-1589' ], 'description' => 'Directory traversal vulnerability (Mojolicious report, but Dancer was vulnerable as well). ', 'distribution' => 'Dancer', 'fixed_versions' => '>=1.3051', 'id' => 'CPANSA-Dancer-2011-01', 'references' => [ 'https://metacpan.org/changes/distribution/Dancer', 'https://github.com/PerlDancer/Dancer/commit/91d0bf6a36705b0971b18f7d38fa2f3df8c7b994' ], 'reported' => '2011-04-05' } ], 'main_module' => 'Dancer', 'versions' => [ { 'date' => '2009-07-27T13:18:07', 'version' => '20090727.1315' }, { 'date' => '2009-07-27T14:14:13', 'version' => '0_0.99' }, { 'date' => '2009-08-01T13:48:20', 'version' => '0.9901' }, { 'date' => '2009-08-04T10:01:54', 'version' => '0.9902' }, { 'date' => '2009-08-07T12:29:03', 'version' => '0.9003' }, { 'date' => '2009-09-19T15:30:19', 'version' => '0.9904' }, { 'date' => '2009-09-23T21:33:51', 'version' => '0.9905' }, { 'date' => '2009-11-20T11:14:20', 'version' => '1.000' }, { 'date' => '2010-01-06T13:53:28', 'version' => '1.100' }, { 'date' => '2010-01-11T09:46:45', 'version' => '1.110' }, { 'date' => '2010-01-15T16:03:35', 'version' => '1.120' }, { 'date' => '2010-01-15T17:53:08', 'version' => '1.121' }, { 'date' => '2010-01-20T07:48:38', 'version' => '1.122' }, { 'date' => '2010-01-29T17:29:24', 'version' => '1.130' }, { 'date' => '2010-02-09T07:55:18', 'version' => '1.140' }, { 'date' => '2010-02-17T15:09:48', 'version' => '1.150' }, { 'date' => '2010-03-07T17:50:01', 'version' => '1.160' }, { 'date' => '2010-03-24T11:19:00', 'version' => '1.170' }, { 'date' => '2010-03-24T13:44:04', 'version' => '1.171' }, { 'date' => '2010-03-28T15:09:59', 'version' => '1.172' }, { 'date' => '2010-04-01T14:13:30', 'version' => '1.173' }, { 'date' => '2010-04-04T11:03:53', 'version' => '1.173_01' }, { 'date' => '2010-04-08T13:49:39', 'version' => '1.174' }, { 'date' => '2010-04-11T10:49:39', 'version' => '1.175' }, { 'date' => '2010-04-19T08:43:22', 'version' => '1.175_01' }, { 'date' => '2010-04-22T20:29:56', 'version' => '1.176' }, { 'date' => '2010-05-05T12:21:26', 'version' => '1.178_01' }, { 'date' => '2010-05-16T10:28:47', 'version' => '1.1800' }, { 'date' => '2010-05-19T14:17:57', 'version' => '1.1801' }, { 'date' => '2010-05-19T17:32:52', 'version' => '1.1802' }, { 'date' => '2010-05-23T20:45:17', 'version' => '1.1803' }, { 'date' => '2010-06-18T11:59:20', 'version' => '1.1804' }, { 'date' => '2010-06-22T06:41:58', 'version' => '1.1805' }, { 'date' => '2010-07-07T06:15:55', 'version' => '1.1806_01' }, { 'date' => '2010-08-14T16:37:45', 'version' => '1.1806_02' }, { 'date' => '2010-08-23T17:47:12', 'version' => '1.1807' }, { 'date' => '2010-08-24T06:23:38', 'version' => '1.1808' }, { 'date' => '2010-08-25T05:41:15', 'version' => '1.1809' }, { 'date' => '2010-09-01T06:19:20', 'version' => '1.1810' }, { 'date' => '2010-09-03T09:23:14', 'version' => '1.1811' }, { 'date' => '2010-09-21T12:19:35', 'version' => '1.1812' }, { 'date' => '2010-09-24T14:25:44', 'version' => '1.1901' }, { 'date' => '2010-10-14T09:25:03', 'version' => '1.1999_01' }, { 'date' => '2010-10-28T15:41:17', 'version' => '1.1999_02' }, { 'date' => '2010-11-02T14:14:32', 'version' => '1.1902' }, { 'date' => '2010-11-02T14:25:04', 'version' => '1.1902' }, { 'date' => '2010-11-03T17:07:29', 'version' => '1.1903' }, { 'date' => '2010-11-04T11:16:17', 'version' => '1.1904' }, { 'date' => '2010-11-11T07:43:21', 'version' => '1.1999_03' }, { 'date' => '2010-11-14T08:08:56', 'version' => '1.1999_04' }, { 'date' => '2010-11-18T15:54:33', 'version' => '1.200' }, { 'date' => '2010-11-18T16:52:47', 'version' => '1.2000' }, { 'date' => '2010-11-29T22:05:38', 'version' => '1.2000_01' }, { 'date' => '2010-11-30T10:00:23', 'version' => '1.2000_02' }, { 'date' => '2010-11-30T19:59:09', 'version' => '1.2001' }, { 'date' => '2010-12-02T12:18:12', 'version' => '1.2001_01' }, { 'date' => '2010-12-03T20:28:56', 'version' => '1.2002' }, { 'date' => '2010-12-07T18:05:50', 'version' => '1.2002_01' }, { 'date' => '2010-12-08T21:38:17', 'version' => '1.2002_02' }, { 'date' => '2010-12-10T18:28:16', 'version' => '1.2003' }, { 'date' => '2010-12-22T17:57:55', 'version' => '1.3000_01' }, { 'date' => '2011-01-03T15:17:14', 'version' => '1.3000_02' }, { 'date' => '2011-01-27T10:00:22', 'version' => '1.2004' }, { 'date' => '2011-01-27T10:09:31', 'version' => '1.3001' }, { 'date' => '2011-02-02T15:42:28', 'version' => '1.3002' }, { 'date' => '2011-02-05T17:07:15', 'version' => '1.2005' }, { 'date' => '2011-02-06T13:12:28', 'version' => '1.3003' }, { 'date' => '2011-02-10T20:48:48', 'version' => '1.3010' }, { 'date' => '2011-02-12T12:50:18', 'version' => '1.3010_01' }, { 'date' => '2011-02-14T15:58:10', 'version' => '1.3011' }, { 'date' => '2011-03-01T19:00:52', 'version' => '1.3012' }, { 'date' => '2011-03-03T08:41:00', 'version' => '1.3013' }, { 'date' => '2011-03-04T12:56:36', 'version' => '1.3014' }, { 'date' => '2011-03-10T14:16:24', 'version' => '1.3014_01' }, { 'date' => '2011-03-13T13:17:43', 'version' => '1.3019_01' }, { 'date' => '2011-03-14T07:44:57', 'version' => '1.3019_02' }, { 'date' => '2011-03-21T13:44:17', 'version' => '1.3020' }, { 'date' => '2011-04-01T15:22:58', 'version' => '1.3029_01' }, { 'date' => '2011-04-08T20:07:26', 'version' => '1.3029_02' }, { 'date' => '2011-04-10T08:18:44', 'version' => '1.3029_03' }, { 'date' => '2011-04-13T08:26:50', 'version' => '1.3030' }, { 'date' => '2011-04-27T14:58:57', 'version' => '1.3039_01' }, { 'date' => '2011-05-01T14:55:49', 'version' => '1.3040' }, { 'date' => '2011-05-14T15:03:00', 'version' => '1.3049_01' }, { 'date' => '2011-05-20T10:57:10', 'version' => '1.3050' }, { 'date' => '2011-05-27T12:57:27', 'version' => '1.3051' }, { 'date' => '2011-05-27T13:07:51', 'version' => '1.3059_01' }, { 'date' => '2011-05-29T14:06:24', 'version' => '1.3059_02' }, { 'date' => '2011-06-11T14:02:50', 'version' => '1.3059_03' }, { 'date' => '2011-06-12T17:31:55', 'version' => '1.3059_04' }, { 'date' => '2011-06-15T10:35:07', 'version' => '1.3060' }, { 'date' => '2011-07-07T13:19:45', 'version' => '1.3069_01' }, { 'date' => '2011-07-10T16:14:53', 'version' => '1.3069_02' }, { 'date' => '2011-07-14T13:47:19', 'version' => '1.3070' }, { 'date' => '2011-07-26T16:21:51', 'version' => '1.3071' }, { 'date' => '2011-08-17T15:27:53', 'version' => '1.3079_01' }, { 'date' => '2011-08-23T09:55:46', 'version' => '1.3072' }, { 'date' => '2011-08-28T14:13:40', 'version' => '1.3079_02' }, { 'date' => '2011-09-10T15:10:29', 'version' => '1.3079_03' }, { 'date' => '2011-10-02T16:07:02', 'version' => '1.3079_04' }, { 'date' => '2011-10-18T14:43:22', 'version' => '1.3079_05' }, { 'date' => '2011-10-25T21:16:42', 'version' => '1.3080' }, { 'date' => '2011-11-27T06:51:43', 'version' => '1.3089_01' }, { 'date' => '2011-12-13T14:41:24', 'version' => '1.3090' }, { 'date' => '2011-12-17T11:09:48', 'version' => '1.3091' }, { 'date' => '2012-01-27T14:38:05', 'version' => '1.3092' }, { 'date' => '2012-02-29T14:34:55', 'version' => '1.3093' }, { 'date' => '2012-03-31T09:57:40', 'version' => '1.3094' }, { 'date' => '2012-04-01T19:22:56', 'version' => '1.3095' }, { 'date' => '2012-06-22T20:18:54', 'version' => '1.3095_01' }, { 'date' => '2012-07-03T07:27:28', 'version' => '1.3095_02' }, { 'date' => '2012-07-05T23:09:20', 'version' => '1.3096' }, { 'date' => '2012-07-08T18:36:14', 'version' => '1.3097' }, { 'date' => '2012-07-28T14:40:15', 'version' => '1.3098' }, { 'date' => '2012-08-11T13:54:49', 'version' => '1.3099' }, { 'date' => '2012-08-25T19:42:47', 'version' => '1.3100' }, { 'date' => '2012-10-06T13:24:53', 'version' => '1.3110' }, { 'date' => '2012-12-24T13:17:58', 'version' => '1.9999_01' }, { 'date' => '2012-12-24T13:48:35', 'version' => '1.9999_02' }, { 'date' => '2013-01-22T21:38:11', 'version' => '2.0000_01' }, { 'date' => '2013-02-22T15:33:14', 'version' => '2.000001' }, { 'date' => '2013-02-24T22:51:59', 'version' => '1.3111' }, { 'date' => '2013-03-30T16:33:05', 'version' => '1.3111_01' }, { 'date' => '2013-04-01T22:31:08', 'version' => '1.3111_02' }, { 'date' => '2013-04-11T01:04:37', 'version' => '1.3112' }, { 'date' => '2013-05-09T00:36:16', 'version' => '1.3113' }, { 'date' => '2013-06-02T16:49:58', 'version' => '1.3114' }, { 'date' => '2013-06-09T23:54:16', 'version' => '1.3115' }, { 'date' => '2013-07-04T01:35:27', 'version' => '1.3116' }, { 'date' => '2013-07-31T22:40:52', 'version' => '1.3117' }, { 'date' => '2013-09-01T16:45:13', 'version' => '1.3118' }, { 'date' => '2013-10-26T19:42:59', 'version' => '1.3119' }, { 'date' => '2013-12-24T16:23:20', 'version' => '1.3120' }, { 'date' => '2014-02-02T22:26:53', 'version' => '1.3121' }, { 'date' => '2014-04-10T23:16:40', 'version' => '1.3122' }, { 'date' => '2014-04-12T15:47:53', 'version' => '1.3123' }, { 'date' => '2014-05-10T16:15:17', 'version' => '1.3124' }, { 'date' => '2014-07-12T17:19:08', 'version' => '1.3125' }, { 'date' => '2014-07-15T02:01:21', 'version' => '1.3126' }, { 'date' => '2014-09-09T00:49:19', 'version' => '1.3127' }, { 'date' => '2014-09-09T11:47:21', 'version' => '1.3128' }, { 'date' => '2014-09-10T00:50:37', 'version' => '1.3129' }, { 'date' => '2014-09-16T01:21:25', 'version' => '1.3130' }, { 'date' => '2014-10-11T18:59:22', 'version' => '1.3131_0' }, { 'date' => '2014-10-13T23:25:36', 'version' => '1.3131_1' }, { 'date' => '2014-10-20T23:14:23', 'version' => '1.3132' }, { 'date' => '2014-11-26T22:20:35', 'version' => '1.3133' }, { 'date' => '2015-02-23T01:33:08', 'version' => '1.3134' }, { 'date' => '2015-04-23T01:54:25', 'version' => '1.3135' }, { 'date' => '2015-05-24T15:48:19', 'version' => '1.3136' }, { 'date' => '2015-06-05T20:05:21', 'version' => '1.3137' }, { 'date' => '2015-06-12T20:55:50', 'version' => '1.3138' }, { 'date' => '2015-06-25T20:13:45', 'version' => '1.3139' }, { 'date' => '2015-07-03T13:56:32', 'version' => '1.3140' }, { 'date' => '2015-09-07T15:15:26', 'version' => '1.3141' }, { 'date' => '2015-09-15T00:52:23', 'version' => '1.3142' }, { 'date' => '2015-10-26T21:15:31', 'version' => '1.3143' }, { 'date' => '2015-11-04T12:36:07', 'version' => '1.3144' }, { 'date' => '2015-11-06T22:12:42', 'version' => '1.3200' }, { 'date' => '2015-11-07T19:27:25', 'version' => '1.3201' }, { 'date' => '2015-11-07T21:52:17', 'version' => '1.3202' }, { 'date' => '2016-02-15T21:33:45', 'version' => '1.3300' }, { 'date' => '2016-02-16T22:42:44', 'version' => '1.3301' }, { 'date' => '2018-05-20T19:52:07', 'version' => '1.3203' }, { 'date' => '2018-05-23T13:43:34', 'version' => '1.3204' }, { 'date' => '2018-06-13T22:02:36', 'version' => '1.3205' }, { 'date' => '2018-06-15T22:11:45', 'version' => '1.3400' }, { 'date' => '2018-10-01T11:53:31', 'version' => '1.3401' }, { 'date' => '2018-10-10T10:44:29', 'version' => '1.3402' }, { 'date' => '2018-10-11T22:45:37', 'version' => '1.3403' }, { 'date' => '2018-10-12T20:33:54', 'version' => '1.3500' }, { 'date' => '2019-03-14T19:27:25', 'version' => '1.3501' }, { 'date' => '2019-03-19T14:49:14', 'version' => '1.3510' }, { 'date' => '2019-03-29T11:18:31', 'version' => '1.3511' }, { 'date' => '2019-03-31T19:16:29', 'version' => '1.3512' }, { 'date' => '2020-01-29T21:03:12', 'version' => '1.3513' }, { 'date' => '2020-06-29T16:44:22', 'version' => '1.3514' }, { 'date' => '2020-10-02T20:51:17', 'version' => '1.3514_02' }, { 'date' => '2020-10-06T21:24:49', 'version' => '1.3514_03' }, { 'date' => '2022-06-29T22:00:04', 'version' => '1.3514_04' }, { 'date' => '2023-01-02T10:57:26', 'version' => '1.3520' }, { 'date' => '2023-02-05T23:40:49', 'version' => '1.3521' }, { 'date' => '2023-02-08T20:58:09', 'version' => '1.3521' } ] }, 'Dancer2' => { 'advisories' => [ { 'affected_versions' => '<0.206000', 'cves' => [], 'description' => 'There is a potential RCE with regards to Storable. We have added session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. ', 'distribution' => 'Dancer2', 'fixed_versions' => '>=0.206000', 'id' => 'CPANSA-Dancer2-2018-01', 'references' => [ 'https://metacpan.org/changes/distribution/Dancer2', 'http://lists.preshweb.co.uk/pipermail/dancer-users/2018-April/005952.html', 'https://github.com/PerlDancer/Dancer2/commit/3580f5d0874a9abf5483528f73bda9a7fd9ec7f1' ], 'reported' => '2018-01-30', 'severity' => 'critical' } ], 'main_module' => 'Dancer2', 'versions' => [ { 'date' => '2013-02-22T15:39:46', 'version' => '0.01' }, { 'date' => '2013-02-24T11:04:25', 'version' => '0.02' }, { 'date' => '2013-03-07T17:30:37', 'version' => '0.03' }, { 'date' => '2013-04-22T19:58:02', 'version' => '0.04' }, { 'date' => '2013-07-20T16:53:37', 'version' => '0.05' }, { 'date' => '2013-07-30T14:29:42', 'version' => '0.06' }, { 'date' => '2013-08-03T22:17:54', 'version' => '0.07' }, { 'date' => '2013-08-18T12:24:31', 'version' => '0.08' }, { 'date' => '2013-09-01T21:19:26', 'version' => '0.09' }, { 'date' => '2013-09-28T13:29:35', 'version' => '0.10' }, { 'date' => '2013-12-15T13:21:28', 'version' => '0.11' }, { 'date' => '2014-04-07T21:05:16', 'version' => '0.12' }, { 'date' => '2014-04-13T17:20:22', 'version' => '0.13' }, { 'date' => '2014-04-28T21:16:57', 'version' => '0.140000' }, { 'date' => '2014-05-01T08:50:43', 'version' => '0.140001' }, { 'date' => '2014-06-07T20:35:57', 'version' => '0.140900_01' }, { 'date' => '2014-06-08T20:29:28', 'version' => '0.141000' }, { 'date' => '2014-06-24T19:18:07', 'version' => '0.142000' }, { 'date' => '2014-07-05T19:43:17', 'version' => '0.143000' }, { 'date' => '2014-07-23T19:34:51', 'version' => '0.149000_01' }, { 'date' => '2014-08-10T11:53:37', 'version' => '0.149000_02' }, { 'date' => '2014-08-16T23:38:39', 'version' => '0.150000' }, { 'date' => '2014-10-08T19:51:49', 'version' => '0.151000' }, { 'date' => '2014-10-14T02:33:06', 'version' => '0.152000' }, { 'date' => '2014-10-23T21:48:36', 'version' => '0.153000' }, { 'date' => '2014-10-29T21:41:13', 'version' => '0.153001' }, { 'date' => '2014-10-30T08:29:15', 'version' => '0.153002' }, { 'date' => '2014-11-17T14:41:14', 'version' => '0.154000' }, { 'date' => '2014-11-28T00:21:55', 'version' => '0.155000' }, { 'date' => '2014-11-28T16:44:27', 'version' => '0.155001' }, { 'date' => '2014-12-02T22:02:03', 'version' => '0.155002' }, { 'date' => '2014-12-03T21:35:35', 'version' => '0.155003' }, { 'date' => '2014-12-04T10:57:08', 'version' => '0.155004' }, { 'date' => '2014-12-07T17:07:21', 'version' => '0.156000' }, { 'date' => '2014-12-08T22:08:30', 'version' => '0.156001' }, { 'date' => '2014-12-14T17:25:53', 'version' => '0.157000' }, { 'date' => '2014-12-21T19:42:24', 'version' => '0.157001' }, { 'date' => '2015-01-01T17:11:48', 'version' => '0.158000' }, { 'date' => '2015-02-24T03:54:24', 'version' => '0.159000' }, { 'date' => '2015-02-25T14:33:59', 'version' => '0.159001' }, { 'date' => '2015-03-03T18:25:28', 'version' => '0.159002' }, { 'date' => '2015-03-23T14:00:19', 'version' => '0.159003' }, { 'date' => '2015-04-26T22:15:22', 'version' => '0.160000' }, { 'date' => '2015-05-14T18:46:02', 'version' => '0.160001' }, { 'date' => '2015-06-04T11:07:02', 'version' => '0.160002' }, { 'date' => '2015-06-06T09:11:43', 'version' => '0.160003' }, { 'date' => '2015-07-08T13:04:02', 'version' => '0.161000' }, { 'date' => '2015-08-28T13:32:02', 'version' => '0.161000_01' }, { 'date' => '2015-09-06T11:13:10', 'version' => '0.162000' }, { 'date' => '2015-10-13T15:08:16', 'version' => '0.162000_01' }, { 'date' => '2015-10-15T11:00:10', 'version' => '0.163000' }, { 'date' => '2015-12-16T22:44:32', 'version' => '0.164000' }, { 'date' => '2015-12-17T08:23:24', 'version' => '0.165000' }, { 'date' => '2016-01-12T18:04:57', 'version' => '0.166000' }, { 'date' => '2016-01-22T06:57:11', 'version' => '0.166001' }, { 'date' => '2016-04-19T19:52:27', 'version' => '0.166001_01' }, { 'date' => '2016-04-29T14:45:41', 'version' => '0.166001_02' }, { 'date' => '2016-05-27T11:25:55', 'version' => '0.166001_03' }, { 'date' => '2016-05-27T12:57:04', 'version' => '0.166001_04' }, { 'date' => '2016-05-31T13:29:37', 'version' => '0.200000' }, { 'date' => '2016-06-16T14:00:23', 'version' => '0.200001' }, { 'date' => '2016-06-22T14:41:29', 'version' => '0.200002' }, { 'date' => '2016-07-05T19:36:46', 'version' => '0.200003' }, { 'date' => '2016-07-11T15:21:33', 'version' => '0.200003' }, { 'date' => '2016-07-22T04:41:26', 'version' => '0.200004' }, { 'date' => '2016-07-22T13:28:45', 'version' => '0.201000' }, { 'date' => '2016-08-13T18:53:07', 'version' => '0.202000' }, { 'date' => '2016-08-25T03:12:19', 'version' => '0.203000' }, { 'date' => '2016-09-04T02:01:29', 'version' => '0.203001' }, { 'date' => '2016-10-11T01:59:49', 'version' => '0.204000' }, { 'date' => '2016-10-17T13:32:25', 'version' => '0.204001' }, { 'date' => '2016-12-21T21:47:24', 'version' => '0.204002' }, { 'date' => '2017-01-25T21:23:22', 'version' => '0.204003' }, { 'date' => '2017-01-26T17:31:30', 'version' => '0.204004' }, { 'date' => '2017-03-10T21:40:43', 'version' => '0.205000' }, { 'date' => '2017-07-11T13:04:56', 'version' => '0.205001' }, { 'date' => '2017-10-17T21:10:03', 'version' => '0.205002' }, { 'date' => '2018-04-09T00:54:25', 'version' => '0.206000_01' }, { 'date' => '2018-04-10T01:50:18', 'version' => '0.206000_02' }, { 'date' => '2018-04-20T02:12:22', 'version' => '0.206000' }, { 'date' => '2018-11-14T22:26:15', 'version' => '0.207000' }, { 'date' => '2019-06-19T14:23:06', 'version' => '0.208000' }, { 'date' => '2019-08-05T01:12:14', 'version' => '0.208001' }, { 'date' => '2019-12-14T21:13:32', 'version' => '0.208002' }, { 'date' => '2019-12-24T05:57:09', 'version' => '0.300000' }, { 'date' => '2020-04-06T16:18:33', 'version' => '0.300001' }, { 'date' => '2020-04-07T15:49:22', 'version' => '0.300002' }, { 'date' => '2020-04-09T14:42:55', 'version' => '0.300003' }, { 'date' => '2020-05-27T00:54:55', 'version' => '0.300004' }, { 'date' => '2021-01-26T20:59:33', 'version' => '0.300005' }, { 'date' => '2021-03-15T23:12:49', 'version' => '0.301000' }, { 'date' => '2021-03-17T12:56:09', 'version' => '0.301001' }, { 'date' => '2021-04-18T19:33:05', 'version' => '0.301002' }, { 'date' => '2021-06-03T13:29:26', 'version' => '0.301003' }, { 'date' => '2021-06-06T17:32:08', 'version' => '0.301004' }, { 'date' => '2022-03-14T02:18:12', 'version' => '0.400000' }, { 'date' => '2023-02-05T23:42:54', 'version' => '0.400001' }, { 'date' => '2023-10-09T14:11:25', 'version' => '1.0.0' }, { 'date' => '2023-12-12T01:29:05', 'version' => '1.1.0' } ] }, 'Data-Dumper' => { 'advisories' => [ { 'affected_versions' => '<2.154', 'cves' => [ 'CVE-2014-4330' ], 'description' => 'Infinite recursion. ', 'distribution' => 'Data-Dumper', 'fixed_versions' => '>=2.154', 'id' => 'CPANSA-Data-Dumper-2014-01', 'references' => [ 'https://metacpan.org/changes/distribution/Data-Dumper' ], 'reported' => '2014-09-30' } ], 'main_module' => 'Data::Dumper', 'versions' => [ { 'date' => '1995-11-19T22:29:08', 'version' => '1.21' }, { 'date' => '1995-11-23T05:45:27', 'version' => '1.22' }, { 'date' => '1995-12-04T03:12:16', 'version' => '1.23' }, { 'date' => '1996-04-09T15:54:26', 'version' => '2.00' }, { 'date' => '1996-04-10T04:25:17', 'version' => '2.01' }, { 'date' => '1996-04-13T07:14:35', 'version' => '2.02' }, { 'date' => '1996-08-26T14:36:59', 'version' => '2.03' }, { 'date' => '1996-08-28T20:11:49', 'version' => '2.04' }, { 'date' => '1996-12-02T13:42:49', 'version' => '2.05' }, { 'date' => '1996-12-02T23:07:56', 'version' => '2.06' }, { 'date' => '1996-12-07T17:28:27', 'version' => '2.07' }, { 'date' => '1997-12-07T21:27:09', 'version' => '2.08' }, { 'date' => '1998-01-15T20:36:46', 'version' => '2.081' }, { 'date' => '1998-03-06T21:08:49', 'version' => '2.081' }, { 'date' => '1998-07-17T05:23:08', 'version' => '2.09' }, { 'date' => '1998-07-21T12:08:19', 'version' => '2.09' }, { 'date' => '1998-10-31T12:10:30', 'version' => '2.10' }, { 'date' => '1999-05-01T02:01:03', 'version' => '2.101' }, { 'date' => '1999-06-02T01:30:55', 'version' => '2.101' }, { 'date' => '2003-07-20T16:59:48', 'version' => '2.12_01' }, { 'date' => '2003-07-31T19:12:44', 'version' => '2.12_02' }, { 'date' => '2003-08-25T11:49:41', 'version' => '2.121' }, { 'date' => '2009-06-06T14:45:36', 'version' => '2.121_20' }, { 'date' => '2009-06-09T15:49:12', 'version' => '2.122' }, { 'date' => '2009-06-11T08:07:01', 'version' => '2.123' }, { 'date' => '2009-06-13T15:22:32', 'version' => '2.124' }, { 'date' => '2009-08-08T10:33:01', 'version' => '2.125' }, { 'date' => '2010-04-15T19:55:01', 'version' => '2.126' }, { 'date' => '2010-09-06T14:28:10', 'version' => '2.126_01' }, { 'date' => '2010-09-10T07:08:41', 'version' => '2.127' }, { 'date' => '2010-09-10T07:11:52', 'version' => '2.128' }, { 'date' => '2011-05-20T15:53:12', 'version' => '2.130_03' }, { 'date' => '2011-05-27T14:19:03', 'version' => '2.131' }, { 'date' => '2011-12-19T08:23:05', 'version' => '2.135_01' }, { 'date' => '2011-12-29T17:09:49', 'version' => '2.135_02' }, { 'date' => '2012-08-07T06:59:51', 'version' => '2.135_07' }, { 'date' => '2012-10-04T07:35:07', 'version' => '2.136' }, { 'date' => '2012-12-12T06:30:48', 'version' => '2.139' }, { 'date' => '2013-02-26T06:57:29', 'version' => '2.143' }, { 'date' => '2013-03-15T09:46:49', 'version' => '2.145' }, { 'date' => '2014-03-07T09:28:44', 'version' => '2.151' }, { 'date' => '2014-09-18T15:47:37', 'version' => '2.154' }, { 'date' => '2016-07-03T19:17:57', 'version' => '2.160' }, { 'date' => '2016-07-11T20:13:06', 'version' => '2.161' }, { 'date' => '2017-07-31T15:31:28', 'version' => '2.167_01' }, { 'date' => '2017-08-04T08:05:22', 'version' => '2.167_02' }, { 'date' => '2018-09-19T14:41:58', 'version' => '2.172' }, { 'date' => '2018-11-10T10:10:30', 'version' => '2.173' }, { 'date' => '2021-05-14T12:47:34', 'version' => '2.179_50' }, { 'date' => '2021-05-17T05:53:02', 'version' => '2.180' }, { 'date' => '2021-05-22T09:51:29', 'version' => '2.180_50' }, { 'date' => '2021-05-23T14:14:12', 'version' => '2.180_51' }, { 'date' => '2021-05-24T08:03:55', 'version' => '2.180_52' }, { 'date' => '2021-05-25T05:20:34', 'version' => '2.180_53' }, { 'date' => '2021-05-26T06:46:41', 'version' => '2.181' }, { 'date' => '2021-06-29T10:42:11', 'version' => '2.181_50' }, { 'date' => '2021-06-30T09:36:34', 'version' => '2.182' }, { 'date' => '2021-07-01T07:05:45', 'version' => '2.182_50' }, { 'date' => '2021-07-03T13:07:49', 'version' => '2.182_51' }, { 'date' => '2021-07-05T07:07:44', 'version' => '2.183' } ] }, 'Data-FormValidator' => { 'advisories' => [ { 'affected_versions' => '<=4.66', 'cves' => [ 'CVE-2011-2201' ], 'description' => 'The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input. ', 'distribution' => 'Data-FormValidator', 'fixed_versions' => '>4.66', 'id' => 'CPANSA-Data-FormValidator-2011-2201', 'references' => [ 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511', 'http://www.openwall.com/lists/oss-security/2011/06/13/13', 'https://bugzilla.redhat.com/show_bug.cgi?id=712694', 'http://www.openwall.com/lists/oss-security/2011/06/12/3', 'http://www.securityfocus.com/bid/48167', 'https://rt.cpan.org/Public/Bug/Display.html?id=61792', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html', 'http://www.openwall.com/lists/oss-security/2011/06/13/5' ], 'reported' => '2011-09-14', 'severity' => undef } ], 'main_module' => 'Data::FormValidator', 'versions' => [ { 'date' => '2001-06-19T21:43:01', 'version' => '1.3' }, { 'date' => '2001-06-22T16:36:08', 'version' => '1.4' }, { 'date' => '2001-06-25T17:02:43', 'version' => '1.4' }, { 'date' => '2001-06-28T15:13:01', 'version' => '1.5' }, { 'date' => '2001-07-18T14:23:17', 'version' => 'v1.5.1' }, { 'date' => '2001-09-23T22:42:22', 'version' => '1.6' }, { 'date' => '2001-11-03T18:16:00', 'version' => '1.7' }, { 'date' => '2002-02-14T22:45:46', 'version' => '1.8' }, { 'date' => '2002-02-18T02:20:12', 'version' => '1.9' }, { 'date' => '2002-04-21T13:42:36', 'version' => '1.10' }, { 'date' => '2002-06-29T21:04:14', 'version' => '1.11' }, { 'date' => '2002-10-07T02:06:39', 'version' => '1.91' }, { 'date' => '2002-12-23T23:36:37', 'version' => '1.92' }, { 'date' => '2003-03-08T13:10:33', 'version' => '1.93' }, { 'date' => '2003-03-23T03:01:57', 'version' => '2.00' }, { 'date' => '2003-04-02T15:18:15', 'version' => '2.01' }, { 'date' => '2003-04-09T15:54:50', 'version' => '2.02' }, { 'date' => '2003-04-10T16:12:40', 'version' => '2.03' }, { 'date' => '2003-04-12T02:58:35', 'version' => '2.04' }, { 'date' => '2003-04-20T22:23:44', 'version' => '2.10' }, { 'date' => '2003-04-24T02:51:03', 'version' => '2.10' }, { 'date' => '2003-05-11T21:29:55', 'version' => '3.00' }, { 'date' => '2003-05-16T04:06:05', 'version' => '3.01' }, { 'date' => '2003-05-26T23:18:18', 'version' => '3.1' }, { 'date' => '2003-05-27T19:41:01', 'version' => '3.11' }, { 'date' => '2003-06-23T01:27:03', 'version' => '3.12' }, { 'date' => '2003-11-02T21:19:10', 'version' => '3.13' }, { 'date' => '2003-11-03T17:59:41', 'version' => '3.14' }, { 'date' => '2003-11-30T20:36:41', 'version' => '3.15' }, { 'date' => '2004-01-04T01:37:01', 'version' => '3.49_1' }, { 'date' => '2004-01-12T22:04:27', 'version' => '3.50' }, { 'date' => '2004-02-27T04:19:47', 'version' => '3.51' }, { 'date' => '2004-03-21T17:42:11', 'version' => '3.52' }, { 'date' => '2004-03-23T02:33:53', 'version' => '3.53' }, { 'date' => '2004-03-24T14:55:49', 'version' => '3.54' }, { 'date' => '2004-04-17T02:30:02', 'version' => '3.56' }, { 'date' => '2004-04-22T02:26:41', 'version' => '3.57' }, { 'date' => '2004-05-05T21:55:00', 'version' => '3.58' }, { 'date' => '2004-07-02T17:48:51', 'version' => '3.59' }, { 'date' => '2004-09-28T02:25:35', 'version' => '3.61' }, { 'date' => '2004-10-09T04:00:51', 'version' => '3.62' }, { 'date' => '2004-11-17T22:27:13', 'version' => '3.63' }, { 'date' => '2005-05-20T01:25:45', 'version' => '4.00_01' }, { 'date' => '2005-07-03T19:37:11', 'version' => '4.00_02' }, { 'date' => '2005-07-20T02:07:36', 'version' => '3.70' }, { 'date' => '2005-07-31T17:36:02', 'version' => '3.71' }, { 'date' => '2005-08-14T16:09:26', 'version' => '4.00' }, { 'date' => '2005-08-20T18:20:14', 'version' => '4.01' }, { 'date' => '2005-09-01T02:31:29', 'version' => '4.02' }, { 'date' => '2005-12-23T01:00:49', 'version' => '4.10' }, { 'date' => '2006-01-03T23:49:53', 'version' => '4.11' }, { 'date' => '2006-01-06T02:14:25', 'version' => '4.12' }, { 'date' => '2006-02-10T02:48:33', 'version' => '4.13' }, { 'date' => '2006-02-17T18:48:14', 'version' => '4.14' }, { 'date' => '2006-06-13T01:12:23', 'version' => '4.20' }, { 'date' => '2006-07-01T15:42:37', 'version' => '4.21_01' }, { 'date' => '2006-07-11T01:45:51', 'version' => '4.30' }, { 'date' => '2006-08-21T23:43:58', 'version' => '4.40' }, { 'date' => '2006-10-03T18:16:57', 'version' => '4.49_1' }, { 'date' => '2006-12-05T02:41:19', 'version' => '4.50' }, { 'date' => '2007-07-14T03:36:00', 'version' => '4.51' }, { 'date' => '2007-10-19T19:41:46', 'version' => '4.52' }, { 'date' => '2007-10-20T20:02:19', 'version' => '4.50' }, { 'date' => '2007-10-21T13:30:20', 'version' => '4.54' }, { 'date' => '2007-10-21T15:50:42', 'version' => '4.55' }, { 'date' => '2007-10-31T16:49:55', 'version' => '4.56' }, { 'date' => '2007-11-02T02:55:19', 'version' => '4.57' }, { 'date' => '2008-06-16T18:28:54', 'version' => '4.60' }, { 'date' => '2008-06-16T18:46:47', 'version' => '4.61' }, { 'date' => '2009-01-03T17:14:18', 'version' => '4.62' }, { 'date' => '2009-01-03T17:49:48', 'version' => '4.63' }, { 'date' => '2009-12-31T03:22:00', 'version' => '4.65' }, { 'date' => '2010-02-24T14:33:48', 'version' => '4.66' }, { 'date' => '2011-11-12T02:18:45', 'version' => '4.67' }, { 'date' => '2011-11-12T03:11:55', 'version' => '4.70' }, { 'date' => '2012-10-02T20:40:09', 'version' => '4.71' }, { 'date' => '2012-11-01T15:14:05', 'version' => '4.80' }, { 'date' => '2013-07-19T12:31:06', 'version' => '4.81' }, { 'date' => '2017-02-23T15:15:37', 'version' => '4.82' }, { 'date' => '2017-02-23T16:39:53', 'version' => '4.83' }, { 'date' => '2017-02-25T15:12:25', 'version' => '4.84' }, { 'date' => '2017-02-25T20:34:08', 'version' => '4.85' }, { 'date' => '2017-03-26T19:39:49', 'version' => '4.86' }, { 'date' => '2017-08-28T12:41:42', 'version' => '4.88' } ] }, 'Data-UUID' => { 'advisories' => [ { 'affected_versions' => '>1.219', 'cves' => [ 'CVE-2013-4184' ], 'description' => 'Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks ', 'distribution' => 'Data-UUID', 'fixed_versions' => undef, 'id' => 'CPANSA-Data-UUID-2013-4184', 'references' => [ 'https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4184', 'http://www.openwall.com/lists/oss-security/2013/07/31/4', 'http://www.securityfocus.com/bid/61534', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/86103', 'https://security-tracker.debian.org/tracker/CVE-2013-4184', 'https://access.redhat.com/security/cve/cve-2013-4184', 'https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4184' ], 'reported' => '2019-12-10', 'severity' => 'medium' } ], 'main_module' => 'Data::UUID', 'versions' => [ { 'date' => '2001-10-30T17:35:43', 'version' => '0.01' }, { 'date' => '2001-10-31T17:16:07', 'version' => '0.02' }, { 'date' => '2001-11-05T17:56:17', 'version' => '0.03' }, { 'date' => '2001-12-12T21:23:28', 'version' => '0.04' }, { 'date' => '2002-02-13T19:57:54', 'version' => '0.05' }, { 'date' => '2002-03-11T15:42:56', 'version' => '0.06' }, { 'date' => '2002-06-12T21:38:06', 'version' => '0.07' }, { 'date' => '2002-11-29T17:19:21', 'version' => '0.08' }, { 'date' => '2003-02-26T21:56:46', 'version' => '0.09' }, { 'date' => '2003-07-17T21:55:38', 'version' => '0.10' }, { 'date' => '2003-08-27T20:17:10', 'version' => '0.11' }, { 'date' => '2006-02-24T00:44:57', 'version' => '0.12_01' }, { 'date' => '2006-02-25T20:45:33', 'version' => '0.13' }, { 'date' => '2006-03-18T13:42:09', 'version' => '0.14' }, { 'date' => '2006-09-06T02:19:07', 'version' => '0.141' }, { 'date' => '2006-09-06T02:46:59', 'version' => '0.142' }, { 'date' => '2006-09-18T02:16:47', 'version' => '0.143' }, { 'date' => '2006-09-19T22:29:33', 'version' => '0.145' }, { 'date' => '2006-11-15T01:22:33', 'version' => '0.146' }, { 'date' => '2006-11-16T14:16:50', 'version' => '0.147_01' }, { 'date' => '2006-11-16T15:25:08', 'version' => '0.148' }, { 'date' => '2007-03-08T16:05:15', 'version' => '1.148' }, { 'date' => '2008-11-01T16:36:57', 'version' => '1.149' }, { 'date' => '2008-11-02T03:21:27', 'version' => '1.200_01' }, { 'date' => '2008-11-11T21:40:52', 'version' => '1.200_02' }, { 'date' => '2009-04-18T18:12:28', 'version' => '1.201' }, { 'date' => '2009-06-15T22:47:18', 'version' => '1.202' }, { 'date' => '2009-11-03T21:49:20', 'version' => '1.203' }, { 'date' => '2010-05-07T01:57:28', 'version' => '1.210' }, { 'date' => '2010-05-07T12:00:52', 'version' => '1.211' }, { 'date' => '2010-05-07T22:59:24', 'version' => '1.212' }, { 'date' => '2010-05-09T19:29:59', 'version' => '1.213' }, { 'date' => '2010-05-15T01:06:55', 'version' => '1.214' }, { 'date' => '2010-05-25T02:47:15', 'version' => '1.215' }, { 'date' => '2010-09-04T18:14:56', 'version' => '1.216' }, { 'date' => '2010-09-14T01:48:04', 'version' => '1.217' }, { 'date' => '2012-08-01T03:25:46', 'version' => '1.218' }, { 'date' => '2013-07-07T03:00:13', 'version' => '1.219' }, { 'date' => '2014-12-16T00:07:05', 'version' => '1.220' }, { 'date' => '2015-08-10T12:37:32', 'version' => '1.221' }, { 'date' => '2018-04-29T22:11:17', 'version' => '1.222' }, { 'date' => '2019-02-25T22:28:34', 'version' => '1.223' }, { 'date' => '2019-03-02T14:20:33', 'version' => '1.224' }, { 'date' => '2020-04-12T18:42:29', 'version' => '1.225' }, { 'date' => '2020-04-12T18:43:57', 'version' => '1.226' } ] }, 'Data-Validate-IP' => { 'advisories' => [ { 'affected_versions' => '<=0.29', 'cves' => [ 'CVE-2021-29662' ], 'description' => 'The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. ', 'distribution' => 'Data-Validate-IP', 'fixed_versions' => '>0.29', 'id' => 'CPANSA-Data-Validate-IP-2021-01', 'references' => [ 'https://security.netapp.com/advisory/ntap-20210604-0002/', 'https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/', 'https://github.com/houseabsolute/Data-Validate-IP', 'https://github.com/houseabsolute/Data-Validate-IP/commit/3bba13c819d616514a75e089badd75002fd4f14e', 'https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-018.md', 'https://sick.codes/sick-2021-018/' ], 'reported' => '2021-03-31' } ], 'main_module' => 'Data::Validate::IP', 'versions' => [ { 'date' => '2005-03-04T16:46:50', 'version' => '0.02' }, { 'date' => '2005-03-04T20:06:14', 'version' => '0.03' }, { 'date' => '2005-04-28T15:11:20', 'version' => '0.04' }, { 'date' => '2007-03-06T19:45:16', 'version' => '0.05' }, { 'date' => '2007-05-16T16:08:59', 'version' => '0.06' }, { 'date' => '2007-05-18T02:42:07', 'version' => '0.07' }, { 'date' => '2007-12-06T18:48:53', 'version' => '0.08' }, { 'date' => '2009-06-04T17:52:28', 'version' => '0.10' }, { 'date' => '2010-03-01T19:40:48', 'version' => '0.11' }, { 'date' => '2010-12-29T21:23:08', 'version' => '0.12' }, { 'date' => '2011-01-06T14:25:53', 'version' => '0.13' }, { 'date' => '2011-01-06T14:45:14', 'version' => '0.14' }, { 'date' => '2013-02-05T00:19:11', 'version' => '0.15' }, { 'date' => '2013-02-06T15:18:38', 'version' => '0.16' }, { 'date' => '2013-02-19T15:58:21', 'version' => '0.17' }, { 'date' => '2013-02-20T00:31:32', 'version' => '0.18' }, { 'date' => '2013-03-13T15:48:07', 'version' => '0.19' }, { 'date' => '2013-07-13T19:21:15', 'version' => '0.20' }, { 'date' => '2013-12-05T21:16:41', 'version' => '0.21' }, { 'date' => '2013-12-05T22:47:38', 'version' => '0.22' }, { 'date' => '2014-03-09T16:00:20', 'version' => '0.23' }, { 'date' => '2014-08-28T16:00:00', 'version' => '0.24' }, { 'date' => '2016-02-02T16:17:46', 'version' => '0.25' }, { 'date' => '2016-05-31T17:31:50', 'version' => '0.26' }, { 'date' => '2016-11-17T18:05:57', 'version' => '0.27' }, { 'date' => '2021-03-29T17:01:17', 'version' => '0.28' }, { 'date' => '2021-03-29T17:07:58', 'version' => '0.29' }, { 'date' => '2021-03-29T21:50:39', 'version' => '0.30' }, { 'date' => '2022-11-28T18:19:55', 'version' => '0.31' } ] }, 'Devel-PPPort' => { 'advisories' => [ { 'affected_versions' => '<3.41', 'cves' => [], 'description' => 'Function croak() takes first parameter printf-like format. Arbitrary string from the variable $@ can cause perl crash when contains one or more \'%\'. ', 'distribution' => 'Devel-PPPort', 'fixed_versions' => '>=3.41', 'id' => 'CPANSA-Devel-PPPort-2017-01', 'references' => [ 'https://metacpan.org/dist/Devel-PPPort/changes', 'https://github.com/Dual-Life/Devel-PPPort/pull/47' ], 'reported' => '2017-02-14', 'severity' => undef } ], 'main_module' => 'Devel::PPPort', 'versions' => [ { 'date' => '1999-03-01T05:05:50', 'version' => '1.0004' }, { 'date' => '1999-03-08T02:57:01', 'version' => '1.0005' }, { 'date' => '1999-03-24T16:17:40', 'version' => '1.0006' }, { 'date' => '1999-03-29T16:29:09', 'version' => '1.0007' }, { 'date' => '2004-08-07T14:09:53', 'version' => '2.99_01' }, { 'date' => '2004-08-08T17:24:46', 'version' => '2.99_02' }, { 'date' => '2004-08-09T20:40:45', 'version' => '2.99_03' }, { 'date' => '2004-08-10T21:37:23', 'version' => '2.99_04' }, { 'date' => '2004-08-10T21:52:34', 'version' => '2.99_05' }, { 'date' => '2004-08-11T21:14:33', 'version' => '2.99_06' }, { 'date' => '2004-08-13T11:05:16', 'version' => '2.99_07' }, { 'date' => '2004-08-16T09:37:21', 'version' => '3.00' }, { 'date' => '2004-08-17T21:45:21', 'version' => '3.00_01' }, { 'date' => '2004-08-19T11:23:25', 'version' => '3.00_02' }, { 'date' => '2004-08-20T13:31:59', 'version' => '3.00_03' }, { 'date' => '2004-08-23T05:52:31', 'version' => '3.01' }, { 'date' => '2004-09-08T19:25:27', 'version' => '3.02' }, { 'date' => '2004-09-08T20:39:17', 'version' => '3.03' }, { 'date' => '2004-12-29T14:03:53', 'version' => '3.04' }, { 'date' => '2005-01-31T18:29:11', 'version' => '3.05' }, { 'date' => '2005-02-02T21:53:39', 'version' => '3.06' }, { 'date' => '2005-06-25T16:59:34', 'version' => '3.06_01' }, { 'date' => '2005-10-18T19:59:34', 'version' => '3.06_02' }, { 'date' => '2005-10-18T21:43:58', 'version' => '3.06_03' }, { 'date' => '2005-10-30T11:10:01', 'version' => '3.06_04' }, { 'date' => '2006-01-16T18:10:31', 'version' => '3.07' }, { 'date' => '2006-01-19T18:40:04', 'version' => '3.08' }, { 'date' => '2006-05-20T11:11:00', 'version' => '3.08_01' }, { 'date' => '2006-05-22T11:17:01', 'version' => '3.08_02' }, { 'date' => '2006-05-25T15:33:51', 'version' => '3.08_03' }, { 'date' => '2006-05-29T17:44:18', 'version' => '3.08_04' }, { 'date' => '2006-06-23T19:00:30', 'version' => '3.08_05' }, { 'date' => '2006-06-25T08:09:51', 'version' => '3.08_06' }, { 'date' => '2006-07-03T21:36:39', 'version' => '3.08_07' }, { 'date' => '2006-07-08T16:22:49', 'version' => '3.09' }, { 'date' => '2006-07-21T17:25:17', 'version' => '3.09_01' }, { 'date' => '2006-07-25T18:45:27', 'version' => '3.09_02' }, { 'date' => '2006-08-14T19:31:33', 'version' => '3.10' }, { 'date' => '2006-12-02T16:26:47', 'version' => '3.10_01' }, { 'date' => '2006-12-02T17:23:57', 'version' => '3.10_02' }, { 'date' => '2007-02-14T13:10:03', 'version' => '3.11' }, { 'date' => '2007-03-23T17:09:16', 'version' => '3.11_01' }, { 'date' => '2007-08-12T23:08:25', 'version' => '3.11_02' }, { 'date' => '2007-08-14T19:14:20', 'version' => '3.11_03' }, { 'date' => '2007-08-20T16:31:23', 'version' => '3.11_04' }, { 'date' => '2007-08-20T17:29:16', 'version' => '3.11_05' }, { 'date' => '2007-09-11T21:41:31', 'version' => '3.11_06' }, { 'date' => '2007-09-22T08:00:55', 'version' => '3.12' }, { 'date' => '2007-10-04T10:33:11', 'version' => '3.13' }, { 'date' => '2008-01-04T14:09:17', 'version' => '3.13_01' }, { 'date' => '2008-04-13T13:11:47', 'version' => '3.13_02' }, { 'date' => '2008-05-13T19:07:49', 'version' => '3.13_03' }, { 'date' => '2008-06-01T12:08:17', 'version' => '3.14' }, { 'date' => '2008-07-11T20:42:44', 'version' => '3.14_01' }, { 'date' => '2008-10-12T19:49:45', 'version' => '3.14_02' }, { 'date' => '2008-10-21T21:20:59', 'version' => '3.14_03' }, { 'date' => '2008-10-30T18:55:01', 'version' => '3.14_04' }, { 'date' => '2008-10-31T07:20:25', 'version' => '3.14_05' }, { 'date' => '2009-01-18T13:49:22', 'version' => '3.15' }, { 'date' => '2009-01-23T17:33:31', 'version' => '3.16' }, { 'date' => '2009-03-15T15:45:38', 'version' => '3.17' }, { 'date' => '2009-06-12T11:05:52', 'version' => '3.18' }, { 'date' => '2009-06-12T11:25:31', 'version' => '3.18_01' }, { 'date' => '2009-06-14T09:59:59', 'version' => '3.19' }, { 'date' => '2010-02-20T18:48:07', 'version' => '3.19_01' }, { 'date' => '2010-03-07T12:51:00', 'version' => '3.19_02' }, { 'date' => '2011-04-13T07:49:49', 'version' => '3.19_03' }, { 'date' => '2011-09-10T19:32:27', 'version' => '3.20' }, { 'date' => '2013-08-17T13:27:59', 'version' => '3.21' }, { 'date' => '2014-03-20T02:17:15', 'version' => '3.22' }, { 'date' => '2014-04-13T00:04:17', 'version' => '3.23' }, { 'date' => '2014-05-09T00:15:50', 'version' => '3.24' }, { 'date' => '2014-12-02T13:08:04', 'version' => '3.25' }, { 'date' => '2015-01-08T02:42:03', 'version' => '3.26' }, { 'date' => '2015-01-13T15:02:40', 'version' => '3.27' }, { 'date' => '2015-01-16T12:33:46', 'version' => '3.28' }, { 'date' => '2015-03-05T13:22:18', 'version' => '3.29' }, { 'date' => '2015-03-05T20:29:10', 'version' => '3.30' }, { 'date' => '2015-03-12T14:27:15', 'version' => '3.31' }, { 'date' => '2015-09-30T16:31:45', 'version' => '3.32' }, { 'date' => '2016-05-06T11:01:12', 'version' => '3.32_01' }, { 'date' => '2016-05-24T13:59:25', 'version' => '3.32_02' }, { 'date' => '2016-06-03T13:47:32', 'version' => '3.33' }, { 'date' => '2016-06-12T23:09:20', 'version' => '3.34' }, { 'date' => '2016-06-17T18:22:04', 'version' => '3.35' }, { 'date' => '2017-05-14T08:53:44', 'version' => '3.36' }, { 'date' => '2018-04-21T12:18:05', 'version' => '3.41' }, { 'date' => '2018-04-21T14:45:37', 'version' => '3.42' }, { 'date' => '2018-09-19T14:47:44', 'version' => '3.43' }, { 'date' => '2018-10-12T17:16:24', 'version' => '3.43_04' }, { 'date' => '2019-02-20T23:05:14', 'version' => '3.44' }, { 'date' => '2019-03-19T20:55:38', 'version' => '3.45' }, { 'date' => '2019-04-26T19:50:59', 'version' => '3.46' }, { 'date' => '2019-04-28T05:30:49', 'version' => '3.47' }, { 'date' => '2019-04-28T21:43:34', 'version' => '3.48' }, { 'date' => '2019-04-28T21:57:51', 'version' => '3.48' }, { 'date' => '2019-04-29T17:48:49', 'version' => '3.49' }, { 'date' => '2019-04-30T19:05:34', 'version' => '3.50' }, { 'date' => '2019-04-30T23:09:43', 'version' => '3.51' }, { 'date' => '2019-05-14T17:18:17', 'version' => '3.52' }, { 'date' => '2019-06-09T16:13:03', 'version' => '3.52_04' }, { 'date' => '2019-06-11T07:57:30', 'version' => '3.53_04' }, { 'date' => '2019-09-28T00:25:55', 'version' => '3.53' }, { 'date' => '2019-09-28T00:35:17', 'version' => '3.54' }, { 'date' => '2019-11-07T21:15:22', 'version' => '3.55' }, { 'date' => '2019-11-25T17:04:32', 'version' => '3.56' }, { 'date' => '2020-01-31T20:46:51', 'version' => '3.57' }, { 'date' => '2020-02-10T22:15:17', 'version' => '3.57_01' }, { 'date' => '2020-03-04T21:32:50', 'version' => '3.57_02' }, { 'date' => '2020-03-09T20:42:29', 'version' => '3.58' }, { 'date' => '2020-08-06T22:31:34', 'version' => '3.58_01' }, { 'date' => '2020-08-10T16:51:52', 'version' => '3.59' }, { 'date' => '2020-08-11T19:44:32', 'version' => '3.60' }, { 'date' => '2020-09-30T23:22:16', 'version' => '3.60_01' }, { 'date' => '2020-10-07T14:59:47', 'version' => '3.60_02' }, { 'date' => '2020-10-12T23:25:45', 'version' => '3.61' }, { 'date' => '2020-10-16T20:01:45', 'version' => '3.62' }, { 'date' => '2021-07-07T00:08:28', 'version' => '3.63' }, { 'date' => '2022-02-01T18:16:40', 'version' => '3.64' }, { 'date' => '2022-03-02T22:12:02', 'version' => '3.65' }, { 'date' => '2022-03-02T22:41:01', 'version' => '3.66' }, { 'date' => '2022-03-08T19:25:43', 'version' => '3.67' }, { 'date' => '2022-03-18T22:08:30', 'version' => '3.68' } ] }, 'Devel-StackTrace' => { 'advisories' => [ { 'affected_versions' => '<1.19', 'cves' => [ 'CVE-2008-3502' ], 'description' => 'Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl. ', 'distribution' => 'Devel-StackTrace', 'fixed_versions' => '>=1.19', 'id' => 'CPANSA-Devel-StackTrace-2008-3502', 'references' => [ 'http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html', 'http://www.securityfocus.com/bid/29925', 'http://secunia.com/advisories/30830', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/43337' ], 'reported' => '2008-08-06', 'severity' => undef } ], 'main_module' => 'Devel::StackTrace', 'versions' => [ { 'date' => '2000-06-27T19:21:12', 'version' => '0.7' }, { 'date' => '2000-07-04T16:34:23', 'version' => '0.75' }, { 'date' => '2000-09-03T02:55:27', 'version' => '0.8' }, { 'date' => '2000-09-03T04:10:13', 'version' => '0.85' }, { 'date' => '2001-11-24T06:37:34', 'version' => '0.9' }, { 'date' => '2002-08-23T09:12:26', 'version' => '1.00' }, { 'date' => '2002-09-18T16:19:28', 'version' => '1.01' }, { 'date' => '2002-09-19T22:12:09', 'version' => '1.02' }, { 'date' => '2003-01-22T20:33:08', 'version' => '1.03' }, { 'date' => '2003-09-25T19:15:23', 'version' => '1.04' }, { 'date' => '2004-02-17T20:35:35', 'version' => '1.05' }, { 'date' => '2004-02-22T00:14:28', 'version' => '1.06' }, { 'date' => '2004-02-22T00:30:48', 'version' => '1.07' }, { 'date' => '2004-02-23T15:25:26', 'version' => '1.08' }, { 'date' => '2004-02-26T22:30:00', 'version' => '1.09' }, { 'date' => '2004-03-10T21:25:04', 'version' => '1.10' }, { 'date' => '2004-04-12T05:11:33', 'version' => '1.11' }, { 'date' => '2005-09-30T05:47:47', 'version' => '1.12' }, { 'date' => '2006-04-01T04:51:47', 'version' => '1.13' }, { 'date' => '2007-03-16T15:29:38', 'version' => '1.14' }, { 'date' => '2007-04-28T20:07:57', 'version' => '1.15' }, { 'date' => '2008-02-02T06:09:06', 'version' => '1.16' }, { 'date' => '2008-03-30T17:20:19', 'version' => '1.17' }, { 'date' => '2008-03-31T14:16:23', 'version' => '1.18' }, { 'date' => '2008-06-13T18:07:37', 'version' => '1.19' }, { 'date' => '2008-06-13T23:46:42', 'version' => '1.1901' }, { 'date' => '2008-07-16T13:20:57', 'version' => '1.1902' }, { 'date' => '2008-10-26T01:44:25', 'version' => '1.20' }, { 'date' => '2009-07-02T04:50:03', 'version' => '1.21' }, { 'date' => '2009-07-15T19:51:37', 'version' => '1.22' }, { 'date' => '2010-08-28T01:47:36', 'version' => '1.23' }, { 'date' => '2010-09-03T14:18:22', 'version' => '1.24' }, { 'date' => '2010-09-06T14:54:15', 'version' => '1.25' }, { 'date' => '2010-10-15T15:25:58', 'version' => '1.26' }, { 'date' => '2011-01-16T18:57:01', 'version' => '1.27' }, { 'date' => '2012-11-16T16:59:05', 'version' => '1.28' }, { 'date' => '2012-11-16T17:47:00', 'version' => '1.29' }, { 'date' => '2012-11-20T05:07:49', 'version' => '1.30' }, { 'date' => '2014-01-16T22:37:16', 'version' => '1.31' }, { 'date' => '2014-05-05T08:01:10', 'version' => '1.32' }, { 'date' => '2014-06-26T20:43:33', 'version' => '1.33' }, { 'date' => '2014-06-26T21:50:12', 'version' => '1.34' }, { 'date' => '2014-11-01T18:06:29', 'version' => '2.00' }, { 'date' => '2016-03-02T17:23:15', 'version' => '2.01' }, { 'date' => '2016-12-07T19:51:47', 'version' => '2.02' }, { 'date' => '2017-11-18T17:10:57', 'version' => '2.03' }, { 'date' => '2019-05-24T18:54:07', 'version' => '2.04' }, { 'date' => '2024-01-08T04:48:56', 'version' => '2.05' } ] }, 'Dezi' => { 'advisories' => [ { 'affected_versions' => '<0.002002', 'cves' => [], 'description' => 'Bypassing authentication on the /index URL app with non-idempotent requests to /search URL. ', 'distribution' => 'Dezi', 'fixed_versions' => '>=0.002002', 'id' => 'CPANSA-Dezi-2012-01', 'references' => [ 'https://metacpan.org/changes/distribution/Dezi', 'https://github.com/karpet/Dezi/commit/f1ad292b4dd988d1a38202c804bb7a2a3bcca3c8' ], 'reported' => '2012-09-13' } ], 'main_module' => 'Dezi', 'versions' => [ { 'date' => '2011-06-22T04:53:57', 'version' => '0.001000' }, { 'date' => '2011-08-03T02:42:22', 'version' => '0.001001' }, { 'date' => '2011-09-30T03:35:08', 'version' => '0.001002' }, { 'date' => '2011-10-23T02:12:02', 'version' => '0.001003' }, { 'date' => '2012-03-17T02:40:15', 'version' => '0.001004' }, { 'date' => '2012-07-11T03:20:40', 'version' => '0.001005' }, { 'date' => '2012-08-18T02:43:23', 'version' => '0.001006' }, { 'date' => '2012-08-22T03:58:33', 'version' => '0.001007' }, { 'date' => '2012-09-04T02:05:34', 'version' => '0.001008' }, { 'date' => '2012-09-12T03:51:13', 'version' => '0.002000' }, { 'date' => '2012-09-13T01:50:59', 'version' => '0.002001' }, { 'date' => '2012-09-13T14:10:02', 'version' => '0.002002' }, { 'date' => '2012-10-16T00:57:46', 'version' => '0.002003' }, { 'date' => '2012-10-18T03:15:21', 'version' => '0.002004' }, { 'date' => '2012-12-19T05:25:13', 'version' => '0.002005' }, { 'date' => '2013-02-03T02:49:07', 'version' => '0.002006' }, { 'date' => '2013-02-05T15:02:54', 'version' => '0.002007' }, { 'date' => '2013-02-09T05:37:41', 'version' => '0.002008' }, { 'date' => '2013-02-13T02:30:33', 'version' => '0.002009' }, { 'date' => '2013-02-13T04:31:49', 'version' => '0.002010' }, { 'date' => '2013-11-13T17:08:03', 'version' => '0.002011' }, { 'date' => '2014-02-27T18:08:30', 'version' => '0.002012' }, { 'date' => '2014-06-05T06:59:12', 'version' => '0.002998_01' }, { 'date' => '2014-06-08T04:59:17', 'version' => '0.003000' }, { 'date' => '2014-07-30T20:40:24', 'version' => '0.004000' }, { 'date' => '2014-09-02T02:45:00', 'version' => '0.004001' }, { 'date' => '2015-04-30T22:01:11', 'version' => '0.004002' }, { 'date' => '2018-05-16T02:24:24', 'version' => '0.004003' } ] }, 'Digest' => { 'advisories' => [ { 'affected_versions' => '<1.17', 'cves' => [ 'CVE-2011-3597' ], 'description' => 'Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor. ', 'distribution' => 'Digest', 'fixed_versions' => '>=0.17', 'id' => 'CPANSA-Digest-2011-3597', 'references' => [ 'http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc', 'http://www.redhat.com/support/errata/RHSA-2011-1797.html', 'http://www.redhat.com/support/errata/RHSA-2011-1424.html', 'https://bugzilla.redhat.com/show_bug.cgi?id=743010', 'http://www.securityfocus.com/bid/49911', 'http://secunia.com/advisories/46279', 'http://cpansearch.perl.org/src/GAAS/Digest-1.17/Changes', 'http://www.mandriva.com/security/advisories?name=MDVSA-2012:009', 'http://www.mandriva.com/security/advisories?name=MDVSA-2012:008', 'http://secunia.com/advisories/51457', 'http://www.ubuntu.com/usn/USN-1643-1', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446' ], 'reported' => '2012-01-13', 'reviewed_by' => [ { 'date' => '2022-07-05', 'email' => 'rrwo@cpan.org', 'name' => 'Robert Rothenberg' } ], 'severity' => undef }, { 'affected_versions' => '<1.19', 'cves' => [ 'CVE-2016-1238' ], 'description' => 'Includes . in @INC which might allow local users to gain privileges via a Trojan horse module under the current working directory. ', 'distribution' => 'Digest', 'fixed_versions' => '>=1.19', 'id' => 'CPANSA-Digest-2016-1238', 'references' => [ 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'severity' => 'high' } ], 'main_module' => 'Digest', 'versions' => [ { 'date' => '2001-03-14T06:33:08', 'version' => '1.00' }, { 'date' => '2003-01-05T01:23:53', 'version' => '1.01' }, { 'date' => '2003-01-19T04:35:36', 'version' => '1.02' }, { 'date' => '2003-11-28T12:29:42', 'version' => '1.03' }, { 'date' => '2003-11-29T12:08:20', 'version' => '1.04' }, { 'date' => '2003-12-01T07:58:06', 'version' => '1.05' }, { 'date' => '2004-04-01T10:55:24', 'version' => '1.06' }, { 'date' => '2004-04-25T14:39:53', 'version' => '1.07' }, { 'date' => '2004-04-29T07:56:42', 'version' => '1.08' }, { 'date' => '2004-11-05T12:20:28', 'version' => '1.09' }, { 'date' => '2004-11-08T09:41:14', 'version' => '1.10' }, { 'date' => '2005-09-11T11:14:33', 'version' => '1.11' }, { 'date' => '2005-09-29T10:20:20', 'version' => '1.12' }, { 'date' => '2005-10-18T11:59:24', 'version' => '1.13' }, { 'date' => '2005-11-26T10:10:21', 'version' => '1.14' }, { 'date' => '2006-03-20T15:18:01', 'version' => '1.15' }, { 'date' => '2009-06-09T18:58:26', 'version' => '1.16' }, { 'date' => '2011-10-02T10:14:32', 'version' => '1.17' }, { 'date' => '2020-10-13T19:16:47', 'version' => '1.18' }, { 'date' => '2020-10-13T20:02:35', 'version' => '1.19' }, { 'date' => '2021-08-24T13:51:51', 'version' => '1.20' } ] }, 'Digest-MD5' => { 'advisories' => [ { 'affected_versions' => '<2.25', 'cves' => [ 'CVE-2002-0703' ], 'description' => 'An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data. ', 'distribution' => 'Digest-MD5', 'fixed_versions' => undef, 'id' => 'CPANSA-Digest-MD5-2002-0703', 'references' => [ 'http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php', 'http://www.iss.net/security_center/static/9051.php', 'http://www.securityfocus.com/bid/4716', 'http://rhn.redhat.com/errata/RHSA-2002-081.html' ], 'reported' => '2002-07-26', 'severity' => undef } ], 'main_module' => 'Digest::MD5', 'versions' => [ { 'date' => '1998-10-23T12:30:56', 'version' => '1.99_53' }, { 'date' => '1998-10-24T13:58:24', 'version' => '1.99_54' }, { 'date' => '1998-10-24T22:44:03', 'version' => '1.99_55' }, { 'date' => '1998-10-24T23:07:15', 'version' => '1.99_56' }, { 'date' => '1998-10-27T21:09:37', 'version' => '1.99_57' }, { 'date' => '1998-10-28T14:11:30', 'version' => '1.99_58' }, { 'date' => '1998-10-28T20:57:10', 'version' => '1.99_59' }, { 'date' => '1998-10-30T17:23:27', 'version' => '1.99_60' }, { 'date' => '1998-11-04T22:27:42', 'version' => '2.00' }, { 'date' => '1998-12-30T04:01:06', 'version' => '2.01' }, { 'date' => '1999-01-31T16:44:38', 'version' => '2.02' }, { 'date' => '1999-02-01T20:25:06', 'version' => '2.02' }, { 'date' => '1999-02-27T21:39:24', 'version' => '2.03' }, { 'date' => '1999-03-05T21:17:35', 'version' => '2.04' }, { 'date' => '1999-03-15T10:58:32', 'version' => '2.05' }, { 'date' => '1999-03-19T05:05:36', 'version' => '2.05' }, { 'date' => '1999-03-26T13:51:38', 'version' => '2.06' }, { 'date' => '1999-04-26T09:45:43', 'version' => '2.07' }, { 'date' => '1999-06-02T13:44:41', 'version' => '2.07' }, { 'date' => '1999-07-28T10:55:54', 'version' => '2.08' }, { 'date' => '1999-08-05T23:29:15', 'version' => '2.09' }, { 'date' => '1999-09-02T12:45:17', 'version' => '2.09' }, { 'date' => '2000-08-18T08:49:59', 'version' => '2.10' }, { 'date' => '2000-08-19T17:39:04', 'version' => '2.11' }, { 'date' => '2000-09-18T15:10:45', 'version' => '2.12' }, { 'date' => '2001-01-19T06:08:47', 'version' => '2.12' }, { 'date' => '2001-03-14T05:56:41', 'version' => '2.13' }, { 'date' => '2001-03-17T04:35:32', 'version' => '2.13' }, { 'date' => '2001-06-24T07:37:20', 'version' => '2.13' }, { 'date' => '2001-07-18T13:40:13', 'version' => '2.14' }, { 'date' => '2001-08-27T17:53:29', 'version' => '2.15' }, { 'date' => '2001-08-29T06:32:30', 'version' => '2.15' }, { 'date' => '2001-09-07T05:52:46', 'version' => '2.16' }, { 'date' => '2002-04-25T17:24:14', 'version' => '2.17' }, { 'date' => '2002-05-01T23:34:50', 'version' => '2.18' }, { 'date' => '2002-05-02T03:21:40', 'version' => '2.19' }, { 'date' => '2002-05-06T05:20:38', 'version' => '2.20' }, { 'date' => '2002-12-28T05:33:19', 'version' => '2.21' }, { 'date' => '2003-01-05T01:04:07', 'version' => '2.22' }, { 'date' => '2003-01-19T04:55:24', 'version' => '2.23' }, { 'date' => '2003-03-09T15:26:49', 'version' => '2.24' }, { 'date' => '2003-07-05T05:33:54', 'version' => '2.25' }, { 'date' => '2003-07-22T06:15:03', 'version' => '2.26' }, { 'date' => '2003-08-05T06:12:31', 'version' => '2.27' }, { 'date' => '2003-10-06T13:16:20', 'version' => '2.28' }, { 'date' => '2003-10-06T17:37:30', 'version' => '2.29' }, { 'date' => '2003-10-09T09:40:47', 'version' => '2.30' }, { 'date' => '2003-11-28T13:10:59', 'version' => '2.31' }, { 'date' => '2003-12-05T10:15:43', 'version' => '2.32' }, { 'date' => '2003-12-07T10:31:15', 'version' => '2.33' }, { 'date' => '2005-11-26T10:05:19', 'version' => '2.34' }, { 'date' => '2005-11-26T11:15:35', 'version' => '2.35' }, { 'date' => '2005-11-30T13:55:38', 'version' => '2.36' }, { 'date' => '2008-11-12T09:36:42', 'version' => '2.37' }, { 'date' => '2008-11-14T13:50:45', 'version' => '2.38' }, { 'date' => '2009-06-09T20:21:55', 'version' => '2.39' }, { 'date' => '2010-07-03T14:01:25', 'version' => '2.40' }, { 'date' => '2010-09-25T22:12:42', 'version' => '2.50' }, { 'date' => '2010-09-30T19:46:29', 'version' => '2.51' }, { 'date' => '2012-06-07T22:37:00', 'version' => '2.52' }, { 'date' => '2013-07-02T17:56:06', 'version' => '2.53' }, { 'date' => '2015-01-12T21:19:42', 'version' => '2.54' }, { 'date' => '2016-03-09T21:17:10', 'version' => '2.55' }, { 'date' => '2020-10-05T17:19:37', 'version' => '2.56' }, { 'date' => '2020-10-05T17:42:48', 'version' => '2.57' }, { 'date' => '2020-10-05T21:53:32', 'version' => '2.58' }, { 'date' => '2023-12-30T21:01:56', 'version' => '2.59' } ] }, 'Dpkg' => { 'advisories' => [ { 'affected_versions' => '<1.21.8', 'cves' => [ 'CVE-2022-1664' ], 'description' => 'Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.21.8', 'id' => 'CPANSA-Dpkg-2022-1664', 'references' => [ 'https://lists.debian.org/debian-security-announce/2022/msg00115.html', 'https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be', 'https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b', 'https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html', 'https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5', 'https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495' ], 'reported' => '2022-05-26', 'severity' => 'critical' }, { 'affected_versions' => '<1.18.24', 'cves' => [ 'CVE-2017-8283' ], 'description' => 'dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.18.24', 'id' => 'CPANSA-Dpkg-2017-8283', 'references' => [ 'http://www.openwall.com/lists/oss-security/2017/04/20/2', 'http://www.securityfocus.com/bid/98064' ], 'reported' => '2017-04-26', 'severity' => 'critical' }, { 'affected_versions' => '<1.18.11', 'cves' => [ 'CVE-2016-1238' ], 'description' => '(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.18.11', 'id' => 'CPANSA-Dpkg-2016-1238', 'references' => [ 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'severity' => 'high' }, { 'affected_versions' => '<1.18.4', 'cves' => [ 'CVE-2015-0860' ], 'description' => 'Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.18.4', 'id' => 'CPANSA-Dpkg-2015-0860', 'references' => [ 'http://www.ubuntu.com/usn/USN-2820-1', 'http://www.debian.org/security/2015/dsa-3407', 'https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324', 'https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d', 'https://security.gentoo.org/glsa/201612-07' ], 'reported' => '2015-12-03', 'severity' => undef }, { 'affected_versions' => '<1.18.0', 'cves' => [ 'CVE-2015-0840' ], 'description' => 'The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.18.0', 'id' => 'CPANSA-Dpkg-2015-0840', 'references' => [ 'http://www.ubuntu.com/usn/USN-2566-1', 'http://www.debian.org/security/2015/dsa-3217', 'http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html' ], 'reported' => '2015-04-13', 'severity' => undef }, { 'affected_versions' => '<1.17.22', 'cves' => [ 'CVE-2014-8625' ], 'description' => 'Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.17.22', 'id' => 'CPANSA-Dpkg-2014-8625', 'references' => [ 'http://seclists.org/oss-sec/2014/q4/539', 'https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135', 'http://seclists.org/oss-sec/2014/q4/622', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485', 'http://seclists.org/oss-sec/2014/q4/551', 'http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/98551' ], 'reported' => '2015-01-20', 'severity' => undef }, { 'affected_versions' => '<1.17.10', 'cves' => [ 'CVE-2014-0471' ], 'description' => 'Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.17.10', 'id' => 'CPANSA-Dpkg-2014-0471', 'references' => [ 'http://www.debian.org/security/2014/dsa-2915', 'http://www.ubuntu.com/usn/USN-2183-1', 'http://www.securityfocus.com/bid/67106' ], 'reported' => '2014-04-30', 'severity' => undef }, { 'affected_versions' => '<1.17.10', 'cves' => [ 'CVE-2014-3127' ], 'description' => 'dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.17.10', 'id' => 'CPANSA-Dpkg-2014-3127', 'references' => [ 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306', 'http://www.securityfocus.com/bid/67181', 'http://seclists.org/oss-sec/2014/q2/227', 'http://seclists.org/oss-sec/2014/q2/191', 'http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog' ], 'reported' => '2014-05-14', 'severity' => undef }, { 'affected_versions' => '<1.17.10', 'cves' => [ 'CVE-2014-3864' ], 'description' => 'Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.17.10', 'id' => 'CPANSA-Dpkg-2014-3864', 'references' => [ 'http://openwall.com/lists/oss-security/2014/05/25/2', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498', 'http://www.securityfocus.com/bid/67725', 'http://www.ubuntu.com/usn/USN-2242-1', 'http://www.debian.org/security/2014/dsa-2953' ], 'reported' => '2014-05-30', 'severity' => undef }, { 'affected_versions' => '<1.17.10', 'cves' => [ 'CVE-2014-3865' ], 'description' => 'Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.17.10', 'id' => 'CPANSA-Dpkg-2014-3865', 'references' => [ 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183', 'http://openwall.com/lists/oss-security/2014/05/25/2', 'http://www.securityfocus.com/bid/67727', 'http://www.ubuntu.com/usn/USN-2242-1', 'http://www.debian.org/security/2014/dsa-2953' ], 'reported' => '2014-05-30', 'severity' => undef }, { 'affected_versions' => '<1.17.9', 'cves' => [ 'CVE-2014-0471' ], 'description' => 'Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.17.9', 'id' => 'CPANSA-Dpkg-2014-0471', 'references' => [ 'http://www.debian.org/security/2014/dsa-2915', 'http://www.ubuntu.com/usn/USN-2183-1', 'http://www.securityfocus.com/bid/67106' ], 'reported' => '2014-04-30', 'severity' => undef }, { 'affected_versions' => '<1.17.9', 'cves' => [ 'CVE-2014-3127' ], 'description' => 'dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.17.9', 'id' => 'CPANSA-Dpkg-2014-3127', 'references' => [ 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306', 'http://www.securityfocus.com/bid/67181', 'http://seclists.org/oss-sec/2014/q2/227', 'http://seclists.org/oss-sec/2014/q2/191', 'http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog' ], 'reported' => '2014-05-14', 'severity' => undef }, { 'affected_versions' => '<1.17.8', 'cves' => [ 'CVE-2014-0471' ], 'description' => 'Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.17.8', 'id' => 'CPANSA-Dpkg-2014-0471', 'references' => [ 'http://www.debian.org/security/2014/dsa-2915', 'http://www.ubuntu.com/usn/USN-2183-1', 'http://www.securityfocus.com/bid/67106' ], 'reported' => '2014-04-30', 'severity' => undef }, { 'affected_versions' => '<1.15.8.8', 'cves' => [ 'CVE-2010-1679' ], 'description' => 'Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.15.8.8', 'id' => 'CPANSA-Dpkg-2010-1679', 'references' => [ 'http://www.vupen.com/english/advisories/2011/0044', 'http://secunia.com/advisories/42831', 'http://secunia.com/advisories/42826', 'http://www.ubuntu.com/usn/USN-1038-1', 'http://www.debian.org/security/2011/dsa-2142', 'http://www.vupen.com/english/advisories/2011/0040', 'http://osvdb.org/70368', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html', 'http://secunia.com/advisories/43054', 'http://www.securityfocus.com/bid/45703', 'http://www.vupen.com/english/advisories/2011/0196', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/64615' ], 'reported' => '2011-01-11', 'severity' => undef }, { 'affected_versions' => '<1.15.6', 'cves' => [ 'CVE-2010-0396' ], 'description' => 'Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.15.6', 'id' => 'CPANSA-Dpkg-2010-0396', 'references' => [ 'http://www.debian.org/security/2010/dsa-2011', 'http://www.vupen.com/english/advisories/2010/0582', 'http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/56887' ], 'reported' => '2010-03-15', 'severity' => undef }, { 'affected_versions' => '=1.9.21', 'cves' => [ 'CVE-2004-2768' ], 'description' => 'dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.9.22', 'id' => 'CPANSA-Dpkg-2004-2768', 'references' => [ 'http://www.hackinglinuxexposed.com/articles/20031214.html', 'http://lists.jammed.com/ISN/2003/12/0056.html', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692', 'https://bugzilla.redhat.com/show_bug.cgi?id=598775', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/59428' ], 'reported' => '2010-06-08', 'severity' => undef }, { 'affected_versions' => '<1.15.10', 'cves' => [ 'CVE-2011-0402' ], 'description' => 'dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. ', 'distribution' => 'Dpkg', 'fixed_versions' => '>=1.15.10', 'id' => 'CPANSA-Dpkg-2011-0402', 'references' => [ 'http://www.ubuntu.com/usn/USN-1038-1', 'http://secunia.com/advisories/42831', 'http://www.debian.org/security/2011/dsa-2142', 'http://secunia.com/advisories/42826', 'http://www.vupen.com/english/advisories/2011/0040', 'http://www.vupen.com/english/advisories/2011/0044', 'http://osvdb.org/70367', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html', 'http://www.vupen.com/english/advisories/2011/0196', 'http://www.securityfocus.com/bid/45703', 'http://secunia.com/advisories/43054', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/64614' ], 'reported' => '2011-01-11', 'severity' => undef } ], 'main_module' => 'Dpkg', 'versions' => [ { 'date' => '2018-09-26T18:53:52', 'version' => 'v1.19.1' }, { 'date' => '2018-10-08T10:54:58', 'version' => 'v1.19.2' }, { 'date' => '2019-01-22T18:41:25', 'version' => 'v1.19.3' }, { 'date' => '2019-02-23T17:40:31', 'version' => 'v1.19.5' }, { 'date' => '2019-03-25T14:54:21', 'version' => 'v1.19.6' }, { 'date' => '2019-06-03T21:51:58', 'version' => 'v1.19.7' }, { 'date' => '2020-03-08T03:05:24', 'version' => 'v1.20.0' }, { 'date' => '2020-06-27T01:26:33', 'version' => 'v1.20.1' }, { 'date' => '2020-06-27T23:35:03', 'version' => 'v1.20.2' }, { 'date' => '2020-06-29T11:02:10', 'version' => 'v1.20.3' }, { 'date' => '2020-07-07T06:22:23', 'version' => 'v1.20.4' }, { 'date' => '2020-07-08T03:55:55', 'version' => 'v1.20.5' }, { 'date' => '2021-01-08T04:23:50', 'version' => 'v1.20.6' }, { 'date' => '2021-01-09T00:19:44', 'version' => 'v1.20.7' }, { 'date' => '2021-04-13T21:44:34', 'version' => 'v1.20.8' }, { 'date' => '2021-04-13T23:33:15', 'version' => 'v1.20.9' }, { 'date' => '2021-12-05T18:08:48', 'version' => 'v1.21.0' }, { 'date' => '2021-12-06T20:23:10', 'version' => 'v1.21.1' }, { 'date' => '2022-03-13T20:07:04', 'version' => 'v1.21.2' }, { 'date' => '2022-03-24T20:19:38', 'version' => 'v1.21.3' }, { 'date' => '2022-03-26T12:56:21', 'version' => 'v1.21.4' }, { 'date' => '2022-03-29T01:07:10', 'version' => 'v1.21.5' }, { 'date' => '2022-05-25T15:21:07', 'version' => 'v1.21.8' }, { 'date' => '2022-07-01T09:48:45', 'version' => 'v1.21.9' }, { 'date' => '2022-12-01T12:08:26', 'version' => 'v1.21.10' }, { 'date' => '2022-12-02T23:34:17', 'version' => 'v1.21.11' }, { 'date' => '2022-12-19T01:27:49', 'version' => 'v1.21.13' }, { 'date' => '2023-01-01T23:04:24', 'version' => 'v1.21.14' }, { 'date' => '2023-01-25T22:18:51', 'version' => 'v1.21.19' }, { 'date' => '2023-05-16T22:34:01', 'version' => 'v1.21.22' }, { 'date' => '2023-08-30T10:44:22', 'version' => 'v1.22.0' }, { 'date' => '2023-10-30T03:47:45', 'version' => 'v1.22.1' }, { 'date' => '2023-12-18T03:09:08', 'version' => 'v1.22.2' }, { 'date' => '2024-01-24T12:39:35', 'version' => 'v1.22.4' } ] }, 'Elive' => { 'advisories' => [ { 'affected_versions' => '<1.20', 'cves' => [], 'description' => 'Elive::DAO->set() did not die on tainted data. ', 'distribution' => 'Elive', 'fixed_versions' => '>=1.20', 'id' => 'CPANSA-Elive-2011-01', 'references' => [ 'https://metacpan.org/dist/Elive/changes' ], 'reported' => '2011-10-15', 'severity' => undef } ], 'main_module' => 'Elive', 'versions' => [ { 'date' => '2009-03-17T06:37:43', 'version' => '0.01' }, { 'date' => '2009-04-13T23:51:59', 'version' => '0.02' }, { 'date' => '2009-04-14T20:26:27', 'version' => '0.03' }, { 'date' => '2009-04-15T22:30:08', 'version' => '0.04' }, { 'date' => '2009-04-17T07:27:23', 'version' => '0.05' }, { 'date' => '2009-04-17T22:04:55', 'version' => '0.06' }, { 'date' => '2009-04-22T00:14:13', 'version' => '0.07' }, { 'date' => '2009-04-22T03:10:13', 'version' => '0.08' }, { 'date' => '2009-04-24T22:26:35', 'version' => '0.09' }, { 'date' => '2009-04-28T07:30:45', 'version' => '0.10' }, { 'date' => '2009-04-29T21:49:12', 'version' => '0.11' }, { 'date' => '2009-05-01T23:15:47', 'version' => '0.12' }, { 'date' => '2009-05-04T22:19:09', 'version' => '0.13' }, { 'date' => '2009-05-05T20:09:18', 'version' => '0.14' }, { 'date' => '2009-05-08T22:04:14', 'version' => '0.15' }, { 'date' => '2009-05-11T20:38:56', 'version' => '0.16' }, { 'date' => '2009-05-13T21:31:52', 'version' => '0.17' }, { 'date' => '2009-05-15T03:47:36', 'version' => '0.18' }, { 'date' => '2009-05-18T21:43:03', 'version' => '0.19' }, { 'date' => '2009-05-24T00:13:36', 'version' => '0.20' }, { 'date' => '2009-05-24T20:48:19', 'version' => '0.21' }, { 'date' => '2009-05-27T22:05:37', 'version' => '0.22' }, { 'date' => '2009-05-29T05:09:57', 'version' => '0.23' }, { 'date' => '2009-06-03T04:48:43', 'version' => '0.24' }, { 'date' => '2009-06-03T22:18:02', 'version' => '0.25' }, { 'date' => '2009-06-12T22:36:31', 'version' => '0.26' }, { 'date' => '2009-06-19T21:34:40', 'version' => '0.27' }, { 'date' => '2009-06-22T03:47:43', 'version' => '0.28' }, { 'date' => '2009-06-24T04:14:37', 'version' => '0.29' }, { 'date' => '2009-06-26T23:24:47', 'version' => '0.30' }, { 'date' => '2009-07-03T06:18:23', 'version' => '0.31' }, { 'date' => '2009-07-17T22:56:55', 'version' => '0.32' }, { 'date' => '2009-07-22T03:22:18', 'version' => '0.33' }, { 'date' => '2009-07-28T06:46:45', 'version' => '0.34' }, { 'date' => '2009-08-02T22:36:31', 'version' => '0.35' }, { 'date' => '2009-08-03T22:44:25', 'version' => '0.36' }, { 'date' => '2009-08-05T21:02:32', 'version' => '0.37' }, { 'date' => '2009-08-21T08:29:37', 'version' => '0.38' }, { 'date' => '2009-08-31T02:24:45', 'version' => '0.39' }, { 'date' => '2009-09-10T01:20:54', 'version' => '0.40' }, { 'date' => '2009-09-11T21:34:13', 'version' => '0.41' }, { 'date' => '2009-10-08T00:53:22', 'version' => '0.42' }, { 'date' => '2009-10-20T23:09:46', 'version' => '0.43' }, { 'date' => '2009-10-22T00:05:22', 'version' => '0.44' }, { 'date' => '2009-10-26T04:15:36', 'version' => '0.45' }, { 'date' => '2009-10-28T08:27:27', 'version' => '0.46' }, { 'date' => '2009-10-28T21:26:06', 'version' => '0.47' }, { 'date' => '2009-10-29T00:00:43', 'version' => '0.48' }, { 'date' => '2009-11-02T21:37:24', 'version' => '0.48_01' }, { 'date' => '2009-11-06T20:36:30', 'version' => '0.49' }, { 'date' => '2009-11-09T21:34:02', 'version' => '0.50' }, { 'date' => '2009-11-16T00:26:26', 'version' => '0.51' }, { 'date' => '2009-11-30T20:38:39', 'version' => '0.52' }, { 'date' => '2009-12-14T23:14:43', 'version' => '0.53' }, { 'date' => '2009-12-18T00:24:06', 'version' => '0.53_1' }, { 'date' => '2009-12-18T22:36:34', 'version' => '0.54' }, { 'date' => '2009-12-20T20:02:22', 'version' => '0.55' }, { 'date' => '2010-01-04T06:35:00', 'version' => '0.56' }, { 'date' => '2010-01-04T21:18:52', 'version' => '0.57' }, { 'date' => '2010-01-14T00:08:40', 'version' => '0.58' }, { 'date' => '2010-01-21T22:46:27', 'version' => '0.59' }, { 'date' => '2010-01-24T21:24:09', 'version' => '0.60' }, { 'date' => '2010-01-26T22:38:54', 'version' => '0.61' }, { 'date' => '2010-02-15T23:06:41', 'version' => '0.62' }, { 'date' => '2010-03-06T22:34:53', 'version' => '0.63' }, { 'date' => '2010-03-11T22:45:28', 'version' => '0.64' }, { 'date' => '2010-05-17T00:40:50', 'version' => '0.65' }, { 'date' => '2010-05-21T23:54:39', 'version' => '0.66' }, { 'date' => '2010-05-27T22:12:29', 'version' => '0.67' }, { 'date' => '2010-06-02T07:33:50', 'version' => '0.68' }, { 'date' => '2010-06-11T00:12:21', 'version' => '0.69' }, { 'date' => '2010-06-22T05:13:22', 'version' => '0.70' }, { 'date' => '2010-06-22T22:20:27', 'version' => '0.71' }, { 'date' => '2010-08-13T01:10:30', 'version' => '0.72' }, { 'date' => '2010-09-03T03:48:51', 'version' => '0.73' }, { 'date' => '2010-10-14T20:54:08', 'version' => '0.74_2' }, { 'date' => '2010-10-18T01:49:41', 'version' => '0.74' }, { 'date' => '2010-10-27T23:52:59', 'version' => '0.75' }, { 'date' => '2010-11-09T23:46:08', 'version' => '0.76' }, { 'date' => '2010-12-08T21:27:13', 'version' => '0.77' }, { 'date' => '2010-12-08T23:17:00', 'version' => '0.78' }, { 'date' => '2011-01-20T02:01:43', 'version' => '0.79' }, { 'date' => '2011-01-27T19:56:34', 'version' => '0.80' }, { 'date' => '2011-02-03T03:17:09', 'version' => '0.81' }, { 'date' => '2011-02-10T00:02:08', 'version' => '0.82' }, { 'date' => '2011-03-10T05:19:08', 'version' => '0.83' }, { 'date' => '2011-03-11T01:11:39', 'version' => '0.84' }, { 'date' => '2011-03-14T00:55:18', 'version' => '0.85' }, { 'date' => '2011-03-14T21:15:08', 'version' => '0.86' }, { 'date' => '2011-04-11T00:59:22', 'version' => '0.87' }, { 'date' => '2011-04-11T19:19:42', 'version' => '0.87.1' }, { 'date' => '2011-04-15T02:12:50', 'version' => '0.87.2' }, { 'date' => '2011-04-27T02:43:51', 'version' => '0.88' }, { 'date' => '2011-05-20T00:15:55', 'version' => '0.89' }, { 'date' => '2011-06-08T23:34:06', 'version' => '0.90' }, { 'date' => '2011-06-14T23:35:27', 'version' => '0.91' }, { 'date' => '2011-06-28T07:09:46', 'version' => '0.95' }, { 'date' => '2011-06-29T21:42:38', 'version' => '0.96' }, { 'date' => '2011-07-05T06:35:18', 'version' => '0.97' }, { 'date' => '2011-07-08T00:35:18', 'version' => '0.98' }, { 'date' => '2011-07-14T03:25:12', 'version' => '0.99' }, { 'date' => '2011-07-19T00:14:00', 'version' => '1.00' }, { 'date' => '2011-07-20T01:14:39', 'version' => '1.01' }, { 'date' => '2011-07-21T05:49:47', 'version' => '1.02' }, { 'date' => '2011-07-23T23:23:35', 'version' => '1.03' }, { 'date' => '2011-07-29T00:14:06', 'version' => '1.04' }, { 'date' => '2011-08-01T02:20:53', 'version' => '1.05' }, { 'date' => '2011-08-05T21:36:24', 'version' => '1.06' }, { 'date' => '2011-08-07T01:43:31', 'version' => '1.07' }, { 'date' => '2011-08-09T00:51:44', 'version' => '1.08' }, { 'date' => '2011-08-10T05:13:13', 'version' => '1.09' }, { 'date' => '2011-08-10T21:06:42', 'version' => '1.10' }, { 'date' => '2011-08-11T22:27:24', 'version' => '1.11' }, { 'date' => '2011-08-15T00:58:40', 'version' => '1.12' }, { 'date' => '2011-08-19T00:21:11', 'version' => '1.13' }, { 'date' => '2011-08-20T22:44:01', 'version' => '1.14' }, { 'date' => '2011-08-23T21:43:48', 'version' => '1.15' }, { 'date' => '2011-08-26T22:25:28', 'version' => '1.16' }, { 'date' => '2011-09-08T22:32:49', 'version' => '1.17' }, { 'date' => '2011-09-16T00:00:34', 'version' => '1.18' }, { 'date' => '2011-09-28T07:09:24', 'version' => '1.19' }, { 'date' => '2011-11-15T01:28:33', 'version' => '1.20' }, { 'date' => '2011-12-03T01:49:03', 'version' => '1.21' }, { 'date' => '2012-01-05T04:04:10', 'version' => '1.22' }, { 'date' => '2012-01-25T20:01:01', 'version' => '1.23' }, { 'date' => '2012-02-28T01:03:16', 'version' => '1.24' }, { 'date' => '2012-04-18T04:53:06', 'version' => '1.25' }, { 'date' => '2012-05-04T04:11:34', 'version' => '1.26' }, { 'date' => '2012-07-13T21:59:27', 'version' => '1.27' }, { 'date' => '2012-10-12T02:45:37', 'version' => '1.28' }, { 'date' => '2012-10-26T21:16:49', 'version' => '1.29' }, { 'date' => '2013-01-04T01:33:50', 'version' => '1.30' }, { 'date' => '2013-03-28T02:39:54', 'version' => '1.31' }, { 'date' => '2014-02-28T16:40:50', 'version' => '1.32' }, { 'date' => '2015-01-21T21:14:50', 'version' => '1.33' }, { 'date' => '2015-04-03T22:38:32', 'version' => '1.34' }, { 'date' => '2015-06-29T02:59:33', 'version' => '1.35' }, { 'date' => '2015-12-03T20:48:05', 'version' => '1.36' }, { 'date' => '2015-12-04T02:58:35', 'version' => '1.37' } ] }, 'Email-Address' => { 'advisories' => [ { 'affected_versions' => '<1.905', 'cves' => [ 'CVE-2014-0477' ], 'description' => 'Inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address. ', 'distribution' => 'Email-Address', 'fixed_versions' => '>=1.905', 'id' => 'CPANSA-Email-Address-2014-01', 'references' => [ 'https://metacpan.org/changes/distribution/Email-Address' ], 'reported' => '2014-07-03' }, { 'affected_versions' => '<1.909', 'cves' => [ 'CVE-2018-12558' ], 'description' => 'The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\\f"). ', 'distribution' => 'Email-Address', 'fixed_versions' => '>=1.909', 'id' => 'CPANSA-Email-Address-2014-01', 'references' => [ 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873', 'http://www.openwall.com/lists/oss-security/2018/06/19/3', 'http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00012.html' ], 'reported' => '2018-06-19' }, { 'affected_versions' => '<1.904', 'cves' => [ 'CVE-2014-4720' ], 'description' => 'Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than CVE-2014-0477. ', 'distribution' => 'Email-Address', 'fixed_versions' => '>=1.904', 'id' => 'CPANSA-Email-Address-2014-4720', 'references' => [ 'https://github.com/rjbs/Email-Address/blob/master/Changes', 'http://seclists.org/oss-sec/2014/q2/563' ], 'reported' => '2014-07-06', 'severity' => undef } ], 'main_module' => 'Email::Address', 'versions' => [ { 'date' => '2004-05-27T03:19:56', 'version' => '1.1' }, { 'date' => '2004-06-02T16:35:30', 'version' => '1.2' }, { 'date' => '2004-08-16T21:39:58', 'version' => '1.3' }, { 'date' => '2004-10-05T18:10:42', 'version' => '1.5' }, { 'date' => '2004-10-05T18:20:42', 'version' => '1.6' }, { 'date' => '2004-10-13T10:21:17', 'version' => '1.7' }, { 'date' => '2004-10-22T16:37:27', 'version' => '1.80' }, { 'date' => '2006-07-11T15:04:28', 'version' => '1.85' }, { 'date' => '2006-07-22T00:42:17', 'version' => '1.86' }, { 'date' => '2006-08-10T16:48:44', 'version' => '1.870' }, { 'date' => '2006-10-12T19:35:04', 'version' => '1.861' }, { 'date' => '2006-10-12T22:16:28', 'version' => '1.871' }, { 'date' => '2006-11-11T16:01:38', 'version' => '1.880' }, { 'date' => '2006-11-19T21:19:02', 'version' => '1.881' }, { 'date' => '2006-11-22T01:26:44', 'version' => '1.882' }, { 'date' => '2006-11-25T13:53:46', 'version' => '1.883' }, { 'date' => '2006-12-05T03:41:39', 'version' => '1.884' }, { 'date' => '2007-03-01T01:08:16', 'version' => '1.885' }, { 'date' => '2007-03-01T20:18:53', 'version' => '1.886' }, { 'date' => '2007-04-01T19:15:49', 'version' => '1.887' }, { 'date' => '2007-06-23T01:27:24', 'version' => '1.888' }, { 'date' => '2007-12-19T22:14:37', 'version' => '1.889' }, { 'date' => '2010-08-22T19:03:33', 'version' => '1.890' }, { 'date' => '2010-08-31T00:56:53', 'version' => '1.891' }, { 'date' => '2010-09-03T23:45:13', 'version' => '1.892' }, { 'date' => '2012-01-03T03:55:12', 'version' => '1.893' }, { 'date' => '2012-01-14T16:17:56', 'version' => '1.894' }, { 'date' => '2012-01-15T18:41:33', 'version' => '1.895' }, { 'date' => '2012-08-01T03:07:33', 'version' => '1.896' }, { 'date' => '2012-12-17T15:16:33', 'version' => '1.897' }, { 'date' => '2013-02-07T21:41:48', 'version' => '1.898' }, { 'date' => '2013-08-02T14:54:13', 'version' => '1.899' }, { 'date' => '2013-08-08T18:46:07', 'version' => '1.900' }, { 'date' => '2014-01-29T03:43:28', 'version' => '1.901' }, { 'date' => '2014-04-17T15:19:31', 'version' => '1.902' }, { 'date' => '2014-04-18T01:07:10', 'version' => '1.903' }, { 'date' => '2014-06-14T04:22:22', 'version' => '1.904' }, { 'date' => '2014-06-18T02:55:59', 'version' => '1.905' }, { 'date' => '2015-02-03T21:49:39', 'version' => '1.906' }, { 'date' => '2015-02-03T22:48:46', 'version' => '1.907' }, { 'date' => '2015-09-20T02:55:12', 'version' => '1.908' }, { 'date' => '2018-03-05T03:26:56', 'version' => '1.909' }, { 'date' => '2018-12-18T02:29:23', 'version' => '1.910' }, { 'date' => '2018-12-22T16:31:37', 'version' => '1.911' }, { 'date' => '2018-12-31T19:51:36', 'version' => '1.912' }, { 'date' => '2023-01-10T00:42:33', 'version' => '1.913' } ] }, 'Encode' => { 'advisories' => [ { 'affected_versions' => '<2.85', 'cves' => [ 'CVE-2016-1238' ], 'description' => 'Loading optional modules from . (current directory). ', 'distribution' => 'Encode', 'fixed_versions' => '>=2.85', 'id' => 'CPANSA-Encode-2016-01', 'references' => [ 'https://metacpan.org/changes/distribution/Encode', 'https://github.com/dankogai/p5-encode/pull/58/commits/12be15d64ce089154c4367dc1842cd0dc0993ec6' ], 'reported' => '2016-07-27' }, { 'affected_versions' => '>=3.05,<=3.11', 'cves' => [ 'CVE-2021-36770' ], 'description' => 'Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. ', 'distribution' => 'Encode', 'fixed_versions' => '>3.11', 'id' => 'CPANSA-Encode-2021-01', 'references' => [ 'https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9', 'https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74', 'https://metacpan.org/dist/Encode/changes', 'https://news.cpanel.com/unscheduled-tsr-10-august-2021/', 'https://security.netapp.com/advisory/ntap-20210909-0003/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/', 'https://security-tracker.debian.org/tracker/CVE-2021-36770' ], 'reported' => '2021-07-17' }, { 'affected_versions' => '<2.44', 'cves' => [ 'CVE-2011-2939' ], 'description' => 'Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. ', 'distribution' => 'Encode', 'fixed_versions' => '>=2.44', 'id' => 'CPANSA-Encode-2011-2939', 'references' => [ 'http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5', 'https://bugzilla.redhat.com/show_bug.cgi?id=731246', 'http://www.openwall.com/lists/oss-security/2011/08/19/17', 'http://www.redhat.com/support/errata/RHSA-2011-1424.html', 'http://www.openwall.com/lists/oss-security/2011/08/18/8', 'http://secunia.com/advisories/46989', 'http://www.mandriva.com/security/advisories?name=MDVSA-2012:008', 'http://secunia.com/advisories/51457', 'http://www.ubuntu.com/usn/USN-1643-1', 'http://www.securityfocus.com/bid/49858', 'http://secunia.com/advisories/46172', 'http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod', 'http://secunia.com/advisories/55314', 'http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_(CVE-2011-2939)' ], 'reported' => '2012-01-13', 'severity' => undef, 'x-commit' => 'Encode CVE-2011-2939 GitHub #13', 'x-file' => 'cpansa/CPANSA-Encode.yml' } ], 'main_module' => 'Encode', 'versions' => [ { 'date' => '2002-03-20T08:30:40', 'version' => '0.93' }, { 'date' => '2002-03-20T20:15:52', 'version' => '0.94' }, { 'date' => '2002-03-21T16:07:21', 'version' => '0.95' }, { 'date' => '2002-03-22T22:33:15', 'version' => '0.96' }, { 'date' => '2002-03-23T20:36:05', 'version' => '0.97' }, { 'date' => '2002-03-24T16:07:09', 'version' => '0.98' }, { 'date' => '2002-03-25T19:45:16', 'version' => '0.99' }, { 'date' => '2002-03-28T23:39:49', 'version' => '1.00' }, { 'date' => '2002-03-29T21:43:17', 'version' => '1.01' }, { 'date' => '2002-03-31T21:40:25', 'version' => '1.10' }, { 'date' => '2002-03-31T22:27:07', 'version' => '1.11' }, { 'date' => '2002-04-04T20:02:40', 'version' => '1.20' }, { 'date' => '2002-04-07T15:36:48', 'version' => '1.26' }, { 'date' => '2002-04-07T18:49:41', 'version' => '1.27' }, { 'date' => '2002-04-07T19:05:34', 'version' => '1.28' }, { 'date' => '2002-04-08T02:49:31', 'version' => '1.30' }, { 'date' => '2002-04-08T18:51:14', 'version' => '1.31' }, { 'date' => '2002-04-09T20:26:37', 'version' => '1.32' }, { 'date' => '2002-04-10T22:44:19', 'version' => '1.33' }, { 'date' => '2002-04-14T22:49:10', 'version' => '1.40' }, { 'date' => '2002-04-16T23:47:16', 'version' => '1.41' }, { 'date' => '2002-04-19T06:18:26', 'version' => '1.50' }, { 'date' => '2002-04-20T10:08:39', 'version' => '1.51' }, { 'date' => '2002-04-20T23:55:45', 'version' => '1.52' }, { 'date' => '2002-04-22T09:56:04', 'version' => '1.56' }, { 'date' => '2002-04-22T20:37:12', 'version' => '1.57' }, { 'date' => '2002-04-23T00:22:06', 'version' => '1.58' }, { 'date' => '2002-04-24T20:23:42', 'version' => '1.60' }, { 'date' => '2002-04-26T03:19:40', 'version' => '1.61' }, { 'date' => '2002-04-27T11:43:39', 'version' => '1.62' }, { 'date' => '2002-04-27T19:52:51', 'version' => '1.63' }, { 'date' => '2002-04-29T07:20:38', 'version' => '1.64' }, { 'date' => '2002-04-30T16:40:07', 'version' => '1.65' }, { 'date' => '2002-05-01T05:51:35', 'version' => '1.66' }, { 'date' => '2002-05-02T07:43:35', 'version' => '1.67' }, { 'date' => '2002-05-03T12:29:47', 'version' => '1.68' }, { 'date' => '2002-05-04T16:50:40', 'version' => '1.69' }, { 'date' => '2002-05-06T10:36:39', 'version' => '1.70' }, { 'date' => '2002-05-07T16:30:42', 'version' => '1.71' }, { 'date' => '2002-05-20T16:04:48', 'version' => '1.72' }, { 'date' => '2002-05-28T18:41:36', 'version' => '1.74' }, { 'date' => '2002-06-01T18:17:49', 'version' => '1.75' }, { 'date' => '2002-08-25T15:18:49', 'version' => '1.76' }, { 'date' => '2002-10-06T03:59:19', 'version' => '1.77' }, { 'date' => '2002-10-20T15:55:16', 'version' => '1.78' }, { 'date' => '2002-10-21T06:11:36', 'version' => '1.79' }, { 'date' => '2002-10-21T20:42:56', 'version' => '1.80' }, { 'date' => '2002-11-08T18:42:11', 'version' => '1.81' }, { 'date' => '2002-11-14T23:17:11', 'version' => '1.82' }, { 'date' => '2002-11-18T18:06:47', 'version' => '1.83' }, { 'date' => '2003-01-10T12:09:05', 'version' => '1.84' }, { 'date' => '2003-01-21T22:23:28', 'version' => '1.85' }, { 'date' => '2003-01-22T03:36:42', 'version' => '1.86' }, { 'date' => '2003-02-06T02:01:00', 'version' => '1.87' }, { 'date' => '2003-02-20T14:46:12', 'version' => '1.88' }, { 'date' => '2003-02-28T01:45:53', 'version' => '1.89' }, { 'date' => '2003-03-09T17:54:26', 'version' => '1.90' }, { 'date' => '2003-03-09T20:12:08', 'version' => '1.91' }, { 'date' => '2003-03-31T03:51:31', 'version' => '1.92' }, { 'date' => '2003-04-24T17:50:54', 'version' => '1.93' }, { 'date' => '2003-05-10T18:31:48', 'version' => '1.94' }, { 'date' => '2003-05-21T09:22:43', 'version' => '1.95' }, { 'date' => '2003-06-18T09:41:21', 'version' => '1.96' }, { 'date' => '2003-07-08T22:01:28', 'version' => '1.97' }, { 'date' => '2003-08-25T11:47:32', 'version' => '1.98' }, { 'date' => '2003-12-29T02:52:28', 'version' => '1.99' }, { 'date' => '2004-05-16T21:05:06', 'version' => '2.00' }, { 'date' => '2004-05-25T16:31:35', 'version' => '2.01' }, { 'date' => '2004-08-31T11:01:51', 'version' => '2.02' }, { 'date' => '2004-10-06T06:50:47', 'version' => '2.03' }, { 'date' => '2004-10-16T21:26:58', 'version' => '2.04' }, { 'date' => '2004-10-19T05:03:32', 'version' => '2.05' }, { 'date' => '2004-10-22T06:29:14', 'version' => '2.06' }, { 'date' => '2004-10-22T19:43:19', 'version' => '2.07' }, { 'date' => '2004-10-24T13:04:29', 'version' => '2.08' }, { 'date' => '2004-12-03T19:21:42', 'version' => '2.09' }, { 'date' => '2005-05-16T18:54:53', 'version' => '2.10' }, { 'date' => '2005-08-05T11:26:06', 'version' => '2.11' }, { 'date' => '2005-09-08T14:23:38', 'version' => '2.12' }, { 'date' => '2006-01-15T15:12:01', 'version' => '2.13' }, { 'date' => '2006-01-15T15:57:41', 'version' => '2.14' }, { 'date' => '2006-04-06T16:01:30', 'version' => '2.15' }, { 'date' => '2006-05-03T18:38:44', 'version' => '2.16' }, { 'date' => '2006-05-09T17:14:04', 'version' => '2.17' }, { 'date' => '2006-06-03T20:34:08', 'version' => '2.18' }, { 'date' => '2007-04-06T13:05:52', 'version' => '2.19' }, { 'date' => '2007-04-22T15:17:34', 'version' => '2.20' }, { 'date' => '2007-05-12T06:50:09', 'version' => '2.21' }, { 'date' => '2007-05-29T07:43:07', 'version' => '2.22' }, { 'date' => '2007-05-29T18:21:25', 'version' => '2.23' }, { 'date' => '2008-03-12T10:12:18', 'version' => '2.24' }, { 'date' => '2008-05-07T21:06:08', 'version' => '2.25' }, { 'date' => '2008-07-01T21:03:33', 'version' => '2.26' }, { 'date' => '2009-01-21T23:01:50', 'version' => '2.27' }, { 'date' => '2009-02-01T13:16:44', 'version' => '2.29' }, { 'date' => '2009-02-15T17:48:01', 'version' => '2.30' }, { 'date' => '2009-02-16T06:25:32', 'version' => '2.31' }, { 'date' => '2009-03-07T07:45:00', 'version' => '2.32' }, { 'date' => '2009-03-25T08:01:10', 'version' => '2.33' }, { 'date' => '2009-07-08T13:53:25', 'version' => '2.34' }, { 'date' => '2009-07-13T02:32:45', 'version' => '2.35' }, { 'date' => '2009-09-06T09:20:21', 'version' => '2.36' }, { 'date' => '2009-09-06T14:37:23', 'version' => '2.37' }, { 'date' => '2009-11-16T14:34:43', 'version' => '2.38' }, { 'date' => '2009-11-26T09:31:02', 'version' => '2.39' }, { 'date' => '2010-09-18T18:47:17', 'version' => '2.40' }, { 'date' => '2010-12-23T11:12:33', 'version' => '2.41' }, { 'date' => '2010-12-31T22:52:35', 'version' => '2.42' }, { 'date' => '2011-05-21T23:21:24', 'version' => '2.43' }, { 'date' => '2011-08-09T08:01:30', 'version' => '2.44' }, { 'date' => '2012-08-05T23:15:11', 'version' => '2.45' }, { 'date' => '2012-08-12T05:52:45', 'version' => '2.46' }, { 'date' => '2012-08-15T05:40:21', 'version' => '2.47' }, { 'date' => '2013-02-18T02:43:35', 'version' => '2.48' }, { 'date' => '2013-03-05T03:19:15', 'version' => '2.49' }, { 'date' => '2013-04-26T18:36:59', 'version' => '2.50' }, { 'date' => '2013-04-29T22:21:31', 'version' => '2.51' }, { 'date' => '2013-08-14T02:33:46', 'version' => '2.52' }, { 'date' => '2013-08-29T15:27:02', 'version' => '2.53' }, { 'date' => '2013-08-29T16:50:08', 'version' => '2.54' }, { 'date' => '2013-09-14T07:58:54', 'version' => '2.55' }, { 'date' => '2013-12-22T04:12:07', 'version' => '2.56' }, { 'date' => '2014-01-03T04:55:36', 'version' => '2.57' }, { 'date' => '2014-03-28T02:41:54', 'version' => '2.58' }, { 'date' => '2014-04-06T17:41:19', 'version' => '2.59' }, { 'date' => '2014-04-29T16:34:10', 'version' => '2.60' }, { 'date' => '2014-05-31T09:55:56', 'version' => '2.61' }, { 'date' => '2014-05-31T12:20:28', 'version' => '2.62' }, { 'date' => '2014-10-19T07:13:44', 'version' => '2.63' }, { 'date' => '2014-10-29T15:42:04', 'version' => '2.64' }, { 'date' => '2014-11-27T14:12:57', 'version' => '2.65' }, { 'date' => '2014-12-02T23:37:28', 'version' => '2.66' }, { 'date' => '2014-12-04T20:28:33', 'version' => '2.67' }, { 'date' => '2015-01-22T10:29:46', 'version' => '2.68' }, { 'date' => '2015-02-05T10:43:34', 'version' => '2.69' }, { 'date' => '2015-02-05T10:56:52', 'version' => '2.70' }, { 'date' => '2015-03-12T00:14:19', 'version' => '2.71' }, { 'date' => '2015-03-14T02:51:25', 'version' => '2.72' }, { 'date' => '2015-04-15T23:27:13', 'version' => '2.73' }, { 'date' => '2015-06-25T00:59:20', 'version' => '2.74' }, { 'date' => '2015-06-30T10:10:03', 'version' => '2.75' }, { 'date' => '2015-07-31T02:26:51', 'version' => '2.76' }, { 'date' => '2015-09-15T14:03:35', 'version' => '2.77' }, { 'date' => '2015-09-24T02:29:52', 'version' => '2.78' }, { 'date' => '2016-01-22T07:08:25', 'version' => '2.79' }, { 'date' => '2016-01-25T15:04:42', 'version' => '2.80' }, { 'date' => '2016-02-06T19:34:58', 'version' => '2.81' }, { 'date' => '2016-02-06T20:21:37', 'version' => '2.82' }, { 'date' => '2016-03-24T08:00:30', 'version' => '2.83' }, { 'date' => '2016-04-11T07:24:26', 'version' => '2.84' }, { 'date' => '2016-08-04T03:37:23', 'version' => '2.85' }, { 'date' => '2016-08-10T18:25:39', 'version' => '2.86' }, { 'date' => '2016-10-28T05:15:33', 'version' => '2.87' }, { 'date' => '2016-11-29T23:38:19', 'version' => '2.88' }, { 'date' => '2017-04-21T05:24:59', 'version' => '2.89' }, { 'date' => '2017-06-10T17:46:11', 'version' => '2.90' }, { 'date' => '2017-06-22T08:18:22', 'version' => '2.91' }, { 'date' => '2017-07-18T07:23:39', 'version' => '2.92' }, { 'date' => '2017-10-06T22:33:35', 'version' => '2.93' }, { 'date' => '2018-01-09T06:04:38', 'version' => '2.94' }, { 'date' => '2018-02-08T00:41:02', 'version' => '2.95' }, { 'date' => '2018-02-11T05:41:37', 'version' => '2.96' }, { 'date' => '2018-02-21T12:30:05', 'version' => '2.97' }, { 'date' => '2018-04-22T09:14:59', 'version' => '2.98' }, { 'date' => '2019-01-21T03:28:35', 'version' => '2.99' }, { 'date' => '2019-01-31T04:42:29', 'version' => '2.100' }, { 'date' => '2019-01-31T05:05:06', 'version' => '3.00' }, { 'date' => '2019-03-13T00:45:28', 'version' => '3.01' }, { 'date' => '2019-12-25T09:47:36', 'version' => '3.02' }, { 'date' => '2020-03-02T04:45:26', 'version' => '3.03' }, { 'date' => '2020-03-10T22:40:35', 'version' => '3.04' }, { 'date' => '2020-03-18T05:03:23', 'version' => '3.05' }, { 'date' => '2020-05-02T02:40:38', 'version' => '3.06' }, { 'date' => '2020-07-25T13:08:13', 'version' => '3.07' }, { 'date' => '2020-12-02T09:20:23', 'version' => '3.08' }, { 'date' => '2021-05-14T11:03:11', 'version' => '3.09' }, { 'date' => '2021-05-18T07:51:48', 'version' => '3.10' }, { 'date' => '2021-07-23T02:41:38', 'version' => '3.11' }, { 'date' => '2021-08-09T14:30:33', 'version' => '3.12' }, { 'date' => '2021-10-06T00:57:50', 'version' => '3.13' }, { 'date' => '2021-10-08T00:35:29', 'version' => '3.14' }, { 'date' => '2021-10-08T15:45:44', 'version' => '3.15' }, { 'date' => '2021-10-13T08:39:09', 'version' => '3.16' }, { 'date' => '2022-04-07T03:18:23', 'version' => '3.17' }, { 'date' => '2022-06-25T02:14:35', 'version' => '3.18' }, { 'date' => '2022-08-04T04:51:01', 'version' => '3.19' }, { 'date' => '2023-11-10T01:26:15', 'version' => '3.20' } ] }, 'ExtUtils-MakeMaker' => { 'advisories' => [ { 'affected_versions' => '<7.22', 'cves' => [ 'CVE-2016-1238' ], 'description' => 'Loading modules from . (current directory). ', 'distribution' => 'ExtUtils-MakeMaker', 'fixed_versions' => '>=7.22', 'id' => 'CPANSA-ExtUtils-MakeMaker-2016-01', 'references' => [ 'https://metacpan.org/changes/distribution/ExtUtils-MakeMaker', 'https://github.com/Perl-Toolchain-Gang/ExtUtils-MakeMaker/commit/3e9df17d11c40f2561c23ec79693c8c390e0ae88' ], 'reported' => '2016-08-07' } ], 'main_module' => 'ExtUtils::MakeMaker', 'versions' => [ { 'date' => '2001-07-06T08:23:56', 'version' => '5.47_01' }, { 'date' => '2002-01-16T20:19:18', 'version' => '5.48_01' }, { 'date' => '2002-01-18T04:56:33', 'version' => '5.48_03' }, { 'date' => '2002-01-22T00:33:31', 'version' => '5.48_04' }, { 'date' => '2002-02-04T08:46:04', 'version' => '5.49_01' }, { 'date' => '2002-03-05T04:53:40', 'version' => '5.50_01' }, { 'date' => '2002-03-25T07:53:14', 'version' => '5.51_01' }, { 'date' => '2002-03-26T05:56:07', 'version' => '5.52_01' }, { 'date' => '2002-03-31T03:55:52', 'version' => '5.54_01' }, { 'date' => '2002-04-05T05:01:52', 'version' => '5.55_01' }, { 'date' => '2002-04-06T08:29:20', 'version' => '5.55_02' }, { 'date' => '2002-04-07T03:04:18', 'version' => '5.55_03' }, { 'date' => '2002-04-11T05:32:04', 'version' => '5.90_01' }, { 'date' => '2002-04-24T04:21:44', 'version' => '5.91_01' }, { 'date' => '2002-04-30T03:43:53', 'version' => '5.92_01' }, { 'date' => '2002-05-06T06:02:08', 'version' => '5.93_01' }, { 'date' => '2002-05-17T19:04:41', 'version' => '5.94_01' }, { 'date' => '2002-05-17T21:24:13', 'version' => '5.94_02' }, { 'date' => '2002-05-18T18:43:02', 'version' => '5.95_01' }, { 'date' => '2002-05-23T21:01:02', 'version' => '5.96_01' }, { 'date' => '2002-05-26T01:25:25', 'version' => '6.00' }, { 'date' => '2002-05-30T19:02:20', 'version' => '6.01' }, { 'date' => '2002-06-16T05:41:28', 'version' => '6.02' }, { 'date' => '2002-06-19T21:24:32', 'version' => '6.03' }, { 'date' => '2002-08-27T01:42:36', 'version' => '6.04' }, { 'date' => '2002-08-27T23:24:30', 'version' => '6.05' }, { 'date' => '2002-12-19T08:42:01', 'version' => '6.06_01' }, { 'date' => '2002-12-24T04:54:53', 'version' => '6.06_02' }, { 'date' => '2003-03-30T03:49:59', 'version' => '6.06_03' }, { 'date' => '2003-03-31T04:37:55', 'version' => '6.06_04' }, { 'date' => '2003-03-31T10:50:00', 'version' => '6.06_05' }, { 'date' => '2003-04-07T02:46:10', 'version' => '6.10_01' }, { 'date' => '2003-04-07T08:33:23', 'version' => '6.10_02' }, { 'date' => '2003-04-11T07:27:36', 'version' => '6.10_03' }, { 'date' => '2003-05-23T09:05:27', 'version' => '6.10_04' }, { 'date' => '2003-06-07T01:32:29', 'version' => '6.10_05' }, { 'date' => '2003-06-07T08:00:14', 'version' => '6.10_06' }, { 'date' => '2003-07-05T23:40:34', 'version' => '6.10_07' }, { 'date' => '2003-07-22T01:23:46', 'version' => '6.10_08' }, { 'date' => '2003-07-28T04:00:19', 'version' => '6.11' }, { 'date' => '2003-07-30T05:28:47', 'version' => '6.12' }, { 'date' => '2003-07-31T23:51:40', 'version' => '6.13' }, { 'date' => '2003-08-03T23:27:51', 'version' => '6.14' }, { 'date' => '2003-08-03T23:46:11', 'version' => '6.15' }, { 'date' => '2003-08-18T08:43:08', 'version' => '6.16' }, { 'date' => '2003-09-15T22:23:01', 'version' => '6.17' }, { 'date' => '2003-11-04T04:12:53', 'version' => '6.18' }, { 'date' => '2003-11-04T07:03:30', 'version' => '6.19' }, { 'date' => '2003-11-06T10:37:47', 'version' => '6.20' }, { 'date' => '2003-11-11T08:26:17', 'version' => '6.21' }, { 'date' => '2004-04-03T21:33:45', 'version' => '6.21_03' }, { 'date' => '2004-11-24T04:06:20', 'version' => '6.22' }, { 'date' => '2004-11-26T21:15:45', 'version' => '6.23' }, { 'date' => '2004-11-30T20:42:14', 'version' => '6.24' }, { 'date' => '2004-12-09T06:00:53', 'version' => '6.24_01' }, { 'date' => '2004-12-15T12:05:50', 'version' => '6.25' }, { 'date' => '2004-12-18T02:34:56', 'version' => '6.25_01' }, { 'date' => '2004-12-20T08:36:56', 'version' => '6.25_02' }, { 'date' => '2004-12-21T04:17:27', 'version' => '6.25_03' }, { 'date' => '2004-12-21T05:58:10', 'version' => '6.25_04' }, { 'date' => '2004-12-22T13:05:53', 'version' => '6.25_05' }, { 'date' => '2004-12-26T22:26:26', 'version' => '6.25_06' }, { 'date' => '2004-12-31T08:53:31', 'version' => '6.25_07' }, { 'date' => '2005-02-08T14:21:17', 'version' => '6.25_08' }, { 'date' => '2005-03-12T18:29:26', 'version' => '6.25_09' }, { 'date' => '2005-03-14T00:17:26', 'version' => '6.25_10' }, { 'date' => '2005-03-15T10:05:07', 'version' => '6.25_11' }, { 'date' => '2005-03-19T00:19:47', 'version' => '6.25_12' }, { 'date' => '2005-03-22T22:50:34', 'version' => '6.26' }, { 'date' => '2005-03-29T05:48:40', 'version' => '6.26_01' }, { 'date' => '2005-04-04T23:55:46', 'version' => '6.27' }, { 'date' => '2005-04-12T23:23:53', 'version' => '6.28' }, { 'date' => '2005-05-19T21:22:00', 'version' => '6.29' }, { 'date' => '2005-05-20T23:14:45', 'version' => '6.30' }, { 'date' => '2005-08-17T06:59:11', 'version' => '6.30_01' }, { 'date' => '2006-09-01T19:07:28', 'version' => '6.30_02' }, { 'date' => '2006-09-01T21:06:57', 'version' => '6.30_03' }, { 'date' => '2006-09-11T20:20:27', 'version' => '6.30_04' }, { 'date' => '2006-10-10T01:04:44', 'version' => '6.31' }, { 'date' => '2007-02-21T16:02:09', 'version' => '6.32' }, { 'date' => '2007-06-29T22:18:15', 'version' => '6.33' }, { 'date' => '2007-06-30T16:10:15', 'version' => '6.34' }, { 'date' => '2007-07-02T03:56:25', 'version' => '6.35' }, { 'date' => '2007-07-03T08:10:57', 'version' => '6.36' }, { 'date' => '2007-11-26T01:10:14', 'version' => '6.37_01' }, { 'date' => '2007-11-26T07:35:50', 'version' => '6.37_02' }, { 'date' => '2007-11-26T22:18:55', 'version' => '6.37_03' }, { 'date' => '2007-11-29T00:04:35', 'version' => '6.38' }, { 'date' => '2007-12-06T11:08:15', 'version' => '6.40' }, { 'date' => '2007-12-08T01:02:26', 'version' => '6.42' }, { 'date' => '2008-01-02T00:09:23', 'version' => '6.43_01' }, { 'date' => '2008-02-29T00:08:42', 'version' => '6.44' }, { 'date' => '2008-09-06T10:22:44', 'version' => '6.45_01' }, { 'date' => '2008-09-07T21:18:05', 'version' => '6.45_02' }, { 'date' => '2008-09-27T21:37:54', 'version' => '6.46' }, { 'date' => '2008-10-14T16:41:49', 'version' => '6.47_01' }, { 'date' => '2008-10-16T23:18:52', 'version' => '6.47_02' }, { 'date' => '2008-10-20T18:20:40', 'version' => '6.48' }, { 'date' => '2009-02-20T01:11:08', 'version' => '6.49_01' }, { 'date' => '2009-03-22T19:30:00', 'version' => '6.50' }, { 'date' => '2009-04-10T21:33:29', 'version' => '6.51_01' }, { 'date' => '2009-04-14T04:22:58', 'version' => '6.51_02' }, { 'date' => '2009-05-24T05:41:35', 'version' => '6.51_03' }, { 'date' => '2009-05-24T21:07:28', 'version' => '6.51_04' }, { 'date' => '2009-05-30T18:41:35', 'version' => '6.52' }, { 'date' => '2009-06-08T02:05:24', 'version' => '6.53_01' }, { 'date' => '2009-06-08T02:28:24', 'version' => '6.53_02' }, { 'date' => '2009-07-02T21:55:25', 'version' => '6.53_03' }, { 'date' => '2009-07-07T23:53:09', 'version' => '6.54' }, { 'date' => '2009-07-14T23:02:39', 'version' => '6.55_01' }, { 'date' => '2009-08-05T07:40:59', 'version' => '6.55_02' }, { 'date' => '2009-12-05T07:09:23', 'version' => '6.55_03' }, { 'date' => '2009-12-17T22:06:47', 'version' => '6.56' }, { 'date' => '2010-08-24T08:38:36', 'version' => '6.57_01' }, { 'date' => '2010-09-07T23:43:49', 'version' => '6.57_02' }, { 'date' => '2010-09-08T22:33:36', 'version' => '6.57_03' }, { 'date' => '2010-09-09T23:52:37', 'version' => '6.57_04' }, { 'date' => '2010-09-11T20:25:23', 'version' => '6.57_05' }, { 'date' => '2010-10-06T10:53:43', 'version' => '6.57_06' }, { 'date' => '2011-03-25T03:41:39', 'version' => '6.57_07' }, { 'date' => '2011-03-27T11:00:41', 'version' => '6.57_08' }, { 'date' => '2011-03-28T00:15:59', 'version' => '6.57_09' }, { 'date' => '2011-04-04T05:33:46', 'version' => '6.57_10' }, { 'date' => '2011-05-20T00:34:23', 'version' => '6.57_11' }, { 'date' => '2011-07-06T21:22:27', 'version' => '6.58' }, { 'date' => '2011-08-03T20:25:34', 'version' => '6.58_01' }, { 'date' => '2011-08-05T13:07:58', 'version' => '6.59' }, { 'date' => '2011-09-25T05:23:43', 'version' => '6.61_01' }, { 'date' => '2011-10-23T23:48:06', 'version' => '6.62' }, { 'date' => '2011-10-24T00:40:49', 'version' => '6.63_01' }, { 'date' => '2011-11-02T00:07:43', 'version' => '6.63_02' }, { 'date' => '2012-11-02T03:58:40', 'version' => '6.63_03' }, { 'date' => '2012-11-22T21:25:35', 'version' => '6.63_04' }, { 'date' => '2012-12-17T02:35:20', 'version' => '6.64' }, { 'date' => '2013-03-18T23:21:28', 'version' => '6.65_01' }, { 'date' => '2013-04-14T09:59:15', 'version' => '6.65_02' }, { 'date' => '2013-04-15T12:50:31', 'version' => '6.65_03' }, { 'date' => '2013-04-19T17:52:08', 'version' => '6.66' }, { 'date' => '2013-04-25T20:08:31', 'version' => '6.67_01' }, { 'date' => '2013-06-02T17:31:16', 'version' => '6.67_02' }, { 'date' => '2013-06-05T21:09:00', 'version' => '6.67_03' }, { 'date' => '2013-06-10T19:25:22', 'version' => '6.67_04' }, { 'date' => '2013-06-13T20:55:25', 'version' => '6.67_05' }, { 'date' => '2013-06-14T22:35:24', 'version' => '6.68' }, { 'date' => '2013-06-20T12:00:00', 'version' => '6.69_01' }, { 'date' => '2013-07-02T12:16:23', 'version' => '6.69_02' }, { 'date' => '2013-07-09T21:47:07', 'version' => '6.69_03' }, { 'date' => '2013-07-10T10:50:08', 'version' => '6.69_04' }, { 'date' => '2013-07-11T21:20:53', 'version' => '6.69_05' }, { 'date' => '2013-07-12T13:51:50', 'version' => '6.69_06' }, { 'date' => '2013-07-16T14:34:32', 'version' => '6.69_07' }, { 'date' => '2013-07-16T23:40:44', 'version' => '6.69_08' }, { 'date' => '2013-07-21T08:26:44', 'version' => '6.69_09' }, { 'date' => '2013-07-23T21:42:47', 'version' => '6.70' }, { 'date' => '2013-07-24T08:33:58', 'version' => '6.71_01' }, { 'date' => '2013-07-24T17:42:20', 'version' => '6.72' }, { 'date' => '2013-07-24T22:53:41', 'version' => '6.73_01' }, { 'date' => '2013-07-26T12:34:19', 'version' => '6.73_02' }, { 'date' => '2013-07-30T21:12:02', 'version' => '6.73_03' }, { 'date' => '2013-08-01T21:41:12', 'version' => '6.73_04' }, { 'date' => '2013-08-05T16:45:38', 'version' => '6.73_05' }, { 'date' => '2013-08-05T23:52:18', 'version' => '6.73_06' }, { 'date' => '2013-08-07T15:09:12', 'version' => '6.73_07' }, { 'date' => '2013-08-09T18:52:24', 'version' => '6.73_08' }, { 'date' => '2013-08-09T19:00:18', 'version' => '6.73_09' }, { 'date' => '2013-08-16T15:43:35', 'version' => '6.73_10' }, { 'date' => '2013-08-17T21:57:55', 'version' => '6.73_11' }, { 'date' => '2013-08-23T09:52:43', 'version' => '6.73_12' }, { 'date' => '2013-08-27T11:45:55', 'version' => '6.74' }, { 'date' => '2013-08-29T14:09:22', 'version' => '6.75_01' }, { 'date' => '2013-09-01T20:52:29', 'version' => '6.75_02' }, { 'date' => '2013-09-02T23:26:56', 'version' => '6.75_03' }, { 'date' => '2013-09-05T11:10:20', 'version' => '6.75_04' }, { 'date' => '2013-09-06T12:40:59', 'version' => '6.76' }, { 'date' => '2013-09-10T14:22:45', 'version' => '6.77_01' }, { 'date' => '2013-09-12T20:23:49', 'version' => '6.77_02' }, { 'date' => '2013-09-16T11:23:59', 'version' => '6.77_03' }, { 'date' => '2013-09-18T18:25:33', 'version' => '6.77_04' }, { 'date' => '2013-09-19T13:12:32', 'version' => '6.77_05' }, { 'date' => '2013-09-19T14:43:24', 'version' => '6.77_06' }, { 'date' => '2013-09-21T08:48:44', 'version' => '6.77_07' }, { 'date' => '2013-09-22T17:46:50', 'version' => '6.77_08' }, { 'date' => '2013-09-23T12:47:39', 'version' => '6.78' }, { 'date' => '2013-10-01T14:01:33', 'version' => '6.79_01' }, { 'date' => '2013-10-11T12:01:23', 'version' => '6.79_02' }, { 'date' => '2013-10-11T13:00:29', 'version' => '6.79_03' }, { 'date' => '2013-10-11T17:59:30', 'version' => '6.79_04' }, { 'date' => '2013-10-15T15:08:06', 'version' => '6.80' }, { 'date' => '2013-10-16T08:04:29', 'version' => '6.81_01' }, { 'date' => '2013-10-17T11:24:19', 'version' => '6.81_02' }, { 'date' => '2013-10-24T19:54:34', 'version' => '6.81_03' }, { 'date' => '2013-11-01T19:56:13', 'version' => '6.81_04' }, { 'date' => '2013-11-02T21:44:06', 'version' => '6.81_05' }, { 'date' => '2013-11-04T19:24:38', 'version' => '6.82' }, { 'date' => '2013-11-05T11:45:54', 'version' => '6.83_01' }, { 'date' => '2013-11-12T11:15:21', 'version' => '6.83_02' }, { 'date' => '2013-11-15T09:49:39', 'version' => '6.83_03' }, { 'date' => '2013-11-17T11:44:01', 'version' => '6.83_04' }, { 'date' => '2013-11-25T22:52:46', 'version' => '6.83_05' }, { 'date' => '2013-11-29T21:55:40', 'version' => '6.83_06' }, { 'date' => '2013-11-30T15:27:01', 'version' => '6.84' }, { 'date' => '2013-12-16T13:18:35', 'version' => '6.85_01' }, { 'date' => '2013-12-17T10:17:50', 'version' => '6.85_02' }, { 'date' => '2013-12-23T14:59:36', 'version' => '6.85_03' }, { 'date' => '2013-12-23T15:02:38', 'version' => '6.85_04' }, { 'date' => '2013-12-29T11:28:14', 'version' => '6.85_05' }, { 'date' => '2013-12-30T23:18:09', 'version' => '6.85_06' }, { 'date' => '2014-01-01T19:00:36', 'version' => '6.85_07' }, { 'date' => '2014-01-04T12:21:05', 'version' => '6.86' }, { 'date' => '2014-01-12T10:34:38', 'version' => '6.87_01' }, { 'date' => '2014-01-18T13:30:15', 'version' => '6.87_02' }, { 'date' => '2014-01-19T17:53:19', 'version' => '6.87_03' }, { 'date' => '2014-01-26T19:33:34', 'version' => '6.87_04' }, { 'date' => '2014-01-28T14:00:44', 'version' => '6.87_05' }, { 'date' => '2014-01-31T20:59:13', 'version' => '6.88' }, { 'date' => '2014-02-17T16:23:55', 'version' => '6.89_01' }, { 'date' => '2014-02-20T20:49:24', 'version' => '6.90' }, { 'date' => '2014-03-06T13:52:24', 'version' => '6.91_01' }, { 'date' => '2014-03-13T16:34:37', 'version' => '6.92' }, { 'date' => '2014-03-24T16:57:01', 'version' => '6.93_01' }, { 'date' => '2014-03-25T20:38:21', 'version' => '6.94' }, { 'date' => '2014-04-02T20:52:53', 'version' => '6.95_01' }, { 'date' => '2014-04-07T14:29:26', 'version' => '6.95_02' }, { 'date' => '2014-04-11T21:09:21', 'version' => '6.96' }, { 'date' => '2014-04-24T13:29:12', 'version' => '6.97_01' }, { 'date' => '2014-04-28T10:55:44', 'version' => '6.97_02' }, { 'date' => '2014-04-29T20:41:00', 'version' => '6.98' }, { 'date' => '2014-06-03T21:19:42', 'version' => '6.99_01' }, { 'date' => '2014-06-05T11:18:25', 'version' => '6.99_02' }, { 'date' => '2014-07-04T10:15:23', 'version' => '6.99_03' }, { 'date' => '2014-07-12T11:54:35', 'version' => '6.99_04' }, { 'date' => '2014-07-22T11:42:12', 'version' => '6.99_05' }, { 'date' => '2014-07-28T14:07:14', 'version' => '6.99_06' }, { 'date' => '2014-07-30T16:44:02', 'version' => '6.99_07' }, { 'date' => '2014-08-18T13:19:18', 'version' => '6.99_08' }, { 'date' => '2014-08-28T10:13:30', 'version' => '6.99_09' }, { 'date' => '2014-09-04T14:04:55', 'version' => '6.99_10' }, { 'date' => '2014-09-08T13:39:46', 'version' => '6.99_11' }, { 'date' => '2014-09-11T14:32:19', 'version' => '6.99_12' }, { 'date' => '2014-09-15T19:11:34', 'version' => '6.99_13' }, { 'date' => '2014-09-19T14:06:14', 'version' => '6.99_14' }, { 'date' => '2014-09-21T12:23:58', 'version' => '6.99_15' }, { 'date' => '2014-10-02T18:50:08', 'version' => '6.99_16' }, { 'date' => '2014-10-12T18:41:24', 'version' => '6.99_17' }, { 'date' => '2014-10-20T09:14:39', 'version' => '6.99_18' }, { 'date' => '2014-10-22T19:48:56', 'version' => '7.00' }, { 'date' => '2014-10-25T12:49:55', 'version' => '7.01_01' }, { 'date' => '2014-10-25T16:49:40', 'version' => '7.01_02' }, { 'date' => '2014-10-30T19:48:04', 'version' => '7.01_03' }, { 'date' => '2014-10-31T10:13:56', 'version' => '7.01_04' }, { 'date' => '2014-11-03T12:53:43', 'version' => '7.01_05' }, { 'date' => '2014-11-03T20:55:23', 'version' => '7.01_06' }, { 'date' => '2014-11-04T19:40:07', 'version' => '7.01_07' }, { 'date' => '2014-11-04T20:29:00', 'version' => '7.01_08' }, { 'date' => '2014-11-06T21:59:55', 'version' => '7.01_09' }, { 'date' => '2014-11-08T10:39:16', 'version' => '7.02' }, { 'date' => '2014-11-18T21:47:11', 'version' => '7.03_01' }, { 'date' => '2014-11-24T13:26:46', 'version' => '7.03_02' }, { 'date' => '2014-11-25T16:43:06', 'version' => '7.03_03' }, { 'date' => '2014-11-27T14:42:51', 'version' => '7.03_04' }, { 'date' => '2014-11-28T18:32:48', 'version' => '7.03_05' }, { 'date' => '2014-12-01T15:37:46', 'version' => '7.03_06' }, { 'date' => '2014-12-02T12:56:02', 'version' => '7.04' }, { 'date' => '2014-12-06T16:58:07', 'version' => '7.05_01' }, { 'date' => '2014-12-15T20:13:08', 'version' => '7.05_02' }, { 'date' => '2014-12-24T12:12:00', 'version' => '7.05_03' }, { 'date' => '2014-12-24T14:49:46', 'version' => '7.05_04' }, { 'date' => '2014-12-31T23:21:05', 'version' => '7.05_05' }, { 'date' => '2015-01-08T19:09:29', 'version' => '7.05_06' }, { 'date' => '2015-01-09T16:23:43', 'version' => '7.05_07' }, { 'date' => '2015-01-20T10:13:21', 'version' => '7.05_08' }, { 'date' => '2015-01-23T10:51:30', 'version' => '7.05_09' }, { 'date' => '2015-01-26T15:19:01', 'version' => '7.05_10' }, { 'date' => '2015-01-31T16:40:19', 'version' => '7.05_11' }, { 'date' => '2015-02-07T15:19:11', 'version' => '7.05_12' }, { 'date' => '2015-02-18T22:49:29', 'version' => '7.05_13' }, { 'date' => '2015-02-20T17:32:55', 'version' => '7.05_14' }, { 'date' => '2015-03-05T19:44:02', 'version' => '7.05_15' }, { 'date' => '2015-03-09T11:35:12', 'version' => '7.05_16' }, { 'date' => '2015-03-24T12:27:52', 'version' => '7.05_17' }, { 'date' => '2015-03-27T12:20:03', 'version' => '7.05_18' }, { 'date' => '2015-03-27T16:59:34', 'version' => '7.05_19' }, { 'date' => '2015-04-04T15:53:36', 'version' => '7.05_20' }, { 'date' => '2015-06-13T14:19:26', 'version' => '7.05_21' }, { 'date' => '2015-06-14T13:44:56', 'version' => '7.05_22' }, { 'date' => '2015-06-24T19:51:24', 'version' => '7.05_23' }, { 'date' => '2015-07-01T18:30:38', 'version' => '7.05_24' }, { 'date' => '2015-07-07T17:18:36', 'version' => '7.05_25' }, { 'date' => '2015-08-04T19:41:25', 'version' => '7.05_26' }, { 'date' => '2015-08-05T09:35:40', 'version' => '7.05_27' }, { 'date' => '2015-08-19T18:10:20', 'version' => '7.05_28' }, { 'date' => '2015-08-24T15:26:22', 'version' => '7.05_29' }, { 'date' => '2015-08-31T18:06:48', 'version' => '7.06' }, { 'date' => '2015-09-02T11:55:33', 'version' => '7.07_01' }, { 'date' => '2015-09-08T19:59:05', 'version' => '7.08' }, { 'date' => '2015-09-10T18:55:41', 'version' => '7.10' }, { 'date' => '2015-11-12T12:35:03', 'version' => '7.11_01' }, { 'date' => '2015-11-21T20:23:22', 'version' => '7.11_02' }, { 'date' => '2015-11-25T15:40:06', 'version' => '7.11_03' }, { 'date' => '2016-02-15T11:40:55', 'version' => '7.11_04' }, { 'date' => '2016-03-19T10:07:11', 'version' => '7.11_05' }, { 'date' => '2016-03-29T18:44:47', 'version' => '7.11_06' }, { 'date' => '2016-04-19T11:41:10', 'version' => '7.12' }, { 'date' => '2016-04-23T16:35:56', 'version' => '7.13_01' }, { 'date' => '2016-04-24T13:20:40', 'version' => '7.14' }, { 'date' => '2016-04-27T18:27:25', 'version' => '7.15_01' }, { 'date' => '2016-04-28T12:15:28', 'version' => '7.15_02' }, { 'date' => '2016-05-01T13:29:10', 'version' => '7.15_03' }, { 'date' => '2016-05-07T10:28:49', 'version' => '7.16' }, { 'date' => '2016-05-09T19:14:54', 'version' => '7.17_01' }, { 'date' => '2016-05-09T23:07:33', 'version' => '7.17_02' }, { 'date' => '2016-05-11T18:22:21', 'version' => '7.17_03' }, { 'date' => '2016-05-23T15:39:08', 'version' => '7.18' }, { 'date' => '2016-06-02T14:01:28', 'version' => '7.19_01' }, { 'date' => '2016-06-13T09:11:52', 'version' => '7.19_02' }, { 'date' => '2016-06-13T13:44:33', 'version' => '7.19_03' }, { 'date' => '2016-06-14T11:35:43', 'version' => '7.19_04' }, { 'date' => '2016-06-20T14:40:57', 'version' => '7.19_05' }, { 'date' => '2016-06-27T12:04:29', 'version' => '7.19_06' }, { 'date' => '2016-07-03T14:30:23', 'version' => '7.19_07' }, { 'date' => '2016-07-28T12:26:56', 'version' => '7.19_08' }, { 'date' => '2016-08-05T08:57:09', 'version' => '7.20' }, { 'date' => '2016-08-07T09:54:04', 'version' => '7.21_01' }, { 'date' => '2016-08-08T08:42:10', 'version' => '7.22' }, { 'date' => '2016-08-19T09:24:06', 'version' => '7.23_01' }, { 'date' => '2016-08-20T12:35:27', 'version' => '7.24' }, { 'date' => '2017-02-03T15:21:22', 'version' => '7.25_01' }, { 'date' => '2017-05-11T11:19:49', 'version' => '7.25_02' }, { 'date' => '2017-05-11T17:09:16', 'version' => '7.25_03' }, { 'date' => '2017-05-12T12:25:54', 'version' => '7.25_04' }, { 'date' => '2017-05-15T09:41:49', 'version' => '7.25_05' }, { 'date' => '2017-05-23T19:31:28', 'version' => '7.25_06' }, { 'date' => '2017-05-27T20:21:06', 'version' => '7.26' }, { 'date' => '2017-05-28T10:50:55', 'version' => '7.27_01' }, { 'date' => '2017-05-30T08:56:32', 'version' => '7.27_02' }, { 'date' => '2017-05-30T21:26:23', 'version' => '7.28' }, { 'date' => '2017-05-31T08:32:44', 'version' => '7.29_01' }, { 'date' => '2017-06-11T11:17:55', 'version' => '7.29_02' }, { 'date' => '2017-06-12T12:31:08', 'version' => '7.30' }, { 'date' => '2017-06-14T15:10:23', 'version' => '7.31_01' }, { 'date' => '2017-06-26T13:14:10', 'version' => '7.31_02' }, { 'date' => '2017-07-10T09:02:35', 'version' => '7.31_03' }, { 'date' => '2017-10-05T12:19:00', 'version' => '7.31_04' }, { 'date' => '2017-11-25T09:37:04', 'version' => '7.31_05' }, { 'date' => '2018-01-16T13:28:46', 'version' => '7.31_06' }, { 'date' => '2018-01-16T16:24:23', 'version' => '7.31_07' }, { 'date' => '2018-02-12T12:32:45', 'version' => '7.31_08' }, { 'date' => '2018-02-16T20:25:44', 'version' => '7.32' }, { 'date' => '2018-02-20T10:44:19', 'version' => '7.33_01' }, { 'date' => '2018-02-24T14:05:00', 'version' => '7.33_02' }, { 'date' => '2018-02-24T20:21:42', 'version' => '7.33_03' }, { 'date' => '2018-03-19T10:51:54', 'version' => '7.34' }, { 'date' => '2018-04-19T12:46:01', 'version' => '7.35_01' }, { 'date' => '2018-04-24T11:01:35', 'version' => '7.35_02' }, { 'date' => '2018-04-27T13:59:23', 'version' => '7.35_03' }, { 'date' => '2018-07-09T09:50:43', 'version' => '7.35_04' }, { 'date' => '2018-07-10T09:18:31', 'version' => '7.35_05' }, { 'date' => '2018-07-19T19:49:08', 'version' => '7.35_06' }, { 'date' => '2018-11-23T11:59:44', 'version' => '7.35_07' }, { 'date' => '2018-12-06T10:56:33', 'version' => '7.35_08' }, { 'date' => '2019-02-18T10:27:00', 'version' => '7.35_09' }, { 'date' => '2019-02-20T10:06:48', 'version' => '7.35_10' }, { 'date' => '2019-04-25T11:10:29', 'version' => '7.35_11' }, { 'date' => '2019-04-27T22:17:58', 'version' => '7.35_12' }, { 'date' => '2019-04-28T11:23:25', 'version' => '7.35_13' }, { 'date' => '2019-04-28T13:15:57', 'version' => '7.35_14' }, { 'date' => '2019-04-28T15:48:41', 'version' => '7.36' }, { 'date' => '2019-06-07T10:55:49', 'version' => '7.37_01' }, { 'date' => '2019-06-27T10:35:57', 'version' => '7.37_02' }, { 'date' => '2019-08-03T12:27:47', 'version' => '7.37_03' }, { 'date' => '2019-08-22T14:34:47', 'version' => '7.37_04' }, { 'date' => '2019-09-11T09:16:48', 'version' => '7.38' }, { 'date' => '2019-09-16T06:54:51', 'version' => '7.39_01' }, { 'date' => '2019-11-07T10:03:13', 'version' => '7.39_02' }, { 'date' => '2019-11-17T20:12:14', 'version' => '7.39_03' }, { 'date' => '2019-11-18T15:20:20', 'version' => '7.39_04' }, { 'date' => '2019-11-21T12:10:17', 'version' => '7.39_05' }, { 'date' => '2019-12-16T20:02:27', 'version' => '7.40' }, { 'date' => '2019-12-16T21:53:56', 'version' => '7.41_01' }, { 'date' => '2019-12-17T22:30:33', 'version' => '7.42' }, { 'date' => '2020-01-05T13:00:40', 'version' => '7.43_01' }, { 'date' => '2020-01-14T16:54:08', 'version' => '7.44' }, { 'date' => '2020-05-28T16:58:08', 'version' => '7.45_01' }, { 'date' => '2020-06-23T10:14:10', 'version' => '7.46' }, { 'date' => '2020-06-26T10:13:17', 'version' => '7.47_01' }, { 'date' => '2020-07-07T07:38:50', 'version' => '7.47_02' }, { 'date' => '2020-07-08T21:54:35', 'version' => '7.47_03' }, { 'date' => '2020-07-28T19:00:26', 'version' => '7.47_04' }, { 'date' => '2020-07-31T09:57:33', 'version' => '7.47_05' }, { 'date' => '2020-08-01T13:53:05', 'version' => '7.47_06' }, { 'date' => '2020-08-03T21:39:02', 'version' => '7.47_07' }, { 'date' => '2020-08-31T09:02:22', 'version' => '7.47_08' }, { 'date' => '2020-09-14T13:50:45', 'version' => '7.47_09' }, { 'date' => '2020-09-15T18:45:02', 'version' => '7.47_10' }, { 'date' => '2020-09-20T09:20:24', 'version' => '7.47_11' }, { 'date' => '2020-09-30T15:40:12', 'version' => '7.47_12' }, { 'date' => '2020-10-04T10:56:39', 'version' => '7.48' }, { 'date' => '2020-10-06T17:29:16', 'version' => '7.49_01' }, { 'date' => '2020-10-08T12:03:50', 'version' => '7.49_02' }, { 'date' => '2020-10-09T20:46:22', 'version' => '7.49_03' }, { 'date' => '2020-10-13T18:34:34', 'version' => '7.49_04' }, { 'date' => '2020-10-21T18:14:52', 'version' => '7.50' }, { 'date' => '2020-11-04T00:05:13', 'version' => '7.51_01' }, { 'date' => '2020-11-04T19:51:52', 'version' => '7.52' }, { 'date' => '2020-11-10T03:50:49', 'version' => '7.53_01' }, { 'date' => '2020-11-12T19:50:41', 'version' => '7.54' }, { 'date' => '2020-11-18T18:25:16', 'version' => '7.55_01' }, { 'date' => '2020-11-19T20:00:09', 'version' => '7.56' }, { 'date' => '2020-12-18T13:45:54', 'version' => '7.57_01' }, { 'date' => '2020-12-18T23:07:45', 'version' => '7.57_02' }, { 'date' => '2020-12-21T18:31:44', 'version' => '7.58' }, { 'date' => '2021-02-02T10:13:35', 'version' => '7.59_01' }, { 'date' => '2021-02-17T11:05:23', 'version' => '7.60' }, { 'date' => '2021-03-21T15:00:35', 'version' => '7.61_01' }, { 'date' => '2021-04-13T18:13:28', 'version' => '7.62' }, { 'date' => '2021-05-25T18:00:03', 'version' => '7.63_01' }, { 'date' => '2021-06-03T19:05:10', 'version' => '7.63_02' }, { 'date' => '2021-06-22T13:53:51', 'version' => '7.63_03' }, { 'date' => '2021-06-30T14:30:46', 'version' => '7.63_04' }, { 'date' => '2021-08-14T08:19:32', 'version' => '7.63_05' }, { 'date' => '2021-11-03T01:44:47', 'version' => '7.63_06' }, { 'date' => '2021-11-27T11:51:29', 'version' => '7.63_07' }, { 'date' => '2021-11-27T17:31:21', 'version' => '7.63_08' }, { 'date' => '2021-12-08T22:35:25', 'version' => '7.63_09' }, { 'date' => '2021-12-13T16:54:00', 'version' => '7.63_10' }, { 'date' => '2021-12-14T17:00:18', 'version' => '7.63_11' }, { 'date' => '2021-12-17T19:24:34', 'version' => '7.64' }, { 'date' => '2022-05-30T10:07:14', 'version' => '7.65_01' }, { 'date' => '2022-07-22T13:01:08', 'version' => '7.65_02' }, { 'date' => '2022-12-24T00:32:29', 'version' => '7.65_03' }, { 'date' => '2022-12-25T09:06:33', 'version' => '7.66' }, { 'date' => '2023-03-01T13:47:08', 'version' => '7.67_01' }, { 'date' => '2023-03-06T11:17:11', 'version' => '7.67_02' }, { 'date' => '2023-03-14T21:41:23', 'version' => '7.68' }, { 'date' => '2023-03-25T11:45:00', 'version' => '7.69_01' }, { 'date' => '2023-03-26T13:29:08', 'version' => '7.70' } ] }, 'FCGI' => { 'advisories' => [ { 'affected_versions' => '<0.74', 'cves' => [ 'CVE-2011-2766' ], 'description' => 'Leaking information across requests when using the deprecated and undocumented old FCGI interface. ', 'distribution' => 'FCGI', 'fixed_versions' => '>=0.74', 'id' => 'CPANSA-FCGI-2011-01', 'references' => [ 'https://metacpan.org/changes/distribution/FCGI', 'https://github.com/perl-catalyst/FCGI/commit/297693dc8362d25bb25e473899c72508a0f71d2e' ], 'reported' => '2011-09-24' } ], 'main_module' => 'FCGI', 'versions' => [ { 'date' => '1996-09-25T17:48:57', 'version' => '0.25' }, { 'date' => '1996-10-15T21:51:06', 'version' => '0.26' }, { 'date' => '1997-02-20T08:55:44', 'version' => '0.27' }, { 'date' => '1997-02-25T07:14:13', 'version' => '0.28' }, { 'date' => '1997-06-10T18:16:17', 'version' => '0.29' }, { 'date' => '1997-06-24T17:17:05', 'version' => '0.30' }, { 'date' => '1997-07-24T11:05:43', 'version' => '0.31' }, { 'date' => '1998-06-17T10:24:17', 'version' => '0.34' }, { 'date' => '1998-06-22T15:38:51', 'version' => '0.35' }, { 'date' => '1998-06-24T19:42:57', 'version' => '0.36' }, { 'date' => '1998-06-27T16:08:39', 'version' => '0.37' }, { 'date' => '1998-07-15T15:24:00', 'version' => '0.40' }, { 'date' => '1998-07-29T16:05:51', 'version' => '0.41' }, { 'date' => '1998-08-28T15:30:49', 'version' => '0.42' }, { 'date' => '1998-12-22T22:34:14', 'version' => '0.43' }, { 'date' => '1998-12-23T11:28:39', 'version' => '0.44' }, { 'date' => '1999-03-08T17:04:02', 'version' => '0.45' }, { 'date' => '1999-07-30T08:26:31', 'version' => '0.46' }, { 'date' => '1999-07-31T21:58:01', 'version' => '0.47' }, { 'date' => '1999-08-27T13:41:54', 'version' => '0.48' }, { 'date' => '2000-04-09T18:58:32', 'version' => '0.49' }, { 'date' => '2000-04-10T07:04:43', 'version' => '0.50' }, { 'date' => '2000-04-12T12:27:09', 'version' => '0.51' }, { 'date' => '2000-04-12T14:10:02', 'version' => '0.52' }, { 'date' => '2000-07-10T10:01:51', 'version' => '0.53' }, { 'date' => '2000-10-08T19:52:29', 'version' => '0.54' }, { 'date' => '2000-10-18T21:22:46', 'version' => '0.55' }, { 'date' => '2000-11-03T15:44:28', 'version' => '0.56' }, { 'date' => '2000-11-12T15:15:01', 'version' => '0.57' }, { 'date' => '2000-11-14T23:20:24', 'version' => '0.58' }, { 'date' => '2000-12-31T22:05:44', 'version' => '0.59' }, { 'date' => '2001-06-08T15:19:08', 'version' => '0.60' }, { 'date' => '2001-09-20T12:34:13', 'version' => '0.61' }, { 'date' => '2001-09-21T16:19:42', 'version' => '0.62' }, { 'date' => '2001-09-24T20:43:48', 'version' => '0.63' }, { 'date' => '2001-09-25T08:26:24', 'version' => '0.64' }, { 'date' => '2002-02-19T14:16:27', 'version' => '0.65' }, { 'date' => '2002-09-05T16:23:07', 'version' => '0.66' }, { 'date' => '2002-12-23T10:21:36', 'version' => '0.67' }, { 'date' => '2009-12-20T21:05:48', 'version' => '0.67_01' }, { 'date' => '2010-01-06T10:07:05', 'version' => '0.68' }, { 'date' => '2010-01-10T01:35:11', 'version' => '0.68_01' }, { 'date' => '2010-01-13T19:25:40', 'version' => '0.68_02' }, { 'date' => '2010-02-15T23:08:12', 'version' => '0.69' }, { 'date' => '2010-03-22T14:35:03', 'version' => '0.70' }, { 'date' => '2010-04-01T00:55:33', 'version' => '0.71' }, { 'date' => '2010-08-24T21:32:56', 'version' => '0.71_01' }, { 'date' => '2011-04-28T08:50:09', 'version' => '0.71_02' }, { 'date' => '2011-04-28T09:05:42', 'version' => '0.71_03' }, { 'date' => '2011-05-19T09:06:02', 'version' => '0.72' }, { 'date' => '2011-05-28T01:35:17', 'version' => '0.73' }, { 'date' => '2011-09-24T08:31:47', 'version' => '0.74' }, { 'date' => '2014-07-17T00:19:02', 'version' => '0.75' }, { 'date' => '2014-08-05T01:29:06', 'version' => '0.76' }, { 'date' => '2014-08-05T15:53:28', 'version' => '0.77' }, { 'date' => '2016-03-07T00:08:23', 'version' => '0.78' }, { 'date' => '2019-12-14T18:29:19', 'version' => '0.79' }, { 'date' => '2021-07-25T04:54:49', 'version' => '0.80' }, { 'date' => '2021-07-30T23:19:01', 'version' => '0.81' }, { 'date' => '2021-07-31T03:26:34', 'version' => '0.82' } ] }, 'Fake-Encode' => { 'advisories' => [ { 'affected_versions' => '<0.08', 'cves' => [ 'CVE-2016-1238' ], 'description' => 'Loading modules from . (current directory). ', 'distribution' => 'Fake-Encode', 'fixed_versions' => '>=0.08', 'id' => 'CPANSA-Fake-Encode-2017-01', 'references' => [ 'https://metacpan.org/changes/distribution/Fake-Encode' ], 'reported' => '2017-01-23' } ], 'main_module' => 'Fake::Encode', 'versions' => [ { 'date' => '2016-05-31T14:11:49', 'version' => '0.01' }, { 'date' => '2017-01-23T12:34:23', 'version' => '0.02' }, { 'date' => '2017-01-25T15:52:13', 'version' => '0.03' }, { 'date' => '2017-01-26T15:17:01', 'version' => '0.04' }, { 'date' => '2017-03-06T16:01:40', 'version' => '0.05' }, { 'date' => '2017-09-08T17:54:14', 'version' => '0.06' }, { 'date' => '2017-09-09T15:27:50', 'version' => '0.07' }, { 'date' => '2018-02-03T14:50:49', 'version' => '0.08' }, { 'date' => '2018-02-19T12:21:04', 'version' => '0.09' }, { 'date' => '2019-07-11T16:26:06', 'version' => '0.10' }, { 'date' => '2023-03-25T02:26:13', 'version' => '0.11' } ] }, 'Fake-Our' => { 'advisories' => [ { 'affected_versions' => '<0.06', 'cves' => [ 'CVE-2016-1238' ], 'description' => 'Loading modules from . (current directory). ', 'distribution' => 'Fake-Our', 'fixed_versions' => '>=0.06', 'id' => 'CPANSA-Fake-Our-2017-01', 'references' => [ 'https://metacpan.org/changes/distribution/Fake-Our' ], 'reported' => '2017-01-23' } ], 'main_module' => 'Fake::Our', 'versions' => [ { 'date' => '2014-02-09T05:36:09', 'version' => '0.01' }, { 'date' => '2014-08-06T17:33:15', 'version' => '0.02' }, { 'date' => '2014-08-09T02:35:25', 'version' => '0.03' }, { 'date' => '2014-08-10T15:33:58', 'version' => '0.04' }, { 'date' => '2015-06-21T04:09:47', 'version' => '0.05' }, { 'date' => '2017-01-23T12:34:34', 'version' => '0.06' }, { 'date' => '2017-01-26T15:21:45', 'version' => '0.07' }, { 'date' => '2017-01-27T15:18:56', 'version' => '0.08' }, { 'date' => '2017-01-28T15:07:50', 'version' => '0.09' }, { 'date' => '2017-03-06T16:01:51', 'version' => '0.10' }, { 'date' => '2018-02-03T11:05:49', 'version' => '0.11' }, { 'date' => '2018-02-16T17:54:00', 'version' => '0.12' }, { 'date' => '2018-02-17T01:35:58', 'version' => '0.13' }, { 'date' => '2018-02-18T15:32:17', 'version' => '0.14' }, { 'date' => '2019-07-11T16:27:42', 'version' => '0.15' }, { 'date' => '2019-07-14T00:51:24', 'version' => '0.16' }, { 'date' => '2023-03-25T02:32:44', 'version' => '0.17' } ] }, 'File-DataClass' => { 'advisories' => [ { 'affected_versions' => '<0.72.1', 'cves' => [ 'CVE-2016-1238' ], 'description' => 'Loading modules from . (current directory). ', 'distribution' => 'File-DataClass', 'fixed_versions' => '>=0.72.1', 'id' => 'CPANSA-File-DataClass-2017-01', 'references' => [ 'https://metacpan.org/changes/distribution/File-DataClass' ], 'reported' => '2017-04-01' } ], 'main_module' => 'File::DataClass', 'versions' => [ { 'date' => '2010-09-29T16:37:04', 'version' => '0.1.228' }, { 'date' => '2010-10-06T14:20:31', 'version' => '0.2.234' }, { 'date' => '2011-01-26T18:14:50', 'version' => '0.3.238' }, { 'date' => '2011-02-27T23:09:38', 'version' => '0.3.239' }, { 'date' => '2011-04-12T19:44:59', 'version' => '0.3.259' }, { 'date' => '2011-05-15T17:45:09', 'version' => '0.4.268' }, { 'date' => '2011-05-30T01:47:40', 'version' => '0.5.271' }, { 'date' => '2011-07-11T13:39:10', 'version' => '0.6.286' }, { 'date' => '2011-11-30T00:05:18', 'version' => '0.7.321' }, { 'date' => '2011-12-02T04:40:20', 'version' => '0.7.325' }, { 'date' => '2011-12-02T22:39:25', 'version' => '0.7.326' }, { 'date' => '2011-12-03T18:43:58', 'version' => '0.7.328' }, { 'date' => '2012-02-22T18:28:29', 'version' => '0.7.330' }, { 'date' => '2012-02-23T11:00:24', 'version' => '0.7.331' }, { 'date' => '2012-02-24T10:52:18', 'version' => '0.7.332' }, { 'date' => '2012-03-12T17:34:58', 'version' => '0.7.335' }, { 'date' => '2012-03-20T18:24:26', 'version' => '0.7.336' }, { 'date' => '2012-03-21T22:43:50', 'version' => '0.7.338' }, { 'date' => '2012-03-22T13:48:59', 'version' => '0.7.339' }, { 'date' => '2012-03-24T00:37:31', 'version' => '0.7.343' }, { 'date' => '2012-03-28T23:58:41', 'version' => '0.8.351' }, { 'date' => '2012-03-29T22:05:21', 'version' => '0.8.355' }, { 'date' => '2012-04-03T00:26:12', 'version' => '0.8.357' }, { 'date' => '2012-04-04T15:19:03', 'version' => '0.8.360' }, { 'date' => '2012-04-17T18:57:01', 'version' => '0.9.368' }, { 'date' => '2012-05-19T21:05:56', 'version' => '0.10.380' }, { 'date' => '2012-07-10T00:34:23', 'version' => '0.11.401' }, { 'date' => '2012-09-02T13:43:37', 'version' => '0.12.406' }, { 'date' => '2012-09-06T14:02:06', 'version' => '0.12.409' }, { 'date' => '2012-11-07T07:49:39', 'version' => '0.13.416' }, { 'date' => '2012-11-13T20:16:27', 'version' => '0.13.418' }, { 'date' => '2012-12-12T23:25:16', 'version' => '0.13.420' }, { 'date' => '2012-12-14T17:58:08', 'version' => '0.13.421' }, { 'date' => '2012-12-19T22:23:08', 'version' => '0.13.422' }, { 'date' => '2012-12-21T20:48:41', 'version' => '0.13.424' }, { 'date' => '2012-12-30T03:05:28', 'version' => '0.13.427' }, { 'date' => '2013-01-07T00:52:48', 'version' => '0.14.429' }, { 'date' => '2013-04-01T01:14:44', 'version' => '0.15.431' }, { 'date' => '2013-04-02T14:21:13', 'version' => '0.15.434' }, { 'date' => '2013-04-14T16:15:55', 'version' => 'v0.16.438' }, { 'date' => '2013-04-15T20:42:56', 'version' => 'v0.16.442' }, { 'date' => '2013-04-24T03:47:54', 'version' => 'v0.16.445' }, { 'date' => '2013-04-29T17:12:37', 'version' => 'v0.17.450' }, { 'date' => '2013-04-30T22:15:36', 'version' => 'v0.18.6' }, { 'date' => '2013-05-02T14:14:57', 'version' => 'v0.19.1' }, { 'date' => '2013-05-07T23:33:06', 'version' => 'v0.20.6' }, { 'date' => '2013-05-10T14:58:03', 'version' => 'v0.20.7' }, { 'date' => '2013-05-14T13:32:28', 'version' => 'v0.20.8' }, { 'date' => '2013-05-15T20:03:34', 'version' => 'v0.20.9' }, { 'date' => '2013-05-16T00:11:50', 'version' => 'v0.20.10' }, { 'date' => '2013-05-17T16:07:41', 'version' => 'v0.20.12' }, { 'date' => '2013-06-08T13:26:40', 'version' => 'v0.20.13' }, { 'date' => '2013-07-28T17:41:14', 'version' => 'v0.22.1' }, { 'date' => '2013-07-29T11:39:49', 'version' => 'v0.22.2' }, { 'date' => '2013-07-29T11:46:28', 'version' => 'v0.22.3' }, { 'date' => '2013-07-29T18:37:14', 'version' => 'v0.22.4' }, { 'date' => '2013-07-30T10:19:23', 'version' => 'v0.22.5' }, { 'date' => '2013-07-30T16:25:59', 'version' => 'v0.22.7' }, { 'date' => '2013-07-31T09:54:30', 'version' => 'v0.22.8' }, { 'date' => '2013-08-02T19:06:49', 'version' => 'v0.22.9' }, { 'date' => '2013-08-06T17:19:31', 'version' => 'v0.23.1' }, { 'date' => '2013-08-07T13:14:13', 'version' => 'v0.23.2' }, { 'date' => '2013-08-13T18:01:24', 'version' => '0.24.1' }, { 'date' => '2013-08-16T22:49:23', 'version' => '0.24.3' }, { 'date' => '2013-09-03T13:11:17', 'version' => '0.25.1' }, { 'date' => '2013-09-26T16:04:18', 'version' => '0.26.1' }, { 'date' => '2013-11-22T09:42:00', 'version' => '0.27.1' }, { 'date' => '2014-01-01T15:02:23', 'version' => '0.28.1' }, { 'date' => '2014-01-01T17:03:18', 'version' => '0.29.1' }, { 'date' => '2014-01-02T02:33:28', 'version' => '0.30.1' }, { 'date' => '2014-01-13T18:41:29', 'version' => '0.31.1' }, { 'date' => '2014-01-24T20:56:21', 'version' => '0.33.1' }, { 'date' => '2014-04-04T10:52:59', 'version' => '0.34.1' }, { 'date' => '2014-05-01T14:40:32', 'version' => '0.35.1' }, { 'date' => '2014-05-13T10:03:54', 'version' => '0.36.1' }, { 'date' => '2014-05-13T21:08:07', 'version' => '0.37.1' }, { 'date' => '2014-05-15T00:11:43', 'version' => '0.38.1' }, { 'date' => '2014-05-16T08:19:01', 'version' => '0.39.1' }, { 'date' => '2014-05-22T09:37:34', 'version' => '0.40.1' }, { 'date' => '2014-05-22T14:10:49', 'version' => '0.40.2' }, { 'date' => '2014-05-28T10:28:42', 'version' => '0.41.1' }, { 'date' => '2014-07-03T23:27:53', 'version' => '0.42.1' }, { 'date' => '2014-07-04T09:25:10', 'version' => '0.42.2' }, { 'date' => '2014-07-04T12:19:02', 'version' => '0.43.1' }, { 'date' => '2014-07-16T12:39:03', 'version' => '0.44.1' }, { 'date' => '2014-08-18T23:00:05', 'version' => '0.45.1' }, { 'date' => '2014-08-26T12:43:14', 'version' => '0.45.5' }, { 'date' => '2014-08-26T16:41:35', 'version' => '0.46.1' }, { 'date' => '2014-08-27T16:17:50', 'version' => '0.47.1' }, { 'date' => '2014-09-03T22:25:51', 'version' => '0.48.1' }, { 'date' => '2014-10-02T17:39:13', 'version' => '0.48.3' }, { 'date' => '2014-10-02T19:59:28', 'version' => '0.49.1' }, { 'date' => '2014-11-07T18:51:52', 'version' => '0.50.1' }, { 'date' => '2014-11-08T21:45:45', 'version' => '0.50.2' }, { 'date' => '2014-11-09T13:19:50', 'version' => '0.50.3' }, { 'date' => '2014-11-09T15:52:41', 'version' => '0.51.1' }, { 'date' => '2014-11-10T12:44:49', 'version' => '0.52.1' }, { 'date' => '2014-12-19T11:49:49', 'version' => '0.53.1' }, { 'date' => '2014-12-19T22:54:41', 'version' => '0.54.1' }, { 'date' => '2015-02-05T00:04:33', 'version' => '0.55.1' }, { 'date' => '2015-03-19T14:59:03', 'version' => '0.56.1' }, { 'date' => '2015-04-04T20:00:58', 'version' => '0.57.1' }, { 'date' => '2015-04-04T20:16:31', 'version' => '0.58.1' }, { 'date' => '2015-04-05T17:58:31', 'version' => '0.59.1' }, { 'date' => '2015-04-08T23:10:28', 'version' => '0.60.1' }, { 'date' => '2015-05-11T12:15:05', 'version' => '0.61.1' }, { 'date' => '2015-05-24T11:52:28', 'version' => '0.62.1' }, { 'date' => '2015-06-21T21:42:17', 'version' => '0.63.1' }, { 'date' => '2015-08-29T08:58:54', 'version' => '0.66.1' }, { 'date' => '2016-02-01T00:18:43', 'version' => '0.67.1' }, { 'date' => '2016-02-01T14:33:11', 'version' => '0.68.1' }, { 'date' => '2016-07-05T00:36:52', 'version' => '0.69.1' }, { 'date' => '2016-07-29T15:24:24', 'version' => '0.70.1' }, { 'date' => '2016-07-29T18:59:13', 'version' => '0.71.1' }, { 'date' => '2017-04-02T08:23:47', 'version' => '0.72.1' }, { 'date' => '2017-06-02T00:03:17', 'version' => '0.73.1' } ] }, 'File-KeePass' => { 'advisories' => [ { 'affected_versions' => '>0', 'cves' => [], 'description' => 'The module is making use of the perl rand function for key and iv generation (for Crypt::Rijndael). ', 'distribution' => 'File-KeePass', 'fixed_versions' => undef, 'id' => 'CPANSA-File-KeePass-2016-01', 'references' => [ 'https://rt.cpan.org/Ticket/Display.html?id=117836' ], 'reported' => '2016-09-14', 'severity' => undef } ], 'main_module' => 'File::KeePass', 'versions' => [ { 'date' => '2010-06-29T14:52:50', 'version' => '0.01' }, { 'date' => '2010-12-04T04:33:41', 'version' => '0.02' }, { 'date' => '2010-12-07T06:06:57', 'version' => '0.03' }, { 'date' => '2012-09-13T04:48:56', 'version' => '2.00' }, { 'date' => '2012-09-13T14:17:11', 'version' => '2.01' }, { 'date' => '2012-09-13T15:22:40', 'version' => '2.02' }, { 'date' => '2012-09-15T22:25:43', 'version' => '2.03' } ] }, 'File-Path' => { 'advisories' => [ { 'affected_versions' => '<2.13', 'cves' => [ 'CVE-2017-6512' ], 'description' => 'Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. ', 'distribution' => 'File-Path', 'fixed_versions' => '>=2.13', 'id' => 'CPANSA-File-Path-2017-01', 'references' => [ 'https://metacpan.org/changes/distribution/File-Path', 'https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2' ], 'reported' => '2017-05-02' }, { 'affected_versions' => '<=1.08', 'cves' => [ 'CVE-2008-5303' ], 'description' => 'Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. ', 'distribution' => 'File-Path', 'fixed_versions' => undef, 'id' => 'CPANSA-File-Path-2008-5303', 'references' => [ 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905', 'http://www.openwall.com/lists/oss-security/2008/11/28/2', 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36', 'http://www.gossamer-threads.com/lists/perl/porters/233695#233695', 'http://www.debian.org/security/2008/dsa-1678', 'http://www.ubuntu.com/usn/usn-700-1', 'http://secunia.com/advisories/33314', 'http://wiki.rpath.com/Advisories:rPSA-2009-0011', 'http://www.ubuntu.com/usn/usn-700-2', 'http://secunia.com/advisories/32980', 'http://support.apple.com/kb/HT4077', 'http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html', 'http://www.redhat.com/support/errata/RHSA-2010-0458.html', 'http://secunia.com/advisories/40052', 'http://www.mandriva.com/security/advisories?name=MDVSA-2010:116', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/47044', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680', 'http://www.securityfocus.com/archive/1/500210/100/0/threaded' ], 'reported' => '2008-12-01', 'severity' => undef }, { 'affected_versions' => [ '=1.08', '=2.07' ], 'cves' => [ 'CVE-2008-5302' ], 'description' => 'Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. ', 'distribution' => 'File-Path', 'fixed_versions' => undef, 'id' => 'CPANSA-File-Path-2008-5302', 'references' => [ 'http://www.gossamer-threads.com/lists/perl/porters/233695#233695', 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36', 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905', 'http://www.openwall.com/lists/oss-security/2008/11/28/2', 'http://www.debian.org/security/2008/dsa-1678', 'http://secunia.com/advisories/33314', 'http://www.ubuntu.com/usn/usn-700-1', 'http://wiki.rpath.com/Advisories:rPSA-2009-0011', 'http://www.ubuntu.com/usn/usn-700-2', 'http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html', 'http://secunia.com/advisories/32980', 'http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html', 'http://support.apple.com/kb/HT4077', 'http://secunia.com/advisories/40052', 'http://www.mandriva.com/security/advisories?name=MDVSA-2010:116', 'http://www.redhat.com/support/errata/RHSA-2010-0458.html', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/47043', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076', 'http://www.securityfocus.com/archive/1/500210/100/0/threaded' ], 'reported' => '2008-12-01', 'severity' => undef }, { 'affected_versions' => '>=2.04,<2.07', 'cves' => [ 'CVE-2008-2827' ], 'description' => 'The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. ', 'distribution' => 'File-Path', 'fixed_versions' => '>=2.07', 'id' => 'CPANSA-File-Path-2008-2827', 'references' => [ 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319', 'http://rt.cpan.org/Public/Bug/Display.html?id=36982', 'http://www.securityfocus.com/bid/29902', 'http://secunia.com/advisories/30790', 'http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html', 'http://www.mandriva.com/security/advisories?name=MDVSA-2008:165', 'https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html', 'http://secunia.com/advisories/30837', 'http://secunia.com/advisories/31687', 'http://www.securitytracker.com/id?1020373', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/43308' ], 'reported' => '2008-06-23', 'severity' => undef }, { 'affected_versions' => '<1.07', 'cves' => [ 'CVE-2005-0448' ], 'description' => 'Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. ', 'distribution' => 'File-Path', 'fixed_versions' => undef, 'id' => 'CPANSA-File-Path-2005-0448', 'references' => [ 'http://www.debian.org/security/2005/dsa-696', 'http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml', 'http://www.redhat.com/support/errata/RHSA-2005-881.html', 'http://secunia.com/advisories/18075', 'http://www.securityfocus.com/bid/12767', 'ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U', 'http://secunia.com/advisories/14531', 'http://secunia.com/advisories/18517', 'http://fedoranews.org/updates/FEDORA--.shtml', 'http://www.redhat.com/support/errata/RHSA-2005-674.html', 'http://secunia.com/advisories/17079', 'http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056', 'http://www.mandriva.com/security/advisories?name=MDKSA-2005:079', 'http://www.securityfocus.com/advisories/8704', 'http://secunia.com/advisories/55314', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475', 'https://usn.ubuntu.com/94-1/' ], 'reported' => '2005-05-02', 'severity' => undef }, { 'affected_versions' => '>=1.404,<=1.06', 'cves' => [ 'CVE-2004-0452' ], 'description' => 'Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. ', 'distribution' => 'File-Path', 'fixed_versions' => undef, 'id' => 'CPANSA-File-Path-2004-0452', 'references' => [ 'http://www.debian.org/security/2004/dsa-620', 'http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml', 'http://www.redhat.com/support/errata/RHSA-2005-103.html', 'ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U', 'http://www.securityfocus.com/bid/12072', 'http://secunia.com/advisories/12991', 'http://secunia.com/advisories/18517', 'http://fedoranews.org/updates/FEDORA--.shtml', 'http://www.redhat.com/support/errata/RHSA-2005-105.html', 'http://secunia.com/advisories/55314', 'http://marc.info/?l=bugtraq&m=110547693019788&w=2', 'https://www.ubuntu.com/usn/usn-44-1/', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/18650', 'https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938' ], 'reported' => '2004-12-21', 'severity' => undef } ], 'main_module' => 'File::Path', 'versions' => [ { 'date' => '2007-05-17T13:46:15', 'version' => '1.99_01' }, { 'date' => '2007-05-27T09:29:48', 'version' => '1.99_02' }, { 'date' => '2007-06-27T19:23:09', 'version' => '2.00_05' }, { 'date' => '2007-07-04T21:37:13', 'version' => '2.00_06' }, { 'date' => '2007-07-09T19:37:02', 'version' => '2.00_07' }, { 'date' => '2007-08-01T00:10:43', 'version' => '2.00_08' }, { 'date' => '2007-08-20T18:15:55', 'version' => '2.00_09' }, { 'date' => '2007-09-04T17:20:45', 'version' => '2.00_10' }, { 'date' => '2007-09-08T12:53:07', 'version' => '2.00_11' }, { 'date' => '2007-09-29T10:29:32', 'version' => '2.01' }, { 'date' => '2007-10-24T10:36:09', 'version' => '2.02' }, { 'date' => '2007-11-04T18:36:19', 'version' => '2.03' }, { 'date' => '2007-11-24T09:53:23', 'version' => '2.04' }, { 'date' => '2008-05-07T08:25:05', 'version' => '2.05' }, { 'date' => '2008-05-08T09:36:50', 'version' => '2.06' }, { 'date' => '2008-05-10T21:02:47', 'version' => '2.06_01' }, { 'date' => '2008-05-12T10:07:46', 'version' => '2.06_02' }, { 'date' => '2008-05-12T21:43:43', 'version' => '2.06_03' }, { 'date' => '2008-05-13T14:40:30', 'version' => '2.06_04' }, { 'date' => '2008-10-01T20:41:37', 'version' => '2.06_05' }, { 'date' => '2008-10-05T21:59:58', 'version' => '2.06_06' }, { 'date' => '2008-10-29T17:55:36', 'version' => '2.06_07' }, { 'date' => '2008-11-05T00:12:29', 'version' => '2.06_08' }, { 'date' => '2008-11-09T13:11:17', 'version' => '2.07' }, { 'date' => '2009-06-21T13:23:32', 'version' => '2.07_03' }, { 'date' => '2009-10-04T10:31:05', 'version' => '2.08' }, { 'date' => '2013-01-16T21:36:05', 'version' => '2.09' }, { 'date' => '2015-06-24T17:03:22', 'version' => '2.10_001' }, { 'date' => '2015-06-26T17:28:20', 'version' => '2.10_002' }, { 'date' => '2015-07-08T16:59:11', 'version' => '2.10_003' }, { 'date' => '2015-07-10T11:34:44', 'version' => '2.10_004' }, { 'date' => '2015-07-17T15:03:07', 'version' => '2.10_005' }, { 'date' => '2015-07-18T02:28:14', 'version' => '2.11' }, { 'date' => '2015-07-24T23:01:36', 'version' => '2.11_001' }, { 'date' => '2015-07-25T09:56:18', 'version' => '2.11_002' }, { 'date' => '2015-08-03T18:07:05', 'version' => '2.11_003' }, { 'date' => '2015-10-01T19:34:07', 'version' => '2.11_004' }, { 'date' => '2015-10-09T12:11:52', 'version' => '2.12' }, { 'date' => '2016-09-18T13:35:39', 'version' => '2.12_001' }, { 'date' => '2017-03-12T22:09:35', 'version' => '2.12_002' }, { 'date' => '2017-04-07T13:59:30', 'version' => '2.12_003' }, { 'date' => '2017-04-18T18:37:56', 'version' => '2.12_004' }, { 'date' => '2017-04-21T12:03:20', 'version' => '2.12_005' }, { 'date' => '2017-04-21T21:58:56', 'version' => '2.12_006' }, { 'date' => '2017-04-22T20:09:24', 'version' => '2.12_007' }, { 'date' => '2017-05-07T17:48:35', 'version' => '2.12_008' }, { 'date' => '2017-05-31T23:44:51', 'version' => '2.13' }, { 'date' => '2017-06-07T21:34:52', 'version' => '2.14' }, { 'date' => '2017-07-30T02:40:36', 'version' => '2.15' }, { 'date' => '2018-08-31T13:04:13', 'version' => '2.16' }, { 'date' => '2020-07-18T18:29:28', 'version' => '2.17' }, { 'date' => '2020-11-04T12:38:02', 'version' => '2.18_001' }, { 'date' => '2020-11-05T01:30:15', 'version' => '2.18' } ] }, 'File-Slurp' => { 'advisories' => [ { 'affected_versions' => '<9999.26', 'cves' => [], 'description' => 'Use of sysread treats any :encoding(...) as effectively :utf8. ', 'distribution' => 'File-Slurp', 'fixed_versions' => '>=9999.26', 'id' => 'CPANSA-File-Slurp-2013-01', 'references' => [ 'https://rt.cpan.org/Public/Bug/Display.html?id=83126', 'https://rt.perl.org/Ticket/Display.html?id=121870' ], 'reported' => '2013-02-04' } ], 'main_module' => 'File::Slurp', 'versions' => [ { 'date' => '1996-04-22T21:18:00', 'version' => '96.042202' }, { 'date' => '1998-07-19T16:25:00', 'version' => '98.071901' }, { 'date' => '2001-11-04T03:17:00', 'version' => '2001.1103' }, { 'date' => '2002-03-08T05:22:00', 'version' => '2002.0305' }, { 'date' => '2002-11-01T03:14:00', 'version' => '2002.1031' }, { 'date' => '2003-09-04T16:28:00', 'version' => '2004.0904' }, { 'date' => '2003-11-24T07:45:57', 'version' => '0.01' }, { 'date' => '2003-11-24T08:02:47', 'version' => '9999.01' }, { 'date' => '2003-12-17T09:20:57', 'version' => '9999.02' }, { 'date' => '2003-12-22T06:54:57', 'version' => '9999.03' }, { 'date' => '2004-02-23T19:27:53', 'version' => '9999.04' }, { 'date' => '2004-09-21T05:23:58', 'version' => '9999.06' }, { 'date' => '2005-01-30T10:01:07', 'version' => '9999.07' }, { 'date' => '2005-04-16T05:06:09', 'version' => '9999.08' }, { 'date' => '2005-04-29T06:09:11', 'version' => '9999.09' }, { 'date' => '2006-01-19T18:29:42', 'version' => '9999.10' }, { 'date' => '2006-01-20T06:45:13', 'version' => '9999.11' }, { 'date' => '2006-03-07T07:13:42', 'version' => '9999.12' }, { 'date' => '2008-01-24T04:57:12', 'version' => '9999.13' }, { 'date' => '2011-03-22T22:41:08', 'version' => '9999.14' }, { 'date' => '2011-03-24T22:52:42', 'version' => '9999.15' }, { 'date' => '2011-04-24T04:26:18', 'version' => '9999.16' }, { 'date' => '2011-05-13T06:23:08', 'version' => '9999.17' }, { 'date' => '2011-05-13T07:03:44', 'version' => '9999.18' }, { 'date' => '2011-06-07T08:08:06', 'version' => '9999.19' }, { 'date' => '2018-09-28T01:57:50', 'version' => '9999.20_01' }, { 'date' => '2018-10-05T01:23:09', 'version' => '9999.20_02' }, { 'date' => '2018-10-08T21:16:27', 'version' => '9999.21' }, { 'date' => '2018-10-16T03:15:39', 'version' => '9999.22' }, { 'date' => '2018-10-20T20:06:53', 'version' => '9999.23' }, { 'date' => '2018-10-30T02:45:09', 'version' => '9999.24' }, { 'date' => '2018-11-16T16:11:34', 'version' => '9999.25' }, { 'date' => '2019-02-13T16:35:40', 'version' => '9999.26' }, { 'date' => '2019-04-05T13:28:05', 'version' => '9999.27' }, { 'date' => '2019-09-13T00:36:22', 'version' => '9999.28' }, { 'date' => '2019-11-27T20:40:47', 'version' => '9999.29' }, { 'date' => '2020-03-09T14:31:40', 'version' => '9999.30' }, { 'date' => '2020-06-28T22:33:21', 'version' => '9999.31' }, { 'date' => '2020-07-01T00:34:08', 'version' => '9999.32' } ] }, 'File-Temp' => { 'advisories' => [ { 'affected_versions' => '>0', 'cves' => [ 'CVE-2011-4116' ], 'description' => '_is_safe in the File::Temp module for Perl does not properly handle symlinks. ', 'distribution' => 'File-Temp', 'fixed_versions' => undef, 'id' => 'CPANSA-File-Temp-2011-4116', 'references' => [ 'http://www.openwall.com/lists/oss-security/2011/11/04/2', 'https://rt.cpan.org/Public/Bug/Display.html?id=69106', 'https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14', 'http://www.openwall.com/lists/oss-security/2011/11/04/4', 'https://seclists.org/oss-sec/2011/q4/238' ], 'reported' => '2020-01-31', 'severity' => 'high' } ], 'main_module' => 'File::Temp', 'versions' => [ { 'date' => '2000-03-14T20:15:55', 'version' => '0.05' }, { 'date' => '2000-04-28T04:48:55', 'version' => '0.07' }, { 'date' => '2000-05-16T01:10:28', 'version' => '0.08' }, { 'date' => '2000-07-26T20:30:30', 'version' => '0.09' }, { 'date' => '2000-12-12T21:04:53', 'version' => '0.11' }, { 'date' => '2001-02-23T00:37:44', 'version' => '0.12' }, { 'date' => '2003-08-16T04:06:11', 'version' => '0.13' }, { 'date' => '2003-08-17T04:42:50', 'version' => '0.14' }, { 'date' => '2005-02-22T05:40:33', 'version' => '0.15' }, { 'date' => '2005-02-22T21:42:47', 'version' => '0.16' }, { 'date' => '2006-08-18T22:40:10', 'version' => '0.17' }, { 'date' => '2007-01-22T00:18:40', 'version' => '0.18' }, { 'date' => '2007-11-20T08:28:08', 'version' => '0.19' }, { 'date' => '2007-12-21T00:46:29', 'version' => '0.20' }, { 'date' => '2008-11-14T01:30:09', 'version' => '0.21' }, { 'date' => '2009-06-29T07:41:24', 'version' => '0.22' }, { 'date' => '2013-02-07T17:03:45', 'version' => '0.22_90' }, { 'date' => '2013-03-14T21:57:42', 'version' => '0.23' }, { 'date' => '2013-04-11T15:31:13', 'version' => '0.2301' }, { 'date' => '2013-09-26T13:48:13', 'version' => '0.2302' }, { 'date' => '2013-10-09T13:59:01', 'version' => '0.2303' }, { 'date' => '2013-10-10T13:17:32', 'version' => '0.2304' }, { 'date' => '2018-04-19T12:01:34', 'version' => '0.2305' }, { 'date' => '2018-06-24T19:34:31', 'version' => '0.2306' }, { 'date' => '2018-06-24T19:41:28', 'version' => '0.2307' }, { 'date' => '2018-07-11T21:07:49', 'version' => '0.2308' }, { 'date' => '2019-01-06T20:32:53', 'version' => '0.2309' }, { 'date' => '2020-09-26T17:39:38', 'version' => '0.2310' }, { 'date' => '2020-10-03T04:04:55', 'version' => '0.2311' } ] }, 'Filesys-SmbClientParser' => { 'advisories' => [ { 'affected_versions' => '<=2.7', 'cves' => [ 'CVE-2008-3285' ], 'description' => 'The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters. ', 'distribution' => 'Filesys-SmbClientParser', 'fixed_versions' => undef, 'id' => 'CPANSA-Filesys-SmbClientParser-2008-3285', 'references' => [ 'http://www.securityfocus.com/bid/30290', 'http://secunia.com/advisories/31175', 'http://securityreason.com/securityalert/4027', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/43910', 'http://www.securityfocus.com/archive/1/494536/100/0/threaded' ], 'reported' => '2008-07-24', 'severity' => undef } ], 'main_module' => 'Filesys::SmbClientParser', 'versions' => [ { 'date' => '2000-11-19T21:10:38', 'version' => '0.01' }, { 'date' => '2000-11-20T19:41:09', 'version' => '0.2' }, { 'date' => '2001-01-12T00:31:50', 'version' => '0.3' }, { 'date' => '2001-04-15T22:37:14', 'version' => '1.2' }, { 'date' => '2001-04-19T17:38:19', 'version' => '1.3' }, { 'date' => '2001-05-30T08:04:44', 'version' => '1.4' }, { 'date' => '2002-01-25T12:18:47', 'version' => '2.0' }, { 'date' => '2002-04-19T21:56:09', 'version' => '2.1' }, { 'date' => '2002-08-09T11:24:20', 'version' => '2.2' }, { 'date' => '2002-08-13T14:55:48', 'version' => '2.3' }, { 'date' => '2002-11-08T23:57:07', 'version' => '2.4' }, { 'date' => '2002-11-12T18:59:33', 'version' => '2.5' }, { 'date' => '2004-01-28T23:06:58', 'version' => '2.6' }, { 'date' => '2004-04-14T21:56:02', 'version' => '2.7' } ] }, 'GBrowse' => { 'advisories' => [ { 'affected_versions' => '<2.56', 'cves' => [], 'description' => 'An attacker is able to delete other users\' accounts. No httponly cookie flag. Cross-site scripting vulnerability in generation of citation text. ', 'distribution' => 'GBrowse', 'fixed_versions' => '>=2.56', 'id' => 'CPANSA-GBrowse-2017-01', 'references' => [ 'https://metacpan.org/changes/distribution/GBrowse' ], 'reported' => '2017-01-15' }, { 'affected_versions' => '<1.62', 'cves' => [], 'description' => 'Cross-site scripting. ', 'distribution' => 'GBrowse', 'fixed_versions' => '>=1.62', 'id' => 'CPANSA-GBrowse-2004-01', 'references' => [ 'https://metacpan.org/changes/distribution/GBrowse' ], 'reported' => '2004-04-05' }, { 'affected_versions' => '<1.54', 'cves' => [], 'description' => 'Path traversal. ', 'distribution' => 'GBrowse', 'fixed_versions' => '>=1.54', 'id' => 'CPANSA-GBrowse-2003-01', 'references' => [ 'https://metacpan.org/changes/distribution/GBrowse' ], 'reported' => '2003-08-23' } ], 'main_module' => 'CGI::Toggle', 'versions' => [ { 'date' => '2008-12-29T15:38:27', 'version' => '1.981' }, { 'date' => '2008-12-29T17:21:12', 'version' => '1.982' }, { 'date' => '2009-01-06T07:42:56', 'version' => '1.983' }, { 'date' => '2009-01-06T09:17:54', 'version' => '1.984' }, { 'date' => '2009-01-10T12:37:42', 'version' => '1.985' }, { 'date' => '2009-01-12T16:58:20', 'version' => '1.986' }, { 'date' => '2009-01-22T19:49:50', 'version' => '1.987' }, { 'date' => '2009-01-30T00:12:57', 'version' => '1.988' }, { 'date' => '2009-03-10T19:24:17', 'version' => '1.989' }, { 'date' => '2009-04-03T19:29:22', 'version' => '1.99' }, { 'date' => '2009-05-04T05:30:31', 'version' => '1.991' }, { 'date' => '2009-05-05T23:40:00', 'version' => '1.992' }, { 'date' => '2009-05-07T14:11:11', 'version' => '1.993' }, { 'date' => '2009-05-30T22:07:17', 'version' => '1.994' }, { 'date' => '2009-06-08T21:27:08', 'version' => '1.995' }, { 'date' => '2009-07-06T14:12:57', 'version' => '1.996' }, { 'date' => '2009-07-30T16:40:54', 'version' => '1.997' }, { 'date' => '2009-08-19T19:19:44', 'version' => '1.9971' }, { 'date' => '2009-12-09T21:39:37', 'version' => '1.998' }, { 'date' => '2009-12-15T15:59:37', 'version' => '1.9982' }, { 'date' => '2009-12-18T19:25:25', 'version' => '1.9983' }, { 'date' => '2009-12-22T21:20:40', 'version' => '1.9984' }, { 'date' => '2009-12-23T21:56:31', 'version' => '1.999' }, { 'date' => '2010-01-28T02:58:41', 'version' => '2.00' }, { 'date' => '2010-02-09T18:13:33', 'version' => '2.01' }, { 'date' => '2010-03-10T05:56:50', 'version' => '2.02' }, { 'date' => '2010-03-25T16:06:21', 'version' => '2.03' }, { 'date' => '2010-04-18T21:44:27', 'version' => '2.04' }, { 'date' => '2010-05-13T03:30:32', 'version' => '2.05' }, { 'date' => '2010-05-13T21:17:05', 'version' => '2.06' }, { 'date' => '2010-05-17T14:49:41', 'version' => '2.07' }, { 'date' => '2010-05-21T02:52:47', 'version' => '2.08' }, { 'date' => '2010-06-10T20:17:32', 'version' => '2.09' }, { 'date' => '2010-06-15T14:20:30', 'version' => '2.10' }, { 'date' => '2010-06-30T19:15:37', 'version' => '2.11' }, { 'date' => '2010-06-30T19:30:03', 'version' => '2.12' }, { 'date' => '2010-07-05T20:17:39', 'version' => '2.13' }, { 'date' => '2010-08-27T15:06:04', 'version' => '2.14' }, { 'date' => '2010-09-13T22:17:44', 'version' => '2.15' }, { 'date' => '2010-11-01T16:24:01', 'version' => '2.16' }, { 'date' => '2010-11-18T17:08:57', 'version' => '2.17' }, { 'date' => '2011-01-18T22:35:59', 'version' => '2.20' }, { 'date' => '2011-01-22T17:17:34', 'version' => '2.21' }, { 'date' => '2011-01-26T14:31:35', 'version' => '2.22' }, { 'date' => '2011-01-30T20:03:25', 'version' => '2.23' }, { 'date' => '2011-01-31T17:19:08', 'version' => '2.24' }, { 'date' => '2011-02-02T18:53:40', 'version' => '2.25' }, { 'date' => '2011-02-04T18:51:54', 'version' => '2.26' }, { 'date' => '2011-04-10T21:07:42', 'version' => '2.27' }, { 'date' => '2011-04-10T21:32:05', 'version' => '2.28' }, { 'date' => '2011-05-02T16:12:11', 'version' => '2.29' }, { 'date' => '2011-05-03T12:17:18', 'version' => '2.30' }, { 'date' => '2011-05-03T15:50:21', 'version' => '2.31' }, { 'date' => '2011-05-04T18:47:51', 'version' => '2.32' }, { 'date' => '2011-05-07T03:27:32', 'version' => '2.33' }, { 'date' => '2011-06-01T15:19:47', 'version' => '2.34' }, { 'date' => '2011-06-03T13:41:28', 'version' => '2.35' }, { 'date' => '2011-06-04T14:58:14', 'version' => '2.36' }, { 'date' => '2011-06-06T21:24:59', 'version' => '2.37' }, { 'date' => '2011-06-09T16:00:48', 'version' => '2.38' }, { 'date' => '2011-06-29T17:45:00', 'version' => '2.39' }, { 'date' => '2011-09-30T16:56:29', 'version' => '2.40' }, { 'date' => '2011-10-07T13:31:48', 'version' => '2.41' }, { 'date' => '2011-10-12T19:33:22', 'version' => '2.42' }, { 'date' => '2011-10-24T16:43:23', 'version' => '2.43' }, { 'date' => '2011-12-08T23:09:26', 'version' => '2.44' }, { 'date' => '2012-01-03T21:35:41', 'version' => '2.45' }, { 'date' => '2012-02-10T17:28:20', 'version' => '2.46' }, { 'date' => '2012-02-16T12:40:04', 'version' => '2.47' }, { 'date' => '2012-02-24T21:06:10', 'version' => '2.48' }, { 'date' => '2012-04-17T23:48:26', 'version' => '2.49' }, { 'date' => '2012-09-04T16:22:21', 'version' => '2.50' }, { 'date' => '2012-09-18T03:01:31', 'version' => '2.51' }, { 'date' => '2012-09-26T02:54:36', 'version' => '2.52' }, { 'date' => '2012-12-10T11:23:34', 'version' => '2.53' }, { 'date' => '2012-12-11T15:49:03', 'version' => '2.54' }, { 'date' => '2013-07-10T14:51:25', 'version' => '2.55' }, { 'date' => '2017-01-15T21:29:11', 'version' => '2.56' } ] }, 'GD' => { 'advisories' => [ { 'affected_versions' => '<2.72', 'cves' => [ 'CVE-2019-6977' ], 'description' => 'gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. ', 'distribution' => 'GD', 'fixed_versions' => '>=2.72', 'id' => 'CPANSA-GD-2019-6977', 'references' => [ 'https://nvd.nist.gov/vuln/detail/CVE-2019-6977', 'https://bugs.php.net/bug.php?id=77270', 'http://php.net/ChangeLog-7.php', 'http://php.net/ChangeLog-5.php', 'http://www.securityfocus.com/bid/106731', 'https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html', 'https://www.debian.org/security/2019/dsa-4384', 'https://usn.ubuntu.com/3900-1/', 'https://security.netapp.com/advisory/ntap-20190315-0003/', 'https://security.gentoo.org/glsa/201903-18', 'http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html', 'http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html', 'http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html', 'https://www.exploit-db.com/exploits/46677/', 'https://access.redhat.com/errata/RHSA-2019:2519', 'https://access.redhat.com/errata/RHSA-2019:3299', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/' ], 'reported' => '2019-01-27', 'severity' => 'high' } ], 'main_module' => 'GD', 'versions' => [ { 'date' => '1996-05-17T08:12:00', 'version' => '1.00' }, { 'date' => '1996-07-17T10:16:00', 'version' => '1.01' }, { 'date' => '1996-09-07T16:53:00', 'version' => '1.10' }, { 'date' => '1996-09-09T10:37:00', 'version' => '1.11' }, { 'date' => '1996-09-10T12:04:00', 'version' => '1.12' }, { 'date' => '1996-09-11T07:27:00', 'version' => '1.13' }, { 'date' => '1996-09-12T16:11:00', 'version' => '1.14' }, { 'date' => '1997-11-19T21:13:00', 'version' => '1.15' }, { 'date' => '1997-12-19T14:26:00', 'version' => '1.16' }, { 'date' => '1998-01-16T13:34:00', 'version' => '1.17' }, { 'date' => '1998-01-26T08:44:00', 'version' => '1.18' }, { 'date' => '1998-03-08T16:43:26', 'version' => '1.18' }, { 'date' => '1999-01-31T17:52:34', 'version' => '1.18' }, { 'date' => '1999-04-26T20:35:55', 'version' => '1.19' }, { 'date' => '1999-06-02T13:44:43', 'version' => '1.19' }, { 'date' => '1999-08-31T03:38:46', 'version' => '1.20' }, { 'date' => '1999-08-31T14:55:24', 'version' => '1.21' }, { 'date' => '1999-09-30T21:46:47', 'version' => '1.22' }, { 'date' => '1999-11-11T14:26:14', 'version' => '1.23' }, { 'date' => '2000-02-15T19:54:37', 'version' => '1.24' }, { 'date' => '2000-02-22T15:20:41', 'version' => '1.25' }, { 'date' => '2000-03-18T23:21:50', 'version' => '1.26' }, { 'date' => '2000-03-22T19:41:56', 'version' => '1.27' }, { 'date' => '2000-06-23T12:15:51', 'version' => '1.28' }, { 'date' => '2000-06-23T18:26:31', 'version' => '1.29' }, { 'date' => '2000-07-07T02:42:47', 'version' => '1.30' }, { 'date' => '2000-11-10T16:00:09', 'version' => '1.32' }, { 'date' => '2001-04-05T04:42:53', 'version' => '1.33' }, { 'date' => '2001-09-26T05:19:41', 'version' => '1.31' }, { 'date' => '2001-12-06T22:57:11', 'version' => '1.35' }, { 'date' => '2001-12-17T19:13:23', 'version' => '1.36' }, { 'date' => '2001-12-19T21:34:33', 'version' => '1.37' }, { 'date' => '2002-01-04T15:33:18', 'version' => '1.38' }, { 'date' => '2002-06-12T02:09:05', 'version' => '1.39' }, { 'date' => '2002-06-19T12:11:07', 'version' => '1.40' }, { 'date' => '2002-07-22T07:33:14', 'version' => '1.41' }, { 'date' => '2002-08-09T16:31:00', 'version' => '2.00' }, { 'date' => '2002-08-09T16:39:49', 'version' => '2.01' }, { 'date' => '2002-10-14T13:07:59', 'version' => '2.02' }, { 'date' => '2002-11-01T15:46:28', 'version' => '2.04' }, { 'date' => '2002-11-05T00:55:52', 'version' => '2.041' }, { 'date' => '2002-11-25T01:35:10', 'version' => '2.05' }, { 'date' => '2003-01-08T16:49:15', 'version' => '2.06' }, { 'date' => '2003-04-24T05:06:33', 'version' => '2.07' }, { 'date' => '2003-10-06T23:04:15', 'version' => '2.10' }, { 'date' => '2003-10-07T22:33:21', 'version' => '2.11' }, { 'date' => '2004-02-06T14:33:56', 'version' => '2.12' }, { 'date' => '2004-07-22T20:32:01', 'version' => '2.15' }, { 'date' => '2004-07-27T00:47:05', 'version' => '2.16' }, { 'date' => '2004-11-10T19:15:39', 'version' => '2.17' }, { 'date' => '2004-11-12T15:19:40', 'version' => '2.18' }, { 'date' => '2004-11-16T13:36:22', 'version' => '2.19' }, { 'date' => '2005-02-09T18:50:44', 'version' => '2.21' }, { 'date' => '2005-03-07T18:09:39', 'version' => '2.22' }, { 'date' => '2005-03-09T21:04:40', 'version' => '2.23' }, { 'date' => '2005-07-15T18:47:39', 'version' => '2.25' }, { 'date' => '2005-08-04T13:34:01', 'version' => '2.26' }, { 'date' => '2005-08-06T14:52:27', 'version' => '2.27' }, { 'date' => '2005-08-08T17:28:37', 'version' => '2.28' }, { 'date' => '2005-10-19T05:44:52', 'version' => '2.29' }, { 'date' => '2005-10-19T07:51:48', 'version' => '2.30' }, { 'date' => '2006-02-20T19:48:20', 'version' => '2.31' }, { 'date' => '2006-03-08T20:19:06', 'version' => '2.32' }, { 'date' => '2006-06-01T20:02:57', 'version' => '2.34' }, { 'date' => '2006-08-23T15:31:17', 'version' => '2.35' }, { 'date' => '2008-04-21T14:15:26', 'version' => '2.39' }, { 'date' => '2008-08-07T18:48:46', 'version' => '2.40' }, { 'date' => '2008-08-07T19:17:19', 'version' => '2.41' }, { 'date' => '2009-06-10T14:44:33', 'version' => '2.43' }, { 'date' => '2009-07-10T18:12:58', 'version' => '2.44' }, { 'date' => '2010-04-30T18:52:21', 'version' => '2.45' }, { 'date' => '2011-05-01T17:47:22', 'version' => '2.46' }, { 'date' => '2013-02-26T10:54:32', 'version' => '2.48' }, { 'date' => '2013-02-26T11:04:16', 'version' => '2.49' }, { 'date' => '2013-07-02T20:48:59', 'version' => '2.50' }, { 'date' => '2014-02-04T16:53:54', 'version' => '2.51' }, { 'date' => '2014-02-19T04:29:23', 'version' => '2.52' }, { 'date' => '2014-04-01T14:26:31', 'version' => '2.53' }, { 'date' => '2014-10-27T02:29:14', 'version' => '2.55' }, { 'date' => '2014-10-28T01:35:39', 'version' => '2.56' }, { 'date' => '2017-04-19T14:45:56', 'version' => '2.56_01' }, { 'date' => '2017-04-19T14:56:35', 'version' => '2.56_02' }, { 'date' => '2017-04-19T15:19:33', 'version' => '2.56_03' }, { 'date' => '2017-04-21T06:22:54', 'version' => '2.57' }, { 'date' => '2017-04-21T08:38:24', 'version' => '2.58' }, { 'date' => '2017-04-21T10:35:21', 'version' => '2.59' }, { 'date' => '2017-04-21T22:11:18', 'version' => '2.60' }, { 'date' => '2017-04-22T15:52:15', 'version' => '2.61' }, { 'date' => '2017-04-22T22:27:02', 'version' => '2.62' }, { 'date' => '2017-04-23T08:23:06', 'version' => '2.63' }, { 'date' => '2017-04-23T09:03:18', 'version' => '2.64' }, { 'date' => '2017-04-23T10:36:23', 'version' => '2.65' }, { 'date' => '2017-04-23T13:08:08', 'version' => '2.66' }, { 'date' => '2017-11-15T08:33:16', 'version' => '2.67' }, { 'date' => '2018-02-18T19:56:41', 'version' => '2.68' }, { 'date' => '2018-08-26T15:40:02', 'version' => '2.69' }, { 'date' => '2019-01-10T12:57:08', 'version' => '2.70' }, { 'date' => '2019-02-12T11:53:42', 'version' => '2.71' }, { 'date' => '2020-07-18T06:02:50', 'version' => '2.72' }, { 'date' => '2020-09-24T13:01:57', 'version' => '2.73' }, { 'date' => '2022-01-23T15:34:48', 'version' => '2.74' }, { 'date' => '2022-01-25T16:54:22', 'version' => '2.75' }, { 'date' => '2022-02-01T14:50:45', 'version' => '2.76' }, { 'date' => '2023-05-29T07:10:47', 'version' => '2.77' }, { 'date' => '2023-07-04T09:13:52', 'version' => '2.78' } ] }, 'GPIB' => { 'advisories' => [ { 'affected_versions' => undef, 'cves' => [ 'CVE-2006-1565' ], 'description' => 'Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory. ', 'distribution' => 'GPIB', 'fixed_versions' => undef, 'id' => 'CPANSA-GPIB-2006-1565', 'references' => [ 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359239', 'http://www.securityfocus.com/bid/17288', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/25681' ], 'reported' => '2006-03-31', 'severity' => undef } ], 'main_module' => 'GPIB', 'versions' => [ { 'date' => '2002-01-02T03:13:38', 'version' => '0_30' } ] }, 'Galileo' => { 'advisories' => [ { 'affected_versions' => '<0.043', 'cves' => [ 'CVE-2019-7410' ], 'description' => 'There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). ', 'distribution' => 'Galileo', 'fixed_versions' => '>=0.043', 'id' => 'CPANSA-Galileo-2019-7410', 'references' => [ 'https://metamorfosec.com/Files/Commits/METC-2020-002-Escape_banner_in_Galileo_CMS_v0.042.txt', 'https://metacpan.org/changes/distribution/Galileo', 'https://github.com/jberger/Galileo/pull/55/files', 'https://metamorfosec.com/Files/Advisories/METS-2020-002-A_Stored_XSS_Vulnerability_in_Galileo_CMS_v0.042.txt' ], 'reported' => '2020-08-14', 'severity' => 'medium' } ], 'main_module' => 'Galileo', 'versions' => [ { 'date' => '2012-07-30T17:03:42', 'version' => '0.001' }, { 'date' => '2012-07-30T17:38:19', 'version' => '0.002' }, { 'date' => '2012-07-30T20:36:06', 'version' => '0.003' }, { 'date' => '2012-07-31T15:41:59', 'version' => '0.004' }, { 'date' => '2012-08-06T21:26:17', 'version' => '0.005' }, { 'date' => '2012-08-09T20:39:14', 'version' => '0.006' }, { 'date' => '2012-09-10T17:57:20', 'version' => '0.007' }, { 'date' => '2012-10-27T17:40:15', 'version' => '0.008' }, { 'date' => '2012-10-28T18:03:00', 'version' => '0.009' }, { 'date' => '2012-10-28T18:10:15', 'version' => '0.01' }, { 'date' => '2012-10-31T22:10:19', 'version' => '0.011' }, { 'date' => '2013-01-15T15:10:42', 'version' => '0.012' }, { 'date' => '2013-01-15T21:07:00', 'version' => '0.013' }, { 'date' => '2013-01-16T21:37:32', 'version' => '0.014' }, { 'date' => '2013-01-19T03:59:45', 'version' => '0.015' }, { 'date' => '2013-01-26T21:28:59', 'version' => '0.016' }, { 'date' => '2013-02-05T03:32:32', 'version' => '0.017' }, { 'date' => '2013-02-06T02:47:47', 'version' => '0.018' }, { 'date' => '2013-02-06T03:09:27', 'version' => '0.019' }, { 'date' => '2013-02-11T23:33:00', 'version' => '0.020' }, { 'date' => '2013-02-17T01:24:51', 'version' => '0.021' }, { 'date' => '2013-02-17T02:44:14', 'version' => '0.022' }, { 'date' => '2013-03-04T18:25:01', 'version' => '0.023' }, { 'date' => '2013-03-12T15:24:22', 'version' => '0.024' }, { 'date' => '2013-03-12T18:48:22', 'version' => '0.025' }, { 'date' => '2013-03-15T15:18:18', 'version' => '0.026' }, { 'date' => '2013-04-03T20:04:15', 'version' => '0.027' }, { 'date' => '2013-05-14T15:59:46', 'version' => '0.028' }, { 'date' => '2013-06-29T03:30:18', 'version' => '0.029' }, { 'date' => '2013-08-27T03:43:39', 'version' => '0.030' }, { 'date' => '2013-11-28T18:36:10', 'version' => '0.031' }, { 'date' => '2014-04-06T16:17:22', 'version' => '0.032' }, { 'date' => '2014-05-10T19:38:50', 'version' => '0.033' }, { 'date' => '2014-05-31T13:06:42', 'version' => '0.034' }, { 'date' => '2014-08-16T22:10:46', 'version' => '0.035' }, { 'date' => '2014-08-31T15:31:15', 'version' => '0.036' }, { 'date' => '2014-10-14T04:03:53', 'version' => '0.037' }, { 'date' => '2015-01-25T18:08:54', 'version' => '0.038' }, { 'date' => '2015-09-28T18:25:31', 'version' => '0.039' }, { 'date' => '2016-01-07T16:33:46', 'version' => '0.040' }, { 'date' => '2016-08-13T18:15:17', 'version' => '0.041' }, { 'date' => '2017-03-16T03:14:04', 'version' => '0.042' }, { 'date' => '2020-08-06T16:26:58', 'version' => '0.043' } ] }, 'GitLab-API-v4' => { 'advisories' => [ { 'affected_versions' => '>=0.26', 'cves' => [ 'CVE-2023-31485' ], 'description' => 'GitLab::API::v4 is missing the verify_SSL=>1 flag in HTTP::Tiny, allowing a network attacker to MITM connections to the GitLab server. ', 'distribution' => 'GitLab-API-v4', 'fixed_versions' => undef, 'id' => 'CPANSA-GitLab-API-v4-2023-31485', 'references' => [ 'https://github.com/bluefeet/GitLab-API-v4/pull/57', 'https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/', 'https://www.openwall.com/lists/oss-security/2023/04/18/14', 'https://github.com/chansen/p5-http-tiny/pull/151' ], 'reported' => '2023-02-28' } ], 'main_module' => 'GitLab::API::v4', 'versions' => [ { 'date' => '2017-12-11T18:40:52', 'version' => '0.01' }, { 'date' => '2017-12-16T00:11:18', 'version' => '0.02' }, { 'date' => '2018-01-12T21:26:23', 'version' => '0.03' }, { 'date' => '2018-02-03T23:15:40', 'version' => '0.04' }, { 'date' => '2018-03-06T18:26:52', 'version' => '0.05' }, { 'date' => '2018-04-09T20:06:01', 'version' => '0.06' }, { 'date' => '2018-05-10T21:33:05', 'version' => '0.07' }, { 'date' => '2018-05-14T17:33:39', 'version' => '0.08' }, { 'date' => '2018-05-29T04:48:13', 'version' => '0.09' }, { 'date' => '2018-06-06T06:47:41', 'version' => '0.10' }, { 'date' => '2018-09-02T05:24:51', 'version' => '0.11' }, { 'date' => '2018-09-12T01:04:05', 'version' => '0.12' }, { 'date' => '2018-11-08T13:44:56', 'version' => '0.13' }, { 'date' => '2018-12-04T20:39:42', 'version' => '0.14' }, { 'date' => '2019-01-09T18:13:46', 'version' => '0.15' }, { 'date' => '2019-02-18T06:21:38', 'version' => '0.16' }, { 'date' => '2019-02-20T22:49:13', 'version' => '0.17' }, { 'date' => '2019-04-01T04:36:27', 'version' => '0.18' }, { 'date' => '2019-05-17T20:41:31', 'version' => '0.19' }, { 'date' => '2019-07-23T21:42:57', 'version' => '0.20' }, { 'date' => '2019-08-24T18:56:25', 'version' => '0.21' }, { 'date' => '2019-09-13T15:03:00', 'version' => '0.22' }, { 'date' => '2019-10-18T19:55:54', 'version' => '0.23' }, { 'date' => '2020-02-12T22:10:58', 'version' => '0.24' }, { 'date' => '2020-02-12T22:21:40', 'version' => '0.25' }, { 'date' => '2021-01-30T07:11:26', 'version' => '0.26' }, { 'date' => '2023-06-07T20:51:14', 'version' => '0.27' } ] }, 'Graphics-ColorNames' => { 'advisories' => [ { 'affected_versions' => '>=2.0_01,<=3.1.2', 'cves' => [], 'description' => 'A specially-named file may lead to HTML injection attacks. ', 'distribution' => 'Graphics-ColorNames', 'fixed_versions' => '>3.1.2', 'id' => 'CPANSA-Graphics-ColorNames-2010-02', 'references' => [ 'https://metacpan.org/changes/distribution/Graphics-ColorNames', 'https://rt.cpan.org/Public/Bug/Display.html?id=54500' ], 'reported' => '2010-02-11' } ], 'main_module' => 'Graphics::ColorNames', 'versions' => [ { 'date' => '2001-02-20T03:47:48', 'version' => '0.10' }, { 'date' => '2001-04-12T02:32:22', 'version' => '0.20' }, { 'date' => '2001-04-13T04:37:27', 'version' => '0.21' }, { 'date' => '2001-04-15T14:26:41', 'version' => '0.22' }, { 'date' => '2001-04-18T03:13:51', 'version' => '0.23' }, { 'date' => '2001-04-28T16:09:48', 'version' => '0.24' }, { 'date' => '2001-10-05T02:42:20', 'version' => '0.30' }, { 'date' => '2002-10-24T01:17:51', 'version' => '0.31' }, { 'date' => '2002-12-05T03:07:24', 'version' => '0.32' }, { 'date' => '2004-07-22T00:41:35', 'version' => '0.3901' }, { 'date' => '2004-07-22T20:01:47', 'version' => '0.39_02' }, { 'date' => '2004-07-23T01:52:58', 'version' => '0.39_03' }, { 'date' => '2004-07-26T06:36:47', 'version' => '0.39_04' }, { 'date' => '2004-08-01T01:21:33', 'version' => '1.00' }, { 'date' => '2004-08-18T20:32:07', 'version' => '1.01' }, { 'date' => '2004-08-24T15:53:20', 'version' => '1.02' }, { 'date' => '2004-08-26T21:51:46', 'version' => '1.03' }, { 'date' => '2004-09-03T06:56:23', 'version' => '1.04' }, { 'date' => '2004-09-03T07:00:16', 'version' => '1.05' }, { 'date' => '2005-03-29T23:06:41', 'version' => '1.06' }, { 'date' => '2005-04-04T15:17:24', 'version' => '2.0_01' }, { 'date' => '2005-04-07T16:08:52', 'version' => '2.0_02' }, { 'date' => '2005-04-08T16:48:24', 'version' => '2.0_03' }, { 'date' => '2006-10-24T13:58:29', 'version' => '2.0_04' }, { 'date' => '2007-12-16T15:33:27', 'version' => '2.01' }, { 'date' => '2007-12-16T16:04:00', 'version' => '2.02' }, { 'date' => '2007-12-17T12:49:37', 'version' => '2.03' }, { 'date' => '2007-12-17T20:01:53', 'version' => '2.04' }, { 'date' => '2007-12-20T16:01:35', 'version' => '2.10_01' }, { 'date' => '2008-01-04T15:55:53', 'version' => '2.10_02' }, { 'date' => '2008-01-05T13:14:32', 'version' => '2.10_03' }, { 'date' => '2008-01-06T21:52:18', 'version' => '2.10_04' }, { 'date' => '2008-01-08T16:20:38', 'version' => '2.10_05' }, { 'date' => '2008-01-10T21:43:53', 'version' => '2.11' }, { 'date' => '2018-09-27T23:02:17', 'version' => 'v3.0.0' }, { 'date' => '2018-09-28T12:40:06', 'version' => 'v3.0.1' }, { 'date' => '2018-09-28T16:56:39', 'version' => 'v3.0.2' }, { 'date' => '2018-09-30T12:37:45', 'version' => 'v3.1.0' }, { 'date' => '2018-10-01T16:51:16', 'version' => 'v3.1.1' }, { 'date' => '2018-10-01T22:15:39', 'version' => 'v3.1.2' }, { 'date' => '2018-10-03T23:36:26', 'version' => 'v3.2.0' }, { 'date' => '2018-10-06T10:00:38', 'version' => 'v3.2.1' }, { 'date' => '2018-10-23T20:30:22', 'version' => 'v3.3.0' }, { 'date' => '2018-10-24T15:03:58', 'version' => 'v3.3.1' }, { 'date' => '2018-10-27T16:33:30', 'version' => 'v3.3.2' }, { 'date' => '2018-10-27T18:31:44', 'version' => 'v3.3.3' }, { 'date' => '2018-11-11T15:13:51', 'version' => 'v3.3.4' }, { 'date' => '2018-11-18T19:13:42', 'version' => 'v3.4.0' }, { 'date' => '2019-06-06T20:30:43', 'version' => 'v3.5.0' } ] }, 'HTML-EP' => { 'advisories' => [ { 'affected_versions' => '>=0.2011', 'cves' => [ 'CVE-2012-6142' ], 'description' => 'HTML::EP::Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. ', 'distribution' => 'HTML-EP', 'fixed_versions' => undef, 'id' => 'CPANSA-HTML-EP-2012-6142', 'references' => [ 'http://www.securityfocus.com/bid/59833', 'http://seclists.org/oss-sec/2013/q2/318', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/84199' ], 'reported' => '2014-06-04', 'severity' => undef } ], 'main_module' => 'HTML::EP', 'versions' => [ { 'date' => '1998-06-24T20:39:44', 'version' => '0.1000' }, { 'date' => '1998-06-26T12:21:47', 'version' => '0.1002' }, { 'date' => '1998-07-17T21:28:11', 'version' => '0.1005' }, { 'date' => '1998-07-18T16:05:32', 'version' => '0.1006' }, { 'date' => '1998-07-24T20:40:11', 'version' => '0.1100' }, { 'date' => '1998-09-12T20:26:57', 'version' => '0.1106' }, { 'date' => '1998-09-14T00:09:23', 'version' => '0.1107' }, { 'date' => '1998-09-18T01:41:54', 'version' => '0.1108' }, { 'date' => '1998-10-06T09:42:57', 'version' => '0.1109' }, { 'date' => '1998-10-13T16:57:33', 'version' => '0.1111' }, { 'date' => '1998-10-15T19:02:15', 'version' => '0.1112' }, { 'date' => '1998-10-21T21:58:15', 'version' => '0.1113' }, { 'date' => '1998-11-06T20:01:59', 'version' => '0.1116' }, { 'date' => '1998-11-29T18:25:07', 'version' => '0.1117' }, { 'date' => '1998-12-03T17:11:04', 'version' => '0.1118' }, { 'date' => '1999-01-26T02:07:08', 'version' => '0.1123' }, { 'date' => '1999-02-01T00:08:19', 'version' => '0.1124' }, { 'date' => '1999-02-07T20:07:50', 'version' => '0.1125' }, { 'date' => '1999-02-13T12:36:36', 'version' => '0.1126' }, { 'date' => '1999-02-23T18:47:31', 'version' => '0.1127' }, { 'date' => '1999-02-26T18:27:47', 'version' => '0.1128' }, { 'date' => '1999-05-04T22:59:11', 'version' => '0.1130' }, { 'date' => '1999-08-26T15:05:04', 'version' => '0.11321' }, { 'date' => '1999-08-27T11:29:51', 'version' => '0.1133' }, { 'date' => '1999-08-31T11:04:44', 'version' => '0.1134' }, { 'date' => '1999-09-21T10:22:21', 'version' => '0.1135' }, { 'date' => '1999-09-26T13:27:28', 'version' => '0.20_00' }, { 'date' => '1999-09-27T10:28:51', 'version' => '0.20_01' }, { 'date' => '1999-11-05T11:38:40', 'version' => '0.2003' }, { 'date' => '1999-11-08T15:38:12', 'version' => '0.2004' }, { 'date' => '1999-11-08T18:18:11', 'version' => '0.2005' }, { 'date' => '1999-11-17T12:28:55', 'version' => '0.2006' }, { 'date' => '1999-11-17T17:23:52', 'version' => '0.2007' }, { 'date' => '1999-11-25T10:15:38', 'version' => '0.2008' }, { 'date' => '1999-12-07T20:43:46', 'version' => '0.2009' }, { 'date' => '1999-12-15T22:41:39', 'version' => '0.2010' }, { 'date' => '2001-01-05T13:26:37', 'version' => '0.2011' }, { 'date' => '2001-01-05T13:27:07', 'version' => 0 } ] }, 'HTML-Parser' => { 'advisories' => [ { 'affected_versions' => '<3.63', 'cves' => [ 'CVE-2009-3627' ], 'description' => 'The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character. ', 'distribution' => 'HTML-Parser', 'fixed_versions' => undef, 'id' => 'CPANSA-HTML-Parser-2009-3627', 'references' => [ 'https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225', 'http://www.openwall.com/lists/oss-security/2009/10/23/9', 'http://secunia.com/advisories/37155', 'http://www.securityfocus.com/bid/36807', 'https://bugzilla.redhat.com/show_bug.cgi?id=530604', 'http://www.vupen.com/english/advisories/2009/3022', 'http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/53941' ], 'reported' => '2009-10-29', 'severity' => undef } ], 'main_module' => 'HTML::Parser', 'versions' => [ { 'date' => '1998-03-31T22:25:05', 'version' => '2.14' }, { 'date' => '1998-04-02T11:40:38', 'version' => '2.16' }, { 'date' => '1998-04-28T08:35:12', 'version' => '2.17' }, { 'date' => '1998-06-22T19:45:24', 'version' => '2.18' }, { 'date' => '1998-07-06T23:12:33', 'version' => '2.19' }, { 'date' => '1998-07-08T13:05:04', 'version' => '2.20' }, { 'date' => '1998-11-13T21:48:08', 'version' => '2.21' }, { 'date' => '1999-06-09T10:34:35', 'version' => '2.23' }, { 'date' => '1999-11-03T07:10:32', 'version' => '2.24' }, { 'date' => '1999-11-05T09:46:11', 'version' => '2.25' }, { 'date' => '1999-12-14T23:01:49', 'version' => '3.00' }, { 'date' => '1999-12-19T07:07:38', 'version' => '3.01' }, { 'date' => '1999-12-21T09:55:56', 'version' => '3.02' }, { 'date' => '2000-01-15T16:25:39', 'version' => '3.04' }, { 'date' => '2000-01-22T16:14:25', 'version' => '3.05' }, { 'date' => '2000-03-06T14:00:15', 'version' => '3.06' }, { 'date' => '2000-03-20T12:47:48', 'version' => '3.07' }, { 'date' => '2000-05-23T10:59:19', 'version' => '3.08' }, { 'date' => '2000-06-28T08:49:09', 'version' => '3.09' }, { 'date' => '2000-06-29T07:52:47', 'version' => '3.10' }, { 'date' => '2000-08-22T10:04:28', 'version' => '3.11' }, { 'date' => '2000-09-14T18:22:47', 'version' => '3.12' }, { 'date' => '2000-09-17T01:55:45', 'version' => '3.13' }, { 'date' => '2000-12-04T06:05:39', 'version' => '3.14' }, { 'date' => '2000-12-26T09:04:53', 'version' => '3.15' }, { 'date' => '2001-02-23T07:21:20', 'version' => '3.16' }, { 'date' => '2001-02-24T06:32:38', 'version' => '3.17' }, { 'date' => '2001-02-25T04:51:50', 'version' => '3.18' }, { 'date' => '2001-03-10T04:32:27', 'version' => '3.19' }, { 'date' => '2001-03-13T19:44:52', 'version' => '3.19_90' }, { 'date' => '2001-03-16T02:29:32', 'version' => '3.19' }, { 'date' => '2001-03-19T19:26:50', 'version' => '3.19_91' }, { 'date' => '2001-03-26T15:37:39', 'version' => '3.19_92' }, { 'date' => '2001-03-27T19:44:20', 'version' => '3.19_93' }, { 'date' => '2001-03-30T08:24:11', 'version' => '3.19_94' }, { 'date' => '2001-04-03T00:18:14', 'version' => '3.20' }, { 'date' => '2001-04-10T22:34:03', 'version' => '3.21' }, { 'date' => '2001-04-18T05:31:23', 'version' => '3.22' }, { 'date' => '2001-05-02T04:18:51', 'version' => '3.23' }, { 'date' => '2001-05-05T06:18:21', 'version' => '3.23' }, { 'date' => '2001-05-09T07:23:34', 'version' => '3.24' }, { 'date' => '2001-05-11T17:26:39', 'version' => '3.25' }, { 'date' => '2001-06-12T08:35:06', 'version' => '3.25' }, { 'date' => '2002-03-17T20:11:55', 'version' => '3.26' }, { 'date' => '2003-01-18T13:08:01', 'version' => '3.27' }, { 'date' => '2003-04-17T03:56:32', 'version' => '3.28' }, { 'date' => '2003-08-15T06:11:17', 'version' => '3.29' }, { 'date' => '2003-08-18T05:48:21', 'version' => '3.30' }, { 'date' => '2003-08-19T14:56:07', 'version' => '3.31' }, { 'date' => '2003-10-10T14:31:48', 'version' => '3.32' }, { 'date' => '2003-10-14T10:53:29', 'version' => '3.33' }, { 'date' => '2003-10-27T21:23:09', 'version' => '3.34' }, { 'date' => '2003-12-12T14:27:23', 'version' => '3.35' }, { 'date' => '2004-04-01T12:21:44', 'version' => '3.36' }, { 'date' => '2004-11-10T18:56:54', 'version' => '3.37' }, { 'date' => '2004-11-11T10:19:56', 'version' => '3.38' }, { 'date' => '2004-11-17T14:33:49', 'version' => '3.39_90' }, { 'date' => '2004-11-23T11:46:30', 'version' => '3.39_91' }, { 'date' => '2004-11-23T22:25:21', 'version' => '3.39_92' }, { 'date' => '2004-11-29T11:14:34', 'version' => '3.40' }, { 'date' => '2004-11-30T09:30:56', 'version' => '3.41' }, { 'date' => '2004-12-04T11:54:54', 'version' => '3.42' }, { 'date' => '2004-12-06T09:19:28', 'version' => '3.43' }, { 'date' => '2004-12-28T14:07:28', 'version' => '3.44' }, { 'date' => '2005-01-06T09:09:45', 'version' => '3.45' }, { 'date' => '2005-10-24T12:34:04', 'version' => '3.46' }, { 'date' => '2005-11-22T21:50:09', 'version' => '3.47' }, { 'date' => '2005-12-02T17:41:00', 'version' => '3.48' }, { 'date' => '2006-02-08T10:58:39', 'version' => '3.49' }, { 'date' => '2006-02-14T18:32:51', 'version' => '3.50' }, { 'date' => '2006-03-22T09:26:15', 'version' => '3.51' }, { 'date' => '2006-04-26T08:43:13', 'version' => '3.52' }, { 'date' => '2006-04-27T11:55:34', 'version' => '3.53' }, { 'date' => '2006-04-28T08:21:04', 'version' => '3.54' }, { 'date' => '2006-07-10T09:16:22', 'version' => '3.55' }, { 'date' => '2007-01-12T11:00:07', 'version' => '3.56' }, { 'date' => '2008-11-16T21:45:07', 'version' => '3.57' }, { 'date' => '2008-11-17T11:35:37', 'version' => '3.58' }, { 'date' => '2008-11-24T09:15:09', 'version' => '3.59' }, { 'date' => '2009-02-09T11:26:08', 'version' => '3.60' }, { 'date' => '2009-06-20T09:34:17', 'version' => '3.61' }, { 'date' => '2009-08-13T21:01:27', 'version' => '3.62' }, { 'date' => '2009-10-22T20:11:52', 'version' => '3.63' }, { 'date' => '2009-10-25T12:24:11', 'version' => '3.64' }, { 'date' => '2010-04-04T20:44:00', 'version' => '3.65' }, { 'date' => '2010-07-09T13:27:13', 'version' => '3.66' }, { 'date' => '2010-08-17T17:15:19', 'version' => '3.67' }, { 'date' => '2010-09-01T21:28:52', 'version' => '3.68' }, { 'date' => '2011-10-15T15:35:01', 'version' => '3.69' }, { 'date' => '2013-03-28T22:21:30', 'version' => '3.70' }, { 'date' => '2013-05-08T22:23:29', 'version' => '3.71' }, { 'date' => '2016-01-19T17:44:02', 'version' => '3.72' }, { 'date' => '2020-08-25T17:40:17', 'version' => '3.73' }, { 'date' => '2020-08-30T18:40:48', 'version' => '3.74' }, { 'date' => '2020-08-30T19:58:22', 'version' => '3.75' }, { 'date' => '2021-03-04T18:06:59', 'version' => '3.76' }, { 'date' => '2022-03-14T22:12:49', 'version' => '3.77' }, { 'date' => '2022-03-28T15:23:23', 'version' => '3.78' }, { 'date' => '2022-10-12T15:41:58', 'version' => '3.79' }, { 'date' => '2022-11-01T14:19:26', 'version' => '3.80' }, { 'date' => '2023-01-31T03:13:18', 'version' => '3.81' } ] }, 'HTML-Perlinfo' => { 'advisories' => [ { 'affected_versions' => '<1.52', 'cves' => [], 'description' => 'Possibility of denial-of-service attack. ', 'distribution' => 'HTML-Perlinfo', 'fixed_versions' => '>=1.52', 'id' => 'CPANSA-HTML-Perlinfo-2008-01', 'references' => [ 'https://metacpan.org/changes/release/ACCARDO/HTML-Perlinfo-1.52' ], 'reported' => '2008-07-04' } ], 'main_module' => 'HTML::Perlinfo', 'versions' => [ { 'date' => '2005-08-18T21:39:08', 'version' => '1.00' }, { 'date' => '2005-09-19T20:41:07', 'version' => '1.05' }, { 'date' => '2006-01-14T05:25:20', 'version' => '1.25' }, { 'date' => '2006-08-13T03:42:36', 'version' => '1.40' }, { 'date' => '2006-08-13T09:29:45', 'version' => '1.41' }, { 'date' => '2006-08-15T01:04:34', 'version' => '1.42' }, { 'date' => '2006-08-25T07:51:28', 'version' => '1.43' }, { 'date' => '2006-09-10T23:20:13', 'version' => '1.44' }, { 'date' => '2006-09-24T02:22:48', 'version' => '1.45' }, { 'date' => '2006-09-27T20:08:12', 'version' => '1.46' }, { 'date' => '2006-10-02T19:30:30', 'version' => '1.47' }, { 'date' => '2008-03-16T03:15:04', 'version' => '1.48' }, { 'date' => '2008-04-26T04:17:07', 'version' => '1.49' }, { 'date' => '2008-04-30T20:44:40', 'version' => '1.50' }, { 'date' => '2008-06-08T21:07:29', 'version' => '1.51' }, { 'date' => '2008-07-03T23:57:26', 'version' => '1.52' }, { 'date' => '2008-07-21T22:24:22', 'version' => '1.53' }, { 'date' => '2008-07-27T23:52:36', 'version' => '1.54' }, { 'date' => '2009-04-08T01:09:54', 'version' => '1.55' }, { 'date' => '2009-04-08T19:06:59', 'version' => '1.56' }, { 'date' => '2009-04-16T15:57:34', 'version' => '1.57' }, { 'date' => '2009-04-17T02:41:48', 'version' => '1.58' }, { 'date' => '2009-04-22T03:29:45', 'version' => '1.59' }, { 'date' => '2009-05-02T20:48:38', 'version' => '1.60' }, { 'date' => '2009-05-02T22:21:42', 'version' => '1.60' }, { 'date' => '2009-05-03T23:02:35', 'version' => '1.61' }, { 'date' => '2011-06-13T19:28:39', 'version' => '1.62' }, { 'date' => '2014-08-19T21:37:30', 'version' => '1.63' }, { 'date' => '2014-08-19T22:29:15', 'version' => '1.64' }, { 'date' => '2015-06-06T23:25:41', 'version' => '1.65' }, { 'date' => '2015-06-08T18:20:03', 'version' => '1.66' }, { 'date' => '2015-06-08T20:22:33', 'version' => '1.67' }, { 'date' => '2015-06-12T02:03:18', 'version' => '1.68' }, { 'date' => '2016-11-29T19:21:00', 'version' => '1.69' }, { 'date' => '2019-06-24T15:33:44', 'version' => '1.70' }, { 'date' => '2019-06-25T02:15:30', 'version' => '1.71' }, { 'date' => '2019-07-02T19:22:14', 'version' => '1.72' }, { 'date' => '2019-07-02T20:41:23', 'version' => '1.73' } ] }, 'HTML-Scrubber' => { 'advisories' => [ { 'affected_versions' => '<0.15', 'cves' => [ 'CVE-2015-5667' ], 'description' => 'Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment. ', 'distribution' => 'HTML-Scrubber', 'fixed_versions' => '>=0.15', 'id' => 'CPANSA-HTML-Scrubber-2015-5667', 'references' => [ 'http://jvn.jp/en/jp/JVN53973084/index.html', 'http://jvndb.jvn.jp/jvndb/JVNDB-2015-000171', 'https://metacpan.org/release/HTML-Scrubber', 'http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172997.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172983.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172934.html' ], 'reported' => '2015-10-31', 'severity' => undef } ], 'main_module' => 'HTML::Scrubber', 'versions' => [ { 'date' => '2003-04-18T14:10:19', 'version' => '0.02' }, { 'date' => '2003-07-21T14:57:02', 'version' => '0.03' }, { 'date' => '2003-10-30T02:31:36', 'version' => '0.04' }, { 'date' => '2003-10-31T07:27:00', 'version' => '0.05' }, { 'date' => '2003-11-02T11:10:49', 'version' => '0.06' }, { 'date' => '2004-03-18T14:35:12', 'version' => '0.07' }, { 'date' => '2004-04-01T22:12:20', 'version' => '0.08' }, { 'date' => '2011-04-01T15:36:18', 'version' => '0.09' }, { 'date' => '2013-09-27T14:06:41', 'version' => '0.10' }, { 'date' => '2013-10-11T14:13:11', 'version' => '0.11' }, { 'date' => '2015-03-14T18:25:35', 'version' => '0.12' }, { 'date' => '2015-03-19T16:31:12', 'version' => '0.13' }, { 'date' => '2015-04-02T16:20:48', 'version' => '0.14' }, { 'date' => '2015-10-10T14:02:08', 'version' => '0.15' }, { 'date' => '2017-06-25T19:31:24', 'version' => '0.16' }, { 'date' => '2017-06-27T13:04:46', 'version' => '0.17' }, { 'date' => '2019-09-22T11:11:50', 'version' => '0.18' }, { 'date' => '2019-09-24T12:28:19', 'version' => '0.19' } ] }, 'HTML-StripScripts' => { 'advisories' => [ { 'affected_versions' => '<=1.06', 'cves' => [ 'CVE-2023-24038' ], 'description' => 'The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. ', 'distribution' => 'HTML-StripScripts', 'fixed_versions' => undef, 'id' => 'CPANSA-HTML-StripScripts-2023-24038', 'references' => [ 'https://github.com/clintongormley/perl-html-stripscripts/issues/3', 'https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html', 'https://www.debian.org/security/2023/dsa-5339' ], 'reported' => '2023-01-21', 'severity' => 'high' } ], 'main_module' => 'HTML::StripScripts', 'versions' => [ { 'date' => '2003-03-30T10:08:51', 'version' => '0.01' }, { 'date' => '2003-07-25T18:13:42', 'version' => '0.02' }, { 'date' => '2004-04-27T16:45:34', 'version' => '0.03' }, { 'date' => '2007-05-28T11:57:07', 'version' => '0.90' }, { 'date' => '2007-05-28T12:31:03', 'version' => '0.99' }, { 'date' => '2007-05-29T13:15:46', 'version' => '0.991' }, { 'date' => '2007-06-05T12:44:56', 'version' => '1.00' }, { 'date' => '2007-10-22T14:30:52', 'version' => '1.01' }, { 'date' => '2007-10-22T15:47:44', 'version' => '1.02' }, { 'date' => '2007-10-22T17:21:36', 'version' => '1.03' }, { 'date' => '2007-11-16T17:53:46', 'version' => '1.04' }, { 'date' => '2009-11-05T10:25:59', 'version' => '1.05' }, { 'date' => '2016-05-12T09:44:35', 'version' => '1.06' } ] }, 'HTML-Template-Pro' => { 'advisories' => [ { 'affected_versions' => '<0.9507', 'cves' => [ 'CVE-2011-4616' ], 'description' => 'Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters. ', 'distribution' => 'HTML-Template-Pro', 'fixed_versions' => '>=0.9507', 'id' => 'CPANSA-HTML-Template-Pro-2011-4616', 'references' => [ 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652587', 'http://openwall.com/lists/oss-security/2011/12/19/1', 'http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507', 'http://secunia.com/advisories/47184', 'http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes', 'http://www.securityfocus.com/bid/51117', 'http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089603.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089889.html', 'http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089888.html' ], 'reported' => '2012-01-06', 'severity' => undef } ], 'main_module' => 'HTML::Template::Pro', 'versions' => [ { 'date' => '2005-06-09T11:07:59', 'version' => '0.38' }, { 'date' => '2005-06-22T09:55:37', 'version' => '0.39' }, { 'date' => '2005-07-07T09:11:59', 'version' => '0.40' }, { 'date' => '2005-07-26T16:58:29', 'version' => '0.41' }, { 'date' => '2005-08-04T15:58:27', 'version' => '0.42' }, { 'date' => '2005-08-04T17:36:21', 'version' => '0.43' }, { 'date' => '2005-08-12T16:32:44', 'version' => '0.44' }, { 'date' => '2005-08-19T19:10:08', 'version' => '0.45' }, { 'date' => '2005-08-26T18:24:23', 'version' => '0.46' }, { 'date' => '2005-08-31T17:43:09', 'version' => '0.48' }, { 'date' => '2005-09-08T17:43:14', 'version' => '0.50' }, { 'date' => '2005-09-30T15:59:34', 'version' => '0.52' }, { 'date' => '2005-10-06T17:14:51', 'version' => '0.53' }, { 'date' => '2005-10-17T13:37:05', 'version' => '0.54' }, { 'date' => '2005-10-26T12:18:18', 'version' => '0.55' }, { 'date' => '2005-11-03T16:46:06', 'version' => '0.56' }, { 'date' => '2005-11-13T16:12:39', 'version' => '0.57' }, { 'date' => '2005-12-02T08:10:18', 'version' => '0.58' }, { 'date' => '2006-01-22T20:07:54', 'version' => '0.59' }, { 'date' => '2006-02-02T16:32:55', 'version' => '0.60' }, { 'date' => '2006-02-06T20:45:02', 'version' => '0.61' }, { 'date' => '2006-02-22T20:05:55', 'version' => '0.62' }, { 'date' => '2006-04-18T20:24:51', 'version' => '0.64' }, { 'date' => '2007-06-01T14:46:48', 'version' => '0.65' }, { 'date' => '2007-10-04T11:08:55', 'version' => '0.66' }, { 'date' => '2007-12-02T23:20:56', 'version' => '0.67' }, { 'date' => '2008-01-08T18:01:32', 'version' => '0.68' }, { 'date' => '2008-01-08T20:03:26', 'version' => '0.68' }, { 'date' => '2008-03-01T19:46:47', 'version' => '0.69' }, { 'date' => '2008-06-09T09:06:12', 'version' => '0.70' }, { 'date' => '2008-09-05T19:36:06', 'version' => '0.71' }, { 'date' => '2008-12-19T08:16:12', 'version' => '0.72' }, { 'date' => '2009-04-02T20:36:25', 'version' => '0.73' }, { 'date' => '2009-04-10T20:41:07', 'version' => '0.74' }, { 'date' => '2009-07-05T16:40:09', 'version' => '0.75' }, { 'date' => '2009-07-13T08:33:36', 'version' => '0.76' }, { 'date' => '2009-07-23T17:37:10', 'version' => '0.80' }, { 'date' => '2009-07-28T15:58:37', 'version' => '0.81' }, { 'date' => '2009-08-04T15:46:34', 'version' => '0.82' }, { 'date' => '2009-08-05T20:27:52', 'version' => '0.83' }, { 'date' => '2009-08-08T18:13:20', 'version' => '0.84' }, { 'date' => '2009-08-09T16:45:02', 'version' => '0.85' }, { 'date' => '2009-08-24T08:00:34', 'version' => '0.86' }, { 'date' => '2009-08-29T19:22:41', 'version' => '0.87' }, { 'date' => '2009-09-11T16:53:57', 'version' => '0.90' }, { 'date' => '2009-09-24T15:48:49', 'version' => '0.91' }, { 'date' => '2009-09-29T20:14:35', 'version' => '0.92' }, { 'date' => '2009-11-23T20:25:34', 'version' => '0.93' }, { 'date' => '2010-03-26T19:12:55', 'version' => '0.94' }, { 'date' => '2010-05-21T19:34:29', 'version' => '0.95' }, { 'date' => '2010-06-16T19:00:45', 'version' => '0.9501' }, { 'date' => '2010-06-24T18:50:34', 'version' => '0.9502' }, { 'date' => '2010-08-29T12:45:12', 'version' => '0.9503' }, { 'date' => '2010-09-29T07:16:03', 'version' => '0.9504' }, { 'date' => '2011-07-01T10:40:21', 'version' => '0.9505' }, { 'date' => '2011-10-04T20:31:16', 'version' => '0.9506' }, { 'date' => '2011-12-09T07:59:17', 'version' => '0.9507' }, { 'date' => '2011-12-26T21:57:41', 'version' => '0.9508' }, { 'date' => '2012-02-28T19:59:05', 'version' => '0.9509' }, { 'date' => '2013-05-13T08:40:09', 'version' => '0.9510' }, { 'date' => '2021-11-30T23:21:23', 'version' => '0.9520' }, { 'date' => '2021-12-02T07:27:12', 'version' => '0.9521' }, { 'date' => '2021-12-06T17:53:48', 'version' => '0.9522' }, { 'date' => '2021-12-15T09:50:03', 'version' => '0.9523' }, { 'date' => '2022-01-16T20:42:34', 'version' => '0.9524' } ] }, 'HTTP-Body' => { 'advisories' => [ { 'affected_versions' => '>=1.08,<1.19', 'cves' => [ 'CVE-2013-4407' ], 'description' => 'HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file\'s name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed. ', 'distribution' => 'HTTP-Body', 'fixed_versions' => undef, 'id' => 'CPANSA-HTTP-Body-2013-4407', 'references' => [ 'https://security-tracker.debian.org/tracker/CVE-2013-4407', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634' ], 'reported' => '2013-09-02', 'severity' => 'moderate' } ], 'main_module' => 'HTTP::Body', 'versions' => [ { 'date' => '2005-10-06T23:31:10', 'version' => '0.01' }, { 'date' => '2005-10-07T19:39:00', 'version' => '0.2' }, { 'date' => '2005-10-28T00:04:21', 'version' => '0.03' }, { 'date' => '2005-11-09T06:02:28', 'version' => '0.4' }, { 'date' => '2005-11-17T04:03:44', 'version' => '0.5' }, { 'date' => '2006-01-06T11:55:08', 'version' => '0.6' }, { 'date' => '2007-03-23T17:02:39', 'version' => '0.7' }, { 'date' => '2007-03-24T01:48:23', 'version' => '0.8' }, { 'date' => '2007-03-27T17:55:21', 'version' => '0.9' }, { 'date' => '2008-02-23T16:03:17', 'version' => '1.00' }, { 'date' => '2008-02-23T16:16:09', 'version' => '1.01' }, { 'date' => '2008-02-27T22:08:06', 'version' => '1.02' }, { 'date' => '2008-04-07T14:20:46', 'version' => '1.03' }, { 'date' => '2008-06-23T19:41:56', 'version' => '1.04' }, { 'date' => '2008-12-01T22:14:51', 'version' => '1.05' }, { 'date' => '2010-01-09T18:23:07', 'version' => '1.06' }, { 'date' => '2010-01-24T19:42:49', 'version' => '1.07' }, { 'date' => '2010-08-19T19:02:08', 'version' => '1.08' }, { 'date' => '2010-08-19T23:11:46', 'version' => '1.09' }, { 'date' => '2010-10-08T14:52:40', 'version' => '1.10' }, { 'date' => '2010-10-26T14:38:59', 'version' => '1.11' }, { 'date' => '2011-03-20T00:58:03', 'version' => '1.12' }, { 'date' => '2011-11-04T18:44:06', 'version' => '1.14' }, { 'date' => '2011-12-05T03:02:21', 'version' => '1.15' }, { 'date' => '2012-10-03T15:19:24', 'version' => '1.16' }, { 'date' => '2012-10-03T22:04:49', 'version' => '1.17' }, { 'date' => '2013-12-06T15:06:26', 'version' => '1.18' }, { 'date' => '2013-12-06T15:07:56', 'version' => '1.19' }, { 'date' => '2015-01-28T15:21:00', 'version' => '1.20' }, { 'date' => '2015-01-29T03:50:10', 'version' => '1.21' }, { 'date' => '2015-01-29T03:53:01', 'version' => '1.22' } ] }, 'HTTP-Daemon' => { 'advisories' => [ { 'affected_versions' => '<6.15', 'cves' => [ 'CVE-2022-31081' ], 'description' => 'HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the \'Content-Length\' (`my $cl = $rqst->header(\'Content-Length\')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of \'Content-Length\' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected. ', 'distribution' => 'HTTP-Daemon', 'fixed_versions' => '>=6.15', 'id' => 'CPANSA-HTTP-Daemon-2022-31081', 'references' => [ 'https://github.com/libwww-perl/HTTP-Daemon/commit/e84475de51d6fd7b29354a997413472a99db70b2', 'https://github.com/libwww-perl/HTTP-Daemon/commit/8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0', 'https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn', 'https://datatracker.ietf.org/doc/html/rfc7230#section-9.5', 'https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf', 'http://metacpan.org/release/HTTP-Daemon/', 'https://cwe.mitre.org/data/definitions/444.html', 'https://github.com/libwww-perl/HTTP-Daemon/issues/56', 'https://github.com/NixOS/nixpkgs/pull/181632' ], 'reported' => '2022-06-27', 'severity' => 'medium' } ], 'main_module' => 'HTTP::Daemon', 'versions' => [ { 'date' => '2011-02-27T22:49:28', 'version' => '6.00' }, { 'date' => '2012-02-18T12:26:43', 'version' => '6.01' }, { 'date' => '2019-04-01T16:05:05', 'version' => '6.02' }, { 'date' => '2019-04-01T20:58:35', 'version' => '6.03' }, { 'date' => '2019-04-02T13:12:12', 'version' => '6.04' }, { 'date' => '2019-07-26T20:42:43', 'version' => '6.05' }, { 'date' => '2019-08-29T14:24:33', 'version' => '6.06' }, { 'date' => '2020-05-19T19:20:38', 'version' => '6.07' }, { 'date' => '2020-05-22T15:27:22', 'version' => '6.08' }, { 'date' => '2020-05-25T16:53:41', 'version' => '6.09' }, { 'date' => '2020-05-26T16:22:18', 'version' => '6.10' }, { 'date' => '2020-06-03T14:48:37', 'version' => '6.11' }, { 'date' => '2020-06-04T16:03:28', 'version' => '6.12' }, { 'date' => '2022-02-09T20:41:36', 'version' => '6.13' }, { 'date' => '2022-03-03T20:49:07', 'version' => '6.14' }, { 'date' => '2023-02-22T22:03:32', 'version' => '6.15' }, { 'date' => '2023-02-24T03:09:01', 'version' => '6.16' } ] }, 'HTTP-Session2' => { 'advisories' => [ { 'affected_versions' => '<1.10', 'cves' => [], 'description' => 'HTTP::Session2 1.10 does not validate session id, this causes RCE depending on the session store you use. ', 'distribution' => 'HTTP-Session2', 'fixed_versions' => '>=1.10', 'id' => 'CPANSA-HTTP-Session2-2018-01', 'references' => [ 'https://metacpan.org/changes/distribution/HTTP-Session2', 'https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d' ], 'reported' => '2018-01-26', 'severity' => 'critical' } ], 'main_module' => 'HTTP::Session2', 'versions' => [ { 'date' => '2013-10-28T03:20:09', 'version' => '0.01' }, { 'date' => '2013-10-30T00:17:21', 'version' => '0.02' }, { 'date' => '2013-10-31T01:21:27', 'version' => '0.03' }, { 'date' => '2013-11-01T01:10:52', 'version' => '0.04' }, { 'date' => '2014-03-18T18:53:09', 'version' => '0.05' }, { 'date' => '2014-07-28T04:10:11', 'version' => '1.00' }, { 'date' => '2014-07-28T11:44:05', 'version' => '1.01' }, { 'date' => '2014-07-31T21:17:23', 'version' => '1.02' }, { 'date' => '2014-08-01T11:04:00', 'version' => '1.03' }, { 'date' => '2014-08-01T11:10:56', 'version' => '1.04' }, { 'date' => '2014-08-01T11:20:46', 'version' => '1.05' }, { 'date' => '2014-08-01T14:04:04', 'version' => '1.06' }, { 'date' => '2014-08-01T14:08:11', 'version' => '1.07' }, { 'date' => '2014-08-03T07:23:00', 'version' => '1.08' }, { 'date' => '2014-09-01T02:26:38', 'version' => '1.09' }, { 'date' => '2018-01-26T05:02:08', 'version' => '1.10' } ] }, 'HTTP-Tiny' => { 'advisories' => [ { 'affected_versions' => undef, 'cves' => [ 'CVE-2023-31486' ], 'description' => 'HTTP::Tiny v0.082, a Perl core module since v5.13.9 and available standalone on CPAN, does not verify TLS certs by default. Users must opt-in with the verify_SSL=>1 flag to verify certs when using HTTPS. Resulting in a CWE-1188: Insecure Default Initialization of Resource weakness. ', 'distribution' => 'HTTP-Tiny', 'fixed_versions' => undef, 'id' => 'CPANSA-HTTP-Tiny-2023-31486', 'references' => [ 'https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/', 'https://github.com/chansen/p5-http-tiny/issues/152', 'https://github.com/chansen/p5-http-tiny/pull/151', 'https://hackeriet.github.io/cpan-http-tiny-overview/', 'https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/', 'https://github.com/NixOS/nixpkgs/pull/187480', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962407', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089', 'https://salsa.debian.org/perl-team/interpreter/perl/-/commit/1490431e40e22052f75a0b3449f1f53cbd27ba92.patch', 'https://github.com/chansen/p5-http-tiny/issues/134', 'https://github.com/chansen/p5-http-tiny/issues/68' ], 'reported' => '2023-02-14' }, { 'affected_versions' => '<0.059', 'cves' => [ 'CVE-2016-1238' ], 'description' => 'Loading modules from . (current directory). ', 'distribution' => 'HTTP-Tiny', 'fixed_versions' => '>=0.059', 'id' => 'CPANSA-HTTP-Tiny-2016-1238', 'references' => [ 'https://metacpan.org/changes/distribution/HTTP-Tiny', 'https://github.com/chansen/p5-http-tiny/commit/b239c95ea7a256cfee9b8848f1bd4d1df6e66444' ], 'reported' => '2016-07-29' }, { 'affected_versions' => '<0.039', 'cves' => [], 'description' => 'Temporary file creating during mirror() not opened exclusively. ', 'distribution' => 'HTTP-Tiny', 'fixed_versions' => '>=0.039', 'id' => 'CPANSA-HTTP-Tiny-2013-01', 'references' => [ 'https://metacpan.org/dist/HTTP-Tiny/changes' ], 'reported' => '2013-11-27' } ], 'main_module' => 'HTTP::Tiny', 'versions' => [ { 'date' => '2010-12-11T12:59:31', 'version' => '0.001' }, { 'date' => '2010-12-14T02:59:37', 'version' => '0.002' }, { 'date' => '2010-12-15T17:30:49', 'version' => '0.003' }, { 'date' => '2010-12-16T03:53:33', 'version' => '0.004' }, { 'date' => '2011-01-08T11:32:21', 'version' => '0.005' }, { 'date' => '2011-01-10T12:27:39', 'version' => '0.006' }, { 'date' => '2011-01-12T09:56:28', 'version' => '0.007' }, { 'date' => '2011-01-14T11:34:51', 'version' => '0.008' }, { 'date' => '2011-01-17T21:29:27', 'version' => '0.009' }, { 'date' => '2011-02-04T07:45:53', 'version' => '0.010' }, { 'date' => '2011-03-20T00:49:53', 'version' => '0.011' }, { 'date' => '2011-03-31T19:49:33', 'version' => '0.012' }, { 'date' => '2011-07-18T03:15:12', 'version' => '0.013' }, { 'date' => '2011-10-20T17:55:01', 'version' => '0.014' }, { 'date' => '2011-10-26T20:42:15', 'version' => '0.015' }, { 'date' => '2011-10-27T03:06:06', 'version' => '0.016' }, { 'date' => '2012-02-23T02:58:42', 'version' => '0.017' }, { 'date' => '2012-04-18T13:41:15', 'version' => '0.018' }, { 'date' => '2012-05-14T11:15:52', 'version' => '0.019' }, { 'date' => '2012-05-14T19:25:57', 'version' => '0.020' }, { 'date' => '2012-05-16T02:39:55', 'version' => '0.021' }, { 'date' => '2012-06-02T03:32:21', 'version' => '0.022' }, { 'date' => '2012-09-19T16:06:37', 'version' => '0.023' }, { 'date' => '2012-10-10T00:45:59', 'version' => '0.024' }, { 'date' => '2012-12-26T17:11:23', 'version' => '0.025' }, { 'date' => '2013-03-05T03:54:12', 'version' => '0.026' }, { 'date' => '2013-03-05T17:04:07', 'version' => '0.027' }, { 'date' => '2013-03-05T19:13:42', 'version' => '0.028' }, { 'date' => '2013-04-17T17:51:23', 'version' => '0.029' }, { 'date' => '2013-06-13T15:47:33', 'version' => '0.030' }, { 'date' => '2013-06-17T03:18:45', 'version' => '0.031' }, { 'date' => '2013-06-20T15:42:26', 'version' => '0.032' }, { 'date' => '2013-06-21T10:27:45', 'version' => '0.033' }, { 'date' => '2013-06-26T23:03:50', 'version' => '0.034' }, { 'date' => '2013-09-10T16:30:04', 'version' => '0.035' }, { 'date' => '2013-09-25T16:11:04', 'version' => '0.036' }, { 'date' => '2013-10-28T17:50:02', 'version' => '0.037' }, { 'date' => '2013-11-18T17:57:17', 'version' => '0.038' }, { 'date' => '2013-11-28T00:49:36', 'version' => '0.039' }, { 'date' => '2014-02-17T18:05:10', 'version' => '0.040' }, { 'date' => '2014-02-17T18:09:12', 'version' => '0.041' }, { 'date' => '2014-02-18T16:24:50', 'version' => '0.042' }, { 'date' => '2014-02-21T01:42:05', 'version' => '0.043' }, { 'date' => '2014-07-17T03:47:41', 'version' => '0.044' }, { 'date' => '2014-07-20T23:24:33', 'version' => '0.045' }, { 'date' => '2014-07-21T14:33:53', 'version' => '0.046' }, { 'date' => '2014-07-29T18:13:01', 'version' => '0.047' }, { 'date' => '2014-08-21T17:20:45', 'version' => '0.048' }, { 'date' => '2014-09-02T15:21:17', 'version' => '0.049' }, { 'date' => '2014-09-23T19:32:00', 'version' => '0.050' }, { 'date' => '2014-11-18T03:59:56', 'version' => '0.051' }, { 'date' => '2014-12-11T20:25:19', 'version' => '0.052' }, { 'date' => '2014-12-12T04:43:37', 'version' => '0.053' }, { 'date' => '2015-01-27T12:18:58', 'version' => '0.054' }, { 'date' => '2015-05-07T22:15:24', 'version' => '0.055' }, { 'date' => '2015-05-19T10:01:27', 'version' => '0.056' }, { 'date' => '2016-04-18T14:19:09', 'version' => '0.057' }, { 'date' => '2016-05-03T17:49:33', 'version' => '0.058' }, { 'date' => '2016-07-29T20:12:12', 'version' => '0.059' }, { 'date' => '2016-08-05T16:12:02', 'version' => '0.061' }, { 'date' => '2016-08-08T16:20:33', 'version' => '0.063' }, { 'date' => '2016-08-17T01:43:01', 'version' => '0.064' }, { 'date' => '2016-09-10T02:43:48', 'version' => '0.065' }, { 'date' => '2016-09-14T15:45:04', 'version' => '0.067' }, { 'date' => '2016-09-23T20:15:05', 'version' => '0.068' }, { 'date' => '2016-10-05T15:37:11', 'version' => '0.069' }, { 'date' => '2016-10-10T03:25:33', 'version' => '0.070' }, { 'date' => '2018-07-24T15:35:02', 'version' => '0.073' }, { 'date' => '2018-07-30T19:37:29', 'version' => '0.074' }, { 'date' => '2018-08-01T11:10:11', 'version' => '0.075' }, { 'date' => '2018-08-06T01:09:54', 'version' => '0.076' }, { 'date' => '2021-07-22T17:08:36', 'version' => '0.077' }, { 'date' => '2021-08-02T13:26:31', 'version' => '0.078' }, { 'date' => '2021-11-04T16:34:59', 'version' => '0.079' }, { 'date' => '2021-11-05T12:17:42', 'version' => '0.080' }, { 'date' => '2022-07-17T13:02:38', 'version' => '0.081' }, { 'date' => '2022-07-25T13:47:22', 'version' => '0.082' }, { 'date' => '2023-06-11T11:06:38', 'version' => '0.083' }, { 'date' => '2023-06-14T10:35:44', 'version' => '0.084' }, { 'date' => '2023-06-22T14:07:29', 'version' => '0.086' }, { 'date' => '2023-07-11T12:54:02', 'version' => '0.088' } ] }, 'IO-Compress' => { 'advisories' => [ { 'affected_versions' => '<2.070', 'cves' => [ 'CVE-2016-1238' ], 'description' => '(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. ', 'distribution' => 'IO-Compress', 'fixed_versions' => '>=2.070', 'id' => 'CPANSA-IO-Compress-2016-1238', 'references' => [ 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'severity' => 'high' } ], 'main_module' => 'Compress::Zlib', 'versions' => [ { 'date' => '2009-04-04T09:49:11', 'version' => '2.017' }, { 'date' => '2009-05-03T16:27:20', 'version' => '2.018' }, { 'date' => '2009-05-04T09:43:44', 'version' => '2.019' }, { 'date' => '2009-06-03T17:48:41', 'version' => '2.020' }, { 'date' => '2009-08-30T20:27:02', 'version' => '2.021' }, { 'date' => '2009-10-09T21:56:08', 'version' => '2.022' }, { 'date' => '2009-11-09T23:43:07', 'version' => '2.023' }, { 'date' => '2010-01-09T17:56:46', 'version' => '2.024' }, { 'date' => '2010-03-28T12:57:23', 'version' => '2.025' }, { 'date' => '2010-04-07T19:51:37', 'version' => '2.026' }, { 'date' => '2010-04-24T19:16:06', 'version' => '2.027' }, { 'date' => '2010-07-24T14:46:19', 'version' => '2.030' }, { 'date' => '2011-01-06T11:24:01', 'version' => '2.032' }, { 'date' => '2011-01-11T14:03:58', 'version' => '2.033' }, { 'date' => '2011-05-02T21:50:29', 'version' => '2.034' }, { 'date' => '2011-05-07T08:32:12', 'version' => '2.035' }, { 'date' => '2011-06-18T21:45:50', 'version' => '2.036' }, { 'date' => '2011-06-22T07:19:49', 'version' => '2.037' }, { 'date' => '2011-10-28T14:28:46', 'version' => '2.039' }, { 'date' => '2011-10-28T22:20:49', 'version' => '2.040' }, { 'date' => '2011-11-17T23:45:33', 'version' => '2.042' }, { 'date' => '2011-11-20T21:34:13', 'version' => '2.043' }, { 'date' => '2011-12-03T22:49:21', 'version' => '2.044' }, { 'date' => '2011-12-04T19:21:48', 'version' => '2.045' }, { 'date' => '2011-12-18T22:38:32', 'version' => '2.046' }, { 'date' => '2012-01-28T23:28:39', 'version' => '2.047' }, { 'date' => '2012-01-29T17:00:45', 'version' => '2.048' }, { 'date' => '2012-02-18T15:58:24', 'version' => '2.049' }, { 'date' => '2012-04-29T12:42:10', 'version' => '2.052' }, { 'date' => '2012-08-05T20:37:36', 'version' => '2.055' }, { 'date' => '2012-11-10T19:09:13', 'version' => '2.057' }, { 'date' => '2012-11-12T22:15:00', 'version' => '2.058' }, { 'date' => '2012-12-15T13:41:23', 'version' => '2.059' }, { 'date' => '2013-01-07T20:02:34', 'version' => '2.060' }, { 'date' => '2013-05-27T09:55:05', 'version' => '2.061' }, { 'date' => '2013-08-12T19:08:16', 'version' => '2.062' }, { 'date' => '2013-11-02T17:15:29', 'version' => '2.063' }, { 'date' => '2014-02-01T23:21:32', 'version' => '2.064' }, { 'date' => '2014-09-21T12:42:45', 'version' => '2.066' }, { 'date' => '2014-12-08T15:14:06', 'version' => '2.067' }, { 'date' => '2014-12-23T17:46:25', 'version' => '2.068' }, { 'date' => '2015-09-26T18:42:09', 'version' => '2.069' }, { 'date' => '2016-12-28T23:09:27', 'version' => '2.070' }, { 'date' => '2017-02-12T20:41:37', 'version' => '2.072' }, { 'date' => '2017-02-19T20:37:27', 'version' => '2.073' }, { 'date' => '2017-02-19T22:11:53', 'version' => '2.074' }, { 'date' => '2018-04-03T18:22:13', 'version' => '2.080' }, { 'date' => '2018-04-08T15:03:07', 'version' => '2.081' }, { 'date' => '2018-12-30T22:40:20', 'version' => '2.083' }, { 'date' => '2019-01-06T08:57:26', 'version' => '2.084' }, { 'date' => '2019-03-31T19:16:41', 'version' => '2.086' }, { 'date' => '2019-08-10T18:12:14', 'version' => '2.087' }, { 'date' => '2019-11-03T09:29:00', 'version' => '2.088' }, { 'date' => '2019-11-03T19:54:15', 'version' => '2.089' }, { 'date' => '2019-11-09T16:00:26', 'version' => '2.090' }, { 'date' => '2019-11-23T19:44:59', 'version' => '2.091' }, { 'date' => '2019-12-04T22:10:26', 'version' => '2.092' }, { 'date' => '2019-12-07T16:05:46', 'version' => '2.093' }, { 'date' => '2020-07-14T15:32:09', 'version' => '2.094' }, { 'date' => '2020-07-20T19:25:09', 'version' => '2.095' }, { 'date' => '2020-07-31T20:53:32', 'version' => '2.096' }, { 'date' => '2021-01-07T13:57:52', 'version' => '2.100' }, { 'date' => '2021-02-20T14:25:27', 'version' => '2.101' }, { 'date' => '2021-02-28T08:57:41', 'version' => '2.102' }, { 'date' => '2022-04-03T19:50:28', 'version' => '2.103' }, { 'date' => '2022-04-09T15:43:24', 'version' => '2.104' }, { 'date' => '2022-04-09T21:36:46', 'version' => '2.105' }, { 'date' => '2022-04-12T16:10:04', 'version' => '2.106' }, { 'date' => '2022-06-25T09:04:18', 'version' => '2.201' }, { 'date' => '2023-02-08T21:49:30', 'version' => '2.204' }, { 'date' => '2023-07-16T19:41:51', 'version' => '2.205' }, { 'date' => '2023-07-25T15:56:21', 'version' => '2.206' } ] }, 'IO-Socket-SSL' => { 'advisories' => [ { 'affected_versions' => '<1.35', 'cves' => [ 'CVE-2010-4334' ], 'description' => 'The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. ', 'distribution' => 'IO-Socket-SSL', 'fixed_versions' => undef, 'id' => 'CPANSA-IO-Socket-SSL-2010-4334', 'references' => [ 'http://osvdb.org/69626', 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058', 'http://www.securityfocus.com/bid/45189', 'http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes', 'http://secunia.com/advisories/42508', 'http://secunia.com/advisories/42757', 'http://www.openwall.com/lists/oss-security/2010/12/09/8', 'http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html', 'http://www.openwall.com/lists/oss-security/2010/12/24/1', 'http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html', 'http://www.mandriva.com/security/advisories?name=MDVSA-2011:092' ], 'reported' => '2011-01-14', 'severity' => undef }, { 'affected_versions' => '>=1.14,<=1.15', 'cves' => [ 'CVE-2009-3024' ], 'description' => 'The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate. ', 'distribution' => 'IO-Socket-SSL', 'fixed_versions' => undef, 'id' => 'CPANSA-IO-Socket-SSL-2009-3024', 'references' => [ 'http://www.openwall.com/lists/oss-security/2009/08/31/4', 'http://www.openwall.com/lists/oss-security/2009/08/28/1', 'http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes', 'http://www.openwall.com/lists/oss-security/2009/08/29/1', 'http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html', 'http://www.vupen.com/english/advisories/2011/0118', 'http://www.gentoo.org/security/en/glsa/glsa-201101-06.xml', 'http://secunia.com/advisories/42893' ], 'reported' => '2009-08-31', 'severity' => undef } ], 'main_module' => 'IO::Socket::SSL', 'versions' => [ { 'date' => '1999-06-18T14:54:49', 'version' => '0.70' }, { 'date' => '1999-07-21T19:45:05', 'version' => '0.72' }, { 'date' => '1999-07-29T17:28:04', 'version' => '0.73' }, { 'date' => '2000-07-04T11:46:51', 'version' => '0.74' }, { 'date' => '2000-08-08T06:59:10', 'version' => '0.75' }, { 'date' => '2000-11-17T14:26:45', 'version' => '0.76' }, { 'date' => '2001-01-15T13:57:06', 'version' => '0.77' }, { 'date' => '2001-04-24T07:00:38', 'version' => '0.78' }, { 'date' => '2001-06-04T08:01:01', 'version' => '0.79' }, { 'date' => '2001-08-19T08:28:53', 'version' => '0.80' }, { 'date' => '2002-04-10T12:43:43', 'version' => '0.81' }, { 'date' => '2002-08-13T21:42:55', 'version' => '0.90' }, { 'date' => '2002-08-19T15:28:09', 'version' => '0.901' }, { 'date' => '2002-09-01T01:13:14', 'version' => '0.91' }, { 'date' => '2002-10-22T06:15:30', 'version' => '0.92' }, { 'date' => '2003-06-24T19:24:37', 'version' => '0.93' }, { 'date' => '2003-06-26T19:41:04', 'version' => '0.94' }, { 'date' => '2003-08-25T22:47:30', 'version' => '0.95' }, { 'date' => '2004-04-30T17:43:07', 'version' => '0.96' }, { 'date' => '2005-07-17T09:20:02', 'version' => '0.97' }, { 'date' => '2006-06-12T14:37:33', 'version' => '0.98' }, { 'date' => '2006-06-12T14:48:30', 'version' => '0.98' }, { 'date' => '2006-07-17T15:05:06', 'version' => '0.99' }, { 'date' => '2006-07-18T13:33:27', 'version' => '0.99' }, { 'date' => '2006-07-20T05:59:15', 'version' => '0.99' }, { 'date' => '2006-07-20T08:35:45', 'version' => '0.99' }, { 'date' => '2006-07-24T14:27:43', 'version' => '0.99' }, { 'date' => '2006-08-02T07:30:04', 'version' => '0.99' }, { 'date' => '2006-08-02T07:37:59', 'version' => '0.99' }, { 'date' => '2006-08-02T20:43:25', 'version' => '0.99' }, { 'date' => '2006-08-11T10:01:10', 'version' => '0.99' }, { 'date' => '2006-08-15T20:22:28', 'version' => '0.99' }, { 'date' => '2006-09-12T14:16:38', 'version' => '0.99' }, { 'date' => '2006-09-13T11:10:06', 'version' => '0.99' }, { 'date' => '2006-12-01T09:57:52', 'version' => '0.99' }, { 'date' => '2007-03-06T18:12:09', 'version' => '0.99' }, { 'date' => '2007-03-28T19:06:21', 'version' => '0.99' }, { 'date' => '2007-04-16T19:35:58', 'version' => '0.99' }, { 'date' => '2007-04-30T07:45:00', 'version' => '0.99' }, { 'date' => '2007-06-03T19:46:51', 'version' => '0.99' }, { 'date' => '2007-06-06T13:59:06', 'version' => '0.99' }, { 'date' => '2007-08-10T09:07:39', 'version' => '0.99' }, { 'date' => '2007-09-13T19:40:43', 'version' => '0.99' }, { 'date' => '2007-10-09T21:18:11', 'version' => '0.99' }, { 'date' => '2007-10-10T18:49:29', 'version' => '0.99' }, { 'date' => '2007-10-26T06:29:26', 'version' => '0.99' }, { 'date' => '2008-01-11T17:59:06', 'version' => '0.99' }, { 'date' => '2008-01-28T06:44:08', 'version' => '0.99' }, { 'date' => '2008-02-22T09:07:12', 'version' => '0.99' }, { 'date' => '2008-02-24T09:42:37', 'version' => '0.99' }, { 'date' => '2008-02-25T21:18:02', 'version' => '0.99' }, { 'date' => '2008-03-10T08:46:06', 'version' => '0.99' }, { 'date' => '2008-07-16T09:27:07', 'version' => '0.99' }, { 'date' => '2008-08-28T20:03:28', 'version' => '0.99' }, { 'date' => '2008-09-19T06:34:13', 'version' => '0.99' }, { 'date' => '2008-09-19T16:54:30', 'version' => '0.99' }, { 'date' => '2008-09-24T07:52:48', 'version' => '0.99' }, { 'date' => '2008-09-25T09:24:39', 'version' => '0.99' }, { 'date' => '2008-10-13T09:06:13', 'version' => '0.99' }, { 'date' => '2008-11-17T17:21:39', 'version' => '0.99' }, { 'date' => '2008-12-31T14:47:59', 'version' => '0.99' }, { 'date' => '2009-01-15T20:52:54', 'version' => '0.99' }, { 'date' => '2009-01-22T20:59:47', 'version' => '0.99' }, { 'date' => '2009-01-24T06:34:00', 'version' => '0.99' }, { 'date' => '2009-02-23T09:59:39', 'version' => '1.23' }, { 'date' => '2009-04-01T08:02:14', 'version' => '1.24' }, { 'date' => '2009-07-02T18:15:35', 'version' => '1.25' }, { 'date' => '2009-07-03T07:36:23', 'version' => '1.26' }, { 'date' => '2009-07-24T06:37:32', 'version' => '1.27' }, { 'date' => '2009-08-19T10:46:35', 'version' => '1.28' }, { 'date' => '2009-08-19T10:54:30', 'version' => '1.29' }, { 'date' => '2009-08-19T14:41:37', 'version' => '1.30' }, { 'date' => '2009-09-01T07:44:10', 'version' => '1.30_2' }, { 'date' => '2009-09-02T05:57:30', 'version' => '1.30_3' }, { 'date' => '2009-09-25T19:10:53', 'version' => '1.31' }, { 'date' => '2010-02-22T09:39:43', 'version' => '1.32' }, { 'date' => '2010-03-17T12:53:27', 'version' => '1.33' }, { 'date' => '2010-11-01T08:55:36', 'version' => '1.34' }, { 'date' => '2010-12-06T08:16:23', 'version' => '1.35' }, { 'date' => '2010-12-08T19:28:31', 'version' => '1.36' }, { 'date' => '2010-12-09T08:38:47', 'version' => '1.37' }, { 'date' => '2011-01-18T08:45:03', 'version' => '1.38' }, { 'date' => '2011-03-03T11:39:29', 'version' => '1.39' }, { 'date' => '2011-05-02T10:32:52', 'version' => '1.40' }, { 'date' => '2011-05-10T05:14:22', 'version' => '1.41' }, { 'date' => '2011-05-10T14:15:57', 'version' => '1.42' }, { 'date' => '2011-05-11T08:23:15', 'version' => '1.43' }, { 'date' => '2011-05-12T19:35:25', 'version' => '1.43_1' }, { 'date' => '2011-05-27T11:46:14', 'version' => '1.44' }, { 'date' => '2011-10-13T08:42:32', 'version' => '1.45' }, { 'date' => '2011-10-18T06:30:07', 'version' => '1.46' }, { 'date' => '2011-10-21T07:09:03', 'version' => '1.47' }, { 'date' => '2011-10-26T16:35:42', 'version' => '1.48' }, { 'date' => '2011-10-28T08:26:49', 'version' => '1.49' }, { 'date' => '2011-12-06T21:14:17', 'version' => '1.50' }, { 'date' => '2011-12-06T21:25:05', 'version' => '1.51' }, { 'date' => '2011-12-07T08:12:01', 'version' => '1.52' }, { 'date' => '2011-12-11T21:45:13', 'version' => '1.53' }, { 'date' => '2012-01-11T08:15:23', 'version' => '1.54' }, { 'date' => '2012-02-20T06:49:04', 'version' => '1.55' }, { 'date' => '2012-02-22T15:49:39', 'version' => '1.56' }, { 'date' => '2012-02-26T21:57:54', 'version' => '1.57' }, { 'date' => '2012-02-26T22:09:30', 'version' => '1.58' }, { 'date' => '2012-03-08T10:44:05', 'version' => '1.59' }, { 'date' => '2012-03-20T18:59:41', 'version' => '1.60' }, { 'date' => '2012-03-27T14:34:36', 'version' => '1.61' }, { 'date' => '2012-03-28T05:53:19', 'version' => '1.62' }, { 'date' => '2012-04-06T20:33:58', 'version' => '1.63' }, { 'date' => '2012-04-06T21:04:54', 'version' => '1.64' }, { 'date' => '2012-04-16T16:51:54', 'version' => '1.65' }, { 'date' => '2012-04-16T18:52:52', 'version' => '1.66' }, { 'date' => '2012-05-07T09:39:11', 'version' => '1.67' }, { 'date' => '2012-05-07T13:01:38', 'version' => '1.68' }, { 'date' => '2012-05-08T08:24:35', 'version' => '1.69' }, { 'date' => '2012-05-08T09:18:24', 'version' => '1.70' }, { 'date' => '2012-05-09T08:41:48', 'version' => '1.71' }, { 'date' => '2012-05-10T11:10:15', 'version' => '1.72' }, { 'date' => '2012-05-11T19:29:42', 'version' => '1.73' }, { 'date' => '2012-05-13T15:19:26', 'version' => '1.74' }, { 'date' => '2012-06-07T17:42:47', 'version' => '1.74_1' }, { 'date' => '2012-06-07T21:59:28', 'version' => '1.74_2' }, { 'date' => '2012-06-15T12:42:21', 'version' => '1.75' }, { 'date' => '2012-06-18T06:20:09', 'version' => '1.76' }, { 'date' => '2012-10-05T05:36:56', 'version' => '1.77' }, { 'date' => '2012-11-25T14:08:27', 'version' => '1.78' }, { 'date' => '2012-11-25T15:50:09', 'version' => '1.79' }, { 'date' => '2012-11-30T07:47:23', 'version' => '1.80' }, { 'date' => '2012-12-06T09:14:04', 'version' => '1.81' }, { 'date' => '2013-01-28T07:41:50', 'version' => '1.82' }, { 'date' => '2013-02-03T19:04:27', 'version' => '1.83' }, { 'date' => '2013-02-14T08:05:20', 'version' => '1.831' }, { 'date' => '2013-02-15T20:48:12', 'version' => '1.84' }, { 'date' => '2013-04-14T08:59:30', 'version' => '1.85' }, { 'date' => '2013-04-17T11:31:18', 'version' => '1.86' }, { 'date' => '2013-04-24T18:16:01', 'version' => '1.87' }, { 'date' => '2013-05-02T05:59:47', 'version' => '1.88' }, { 'date' => '2013-05-14T13:36:49', 'version' => '1.89' }, { 'date' => '2013-05-29T18:58:35', 'version' => '1.90' }, { 'date' => '2013-05-30T09:36:07', 'version' => '1.91' }, { 'date' => '2013-05-30T19:20:11', 'version' => '1.92' }, { 'date' => '2013-05-31T06:14:58', 'version' => '1.93' }, { 'date' => '2013-06-01T12:46:14', 'version' => '1.94' }, { 'date' => '2013-07-03T08:44:53', 'version' => '1.950' }, { 'date' => '2013-07-03T10:02:42', 'version' => '1.951' }, { 'date' => '2013-07-11T20:14:18', 'version' => '1.952' }, { 'date' => '2013-07-22T06:34:31', 'version' => '1.953' }, { 'date' => '2013-09-15T13:05:33', 'version' => '1.954' }, { 'date' => '2013-10-11T16:54:45', 'version' => '1.955' }, { 'date' => '2013-11-10T18:00:08', 'version' => '1.956' }, { 'date' => '2013-11-11T08:42:30', 'version' => '1.957' }, { 'date' => '2013-11-11T18:28:16', 'version' => '1.958' }, { 'date' => '2013-11-12T15:39:42', 'version' => '1.959' }, { 'date' => '2013-11-13T00:10:43', 'version' => '1.960' }, { 'date' => '2013-11-26T14:47:11', 'version' => '1.961' }, { 'date' => '2013-11-27T21:19:25', 'version' => '1.962' }, { 'date' => '2014-01-13T13:05:48', 'version' => '1.963' }, { 'date' => '2014-01-15T11:36:49', 'version' => '1.964' }, { 'date' => '2014-01-16T19:11:32', 'version' => '1.965' }, { 'date' => '2014-01-21T16:53:39', 'version' => '1.966' }, { 'date' => '2014-02-06T22:06:14', 'version' => '1.967' }, { 'date' => '2014-03-13T06:38:27', 'version' => '1.968' }, { 'date' => '2014-03-16T16:41:39', 'version' => '1.969' }, { 'date' => '2014-03-19T05:04:51', 'version' => '1.970' }, { 'date' => '2014-03-22T19:54:06', 'version' => '1.971' }, { 'date' => '2014-03-23T06:48:23', 'version' => '1.972' }, { 'date' => '2014-03-26T07:10:22', 'version' => '1.973' }, { 'date' => '2014-04-02T06:53:53', 'version' => '1.974' }, { 'date' => '2014-04-02T10:14:38', 'version' => '1.975' }, { 'date' => '2014-04-04T04:36:04', 'version' => '1.976' }, { 'date' => '2014-04-04T13:25:28', 'version' => '1.977' }, { 'date' => '2014-04-04T14:21:32', 'version' => '1.978' }, { 'date' => '2014-04-06T06:24:29', 'version' => '1.979' }, { 'date' => '2014-04-08T01:25:10', 'version' => '1.980' }, { 'date' => '2014-04-08T11:09:59', 'version' => '1.981' }, { 'date' => '2014-04-24T20:14:47', 'version' => '1.982' }, { 'date' => '2014-04-27T12:02:16', 'version' => '1.982_1' }, { 'date' => '2014-05-04T08:03:37', 'version' => '1.983' }, { 'date' => '2014-05-10T13:11:17', 'version' => '1.984' }, { 'date' => '2014-05-15T06:30:28', 'version' => '1.985' }, { 'date' => '2014-05-16T17:41:46', 'version' => '1.986' }, { 'date' => '2014-05-17T15:03:37', 'version' => '1.987' }, { 'date' => '2014-05-17T22:15:10', 'version' => '1.988' }, { 'date' => '2014-05-24T08:16:00', 'version' => '1.989' }, { 'date' => '2014-05-26T05:46:04', 'version' => '1.989_1' }, { 'date' => '2014-05-27T11:00:11', 'version' => '1.990' }, { 'date' => '2014-05-27T19:43:31', 'version' => '1.991' }, { 'date' => '2014-06-01T21:47:49', 'version' => '1.992' }, { 'date' => '2014-06-13T20:45:52', 'version' => '1.993' }, { 'date' => '2014-06-22T09:53:11', 'version' => '1.994' }, { 'date' => '2014-07-11T21:50:48', 'version' => '1.995' }, { 'date' => '2014-07-12T11:49:12', 'version' => '1.996' }, { 'date' => '2014-07-12T17:24:04', 'version' => '1.997' }, { 'date' => '2014-09-07T14:59:47', 'version' => '1.998' }, { 'date' => '2014-10-09T19:56:19', 'version' => '1.999' }, { 'date' => '2014-10-16T05:05:11', 'version' => '2.000' }, { 'date' => '2014-10-21T09:46:39', 'version' => '2.001' }, { 'date' => '2014-10-21T21:00:54', 'version' => '2.002' }, { 'date' => '2014-11-14T20:12:08', 'version' => '2.003' }, { 'date' => '2014-11-15T10:05:06', 'version' => '2.004' }, { 'date' => '2014-11-15T10:14:17', 'version' => '2.004_1' }, { 'date' => '2014-11-15T16:29:13', 'version' => '2.005' }, { 'date' => '2014-11-15T16:34:37', 'version' => '2.005_1' }, { 'date' => '2014-11-22T20:51:08', 'version' => '2.006' }, { 'date' => '2014-11-26T22:00:05', 'version' => '2.007' }, { 'date' => '2014-12-16T06:36:16', 'version' => '2.008' }, { 'date' => '2015-01-12T10:48:21', 'version' => '2.009' }, { 'date' => '2015-01-14T20:13:41', 'version' => '2.010' }, { 'date' => '2015-02-01T16:00:22', 'version' => '2.011' }, { 'date' => '2015-02-02T07:46:57', 'version' => '2.012' }, { 'date' => '2015-05-01T15:39:14', 'version' => '2.013' }, { 'date' => '2015-05-05T06:31:37', 'version' => '2.014' }, { 'date' => '2015-05-13T20:43:55', 'version' => '2.015' }, { 'date' => '2015-05-26T21:15:38', 'version' => '2.015_001' }, { 'date' => '2015-05-27T05:39:14', 'version' => '2.015_002' }, { 'date' => '2015-05-27T17:24:09', 'version' => '2.015_003' }, { 'date' => '2015-05-28T07:07:25', 'version' => '2.015_004' }, { 'date' => '2015-05-29T06:01:37', 'version' => '2.015_005' }, { 'date' => '2015-06-02T19:35:20', 'version' => '2.015_006' }, { 'date' => '2015-06-02T20:41:45', 'version' => '2.016' }, { 'date' => '2015-06-04T14:38:29', 'version' => '2.016_001' }, { 'date' => '2015-06-14T17:05:06', 'version' => '2.016_002' }, { 'date' => '2015-08-24T15:45:30', 'version' => '2.017' }, { 'date' => '2015-08-27T11:31:55', 'version' => '2.018' }, { 'date' => '2015-09-01T05:32:47', 'version' => '2.019' }, { 'date' => '2015-09-20T10:33:59', 'version' => '2.020' }, { 'date' => '2015-12-02T19:55:29', 'version' => '2.021' }, { 'date' => '2015-12-10T07:12:46', 'version' => '2.022' }, { 'date' => '2016-01-30T11:12:14', 'version' => '2.023' }, { 'date' => '2016-02-06T19:38:18', 'version' => '2.024' }, { 'date' => '2016-04-04T07:23:02', 'version' => '2.025' }, { 'date' => '2016-04-20T06:11:37', 'version' => '2.026' }, { 'date' => '2016-04-20T14:22:50', 'version' => '2.027' }, { 'date' => '2016-06-27T14:22:02', 'version' => '2.028' }, { 'date' => '2016-06-27T15:53:16', 'version' => '2.029' }, { 'date' => '2016-07-08T08:53:04', 'version' => '2.030' }, { 'date' => '2016-07-08T11:40:31', 'version' => '2.031' }, { 'date' => '2016-07-12T13:12:57', 'version' => '2.032' }, { 'date' => '2016-07-15T09:00:38', 'version' => '2.033' }, { 'date' => '2016-08-08T08:19:05', 'version' => '2.034' }, { 'date' => '2016-08-11T14:25:18', 'version' => '2.035' }, { 'date' => '2016-08-11T19:03:38', 'version' => '2.036' }, { 'date' => '2016-08-22T17:39:32', 'version' => '2.037' }, { 'date' => '2016-09-17T09:36:29', 'version' => '2.038' }, { 'date' => '2016-11-20T21:01:59', 'version' => '2.039' }, { 'date' => '2016-12-17T15:18:35', 'version' => '2.040' }, { 'date' => '2017-01-04T05:17:55', 'version' => '2.041' }, { 'date' => '2017-01-05T18:32:13', 'version' => '2.042' }, { 'date' => '2017-01-06T13:27:56', 'version' => '2.043' }, { 'date' => '2017-01-26T10:46:57', 'version' => '2.044' }, { 'date' => '2017-02-13T15:26:59', 'version' => '2.045' }, { 'date' => '2017-02-15T18:41:05', 'version' => '2.046' }, { 'date' => '2017-02-16T19:01:01', 'version' => '2.047' }, { 'date' => '2017-04-16T18:33:09', 'version' => '2.048' }, { 'date' => '2017-06-12T05:15:34', 'version' => '2.049' }, { 'date' => '2017-08-18T06:07:18', 'version' => '2.050' }, { 'date' => '2017-09-05T09:28:25', 'version' => '2.051' }, { 'date' => '2017-10-22T08:48:29', 'version' => '2.052' }, { 'date' => '2018-01-21T19:41:38', 'version' => '2.053' }, { 'date' => '2018-01-22T05:11:45', 'version' => '2.054' }, { 'date' => '2018-02-15T13:45:54', 'version' => '2.055' }, { 'date' => '2018-02-19T06:35:28', 'version' => '2.056' }, { 'date' => '2018-07-18T19:16:28', 'version' => '2.057' }, { 'date' => '2018-07-19T07:54:24', 'version' => '2.058' }, { 'date' => '2018-08-15T16:13:05', 'version' => '2.059' }, { 'date' => '2018-09-16T19:15:07', 'version' => '2.060' }, { 'date' => '2019-02-23T02:08:16', 'version' => '2.061' }, { 'date' => '2019-02-24T00:14:55', 'version' => '2.062' }, { 'date' => '2019-03-01T14:48:40', 'version' => '2.063' }, { 'date' => '2019-03-04T12:28:12', 'version' => '2.064' }, { 'date' => '2019-03-05T18:50:40', 'version' => '2.065' }, { 'date' => '2019-03-06T06:55:56', 'version' => '2.066' }, { 'date' => '2020-02-14T17:49:51', 'version' => '2.067' }, { 'date' => '2020-03-31T06:15:39', 'version' => '2.068' }, { 'date' => '2021-01-22T16:55:49', 'version' => '2.069' }, { 'date' => '2021-02-26T08:03:24', 'version' => '2.070' }, { 'date' => '2021-05-23T08:12:02', 'version' => '2.071' }, { 'date' => '2021-08-16T13:06:40', 'version' => '2.072' }, { 'date' => '2021-12-22T19:30:42', 'version' => '2.073' }, { 'date' => '2022-01-07T15:09:53', 'version' => '2.074' }, { 'date' => '2022-09-02T18:18:33', 'version' => '2.075' }, { 'date' => '2022-11-14T13:41:15', 'version' => '2.076' }, { 'date' => '2022-11-21T11:44:16', 'version' => '2.077' }, { 'date' => '2022-12-11T20:10:13', 'version' => '2.078' }, { 'date' => '2023-01-16T06:28:01', 'version' => '2.079' }, { 'date' => '2023-01-18T16:28:53', 'version' => '2.080' }, { 'date' => '2023-01-25T10:49:10', 'version' => '2.081' }, { 'date' => '2023-05-17T20:41:22', 'version' => '2.082' }, { 'date' => '2023-05-18T09:15:20', 'version' => '2.083' }, { 'date' => '2023-11-06T21:02:36', 'version' => '2.084' }, { 'date' => '2024-01-22T19:07:08', 'version' => '2.085' } ] }, 'IPC-Cmd' => { 'advisories' => [ { 'affected_versions' => '<0.96', 'cves' => [ 'CVE-2016-1238' ], 'description' => '(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. ', 'distribution' => 'IPC-Cmd', 'fixed_versions' => '>=0.96', 'id' => 'CPANSA-IPC-Cmd-2016-1238', 'references' => [ 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'severity' => 'high' } ], 'main_module' => 'IPC::Cmd', 'versions' => [ { 'date' => '2003-05-10T16:57:39', 'version' => '0.02' }, { 'date' => '2003-05-11T08:50:33', 'version' => '0.03' }, { 'date' => '2003-09-25T10:34:58', 'version' => '0.04' }, { 'date' => '2004-06-18T11:43:01', 'version' => '0.20' }, { 'date' => '2004-08-16T10:26:03', 'version' => '0.22' }, { 'date' => '2004-12-03T15:53:45', 'version' => '0.23' }, { 'date' => '2004-12-09T09:56:18', 'version' => '0.24' }, { 'date' => '2006-09-06T15:57:50', 'version' => '0.25' }, { 'date' => '2006-10-05T14:42:36', 'version' => '0.29_01' }, { 'date' => '2006-10-11T11:11:24', 'version' => '0.30' }, { 'date' => '2006-10-13T11:18:04', 'version' => '0.32' }, { 'date' => '2006-10-20T13:16:49', 'version' => '0.34' }, { 'date' => '2006-11-24T14:01:10', 'version' => '0.36' }, { 'date' => '2007-10-11T15:17:44', 'version' => '0.38' }, { 'date' => '2007-10-17T09:29:57', 'version' => '0.40' }, { 'date' => '2008-05-18T15:50:12', 'version' => '0.41_01' }, { 'date' => '2008-06-29T15:41:17', 'version' => '0.41_02' }, { 'date' => '2008-07-13T13:08:43', 'version' => '0.41_03' }, { 'date' => '2008-07-14T13:57:54', 'version' => '0.41_04' }, { 'date' => '2008-09-22T13:12:26', 'version' => '0.41_05' }, { 'date' => '2008-09-24T15:46:32', 'version' => '0.41_06' }, { 'date' => '2008-10-05T16:24:49', 'version' => '0.41_07' }, { 'date' => '2008-10-10T09:47:07', 'version' => '0.42' }, { 'date' => '2009-05-04T08:15:08', 'version' => '0.44' }, { 'date' => '2009-06-12T11:38:40', 'version' => '0.46' }, { 'date' => '2009-09-07T14:15:59', 'version' => '0.48' }, { 'date' => '2009-09-07T15:21:24', 'version' => '0.50' }, { 'date' => '2009-11-08T23:24:39', 'version' => '0.51_01' }, { 'date' => '2009-11-13T16:17:59', 'version' => '0.52' }, { 'date' => '2009-11-15T22:04:56', 'version' => '0.54' }, { 'date' => '2010-02-03T14:21:25', 'version' => '0.56' }, { 'date' => '2010-04-29T20:06:40', 'version' => '0.58' }, { 'date' => '2010-07-05T08:10:45', 'version' => '0.60' }, { 'date' => '2010-10-19T14:53:57', 'version' => '0.62' }, { 'date' => '2010-10-19T18:09:00', 'version' => '0.64' }, { 'date' => '2010-11-23T12:11:55', 'version' => '0.66' }, { 'date' => '2011-01-07T22:28:30', 'version' => '0.68' }, { 'date' => '2011-01-31T20:40:13', 'version' => '0.70' }, { 'date' => '2011-05-10T13:07:15', 'version' => '0.71_01' }, { 'date' => '2011-05-26T12:01:30', 'version' => '0.71_02' }, { 'date' => '2011-05-26T12:46:44', 'version' => '0.71_03' }, { 'date' => '2011-06-22T11:34:08', 'version' => '0.72' }, { 'date' => '2012-01-30T10:35:24', 'version' => '0.74' }, { 'date' => '2012-01-30T11:34:12', 'version' => '0.76' }, { 'date' => '2012-04-30T18:52:04', 'version' => '0.78' }, { 'date' => '2013-03-02T22:15:43', 'version' => '0.80' }, { 'date' => '2013-06-29T21:17:06', 'version' => '0.82' }, { 'date' => '2013-08-06T09:28:59', 'version' => '0.84' }, { 'date' => '2013-09-05T19:34:47', 'version' => '0.85_01' }, { 'date' => '2013-10-10T13:09:11', 'version' => '0.85_02' }, { 'date' => '2013-11-04T14:18:01', 'version' => '0.86' }, { 'date' => '2013-11-15T14:47:57', 'version' => '0.88' }, { 'date' => '2013-11-18T15:12:15', 'version' => '0.90' }, { 'date' => '2014-01-22T20:01:22', 'version' => '0.92' }, { 'date' => '2016-02-12T19:01:25', 'version' => '0.94' }, { 'date' => '2016-07-28T10:19:44', 'version' => '0.96' }, { 'date' => '2017-05-12T16:05:02', 'version' => '0.98' }, { 'date' => '2018-02-14T16:21:01', 'version' => '1.00' }, { 'date' => '2018-05-03T08:53:01', 'version' => '1.02' }, { 'date' => '2019-07-13T09:17:39', 'version' => '1.04' } ] }, 'IPC-Run' => { 'advisories' => [ { 'affected_versions' => [ '<0.90', '=0.90_01', '=0.90_02' ], 'cves' => [], 'description' => 'INADDR_ANY can be your external ip, IPC::Run should only listen on localhost. ', 'distribution' => 'IPC-Run', 'fixed_versions' => '>=0.90', 'id' => 'CPANSA-IPC-Run-2009-01', 'references' => [ 'https://metacpan.org/dist/IPC-Run/changes', 'https://rt.cpan.org/Public/Bug/Display.html?id=49693' ], 'reported' => '2009-09-14' } ], 'main_module' => 'IPC::Run', 'versions' => [ { 'date' => '2000-05-22T05:10:41', 'version' => '0.1' }, { 'date' => '2000-06-01T06:12:25', 'version' => '0.2' }, { 'date' => '2000-06-02T16:53:04', 'version' => '0.21' }, { 'date' => '2000-06-03T12:34:23', 'version' => '0.3' }, { 'date' => '2000-06-06T18:48:56', 'version' => '0.32' }, { 'date' => '2000-06-08T10:24:28', 'version' => '0.33' }, { 'date' => '2000-06-08T10:41:19', 'version' => '0.34' }, { 'date' => '2000-06-15T19:06:43', 'version' => '0.4' }, { 'date' => '2000-08-17T14:33:30', 'version' => '0.42' }, { 'date' => '2000-10-02T21:20:49', 'version' => '0.44' }, { 'date' => '2001-11-11T04:21:36', 'version' => '0.5' }, { 'date' => '2001-11-12T07:19:27', 'version' => '0.51' }, { 'date' => '2001-12-01T06:05:11', 'version' => '0.54' }, { 'date' => '2001-12-01T21:54:11', 'version' => '0.55' }, { 'date' => '2001-12-02T13:48:12', 'version' => '0.56' }, { 'date' => '2001-12-06T20:33:30', 'version' => '0.6' }, { 'date' => '2001-12-07T09:31:12', 'version' => '0.61' }, { 'date' => '2002-01-01T20:42:40', 'version' => '0.62' }, { 'date' => '2002-02-27T17:14:16', 'version' => '0.63' }, { 'date' => '2002-03-14T17:14:53', 'version' => '0.64' }, { 'date' => '2002-03-27T11:42:32', 'version' => '0.66' }, { 'date' => '2002-04-26T15:04:45', 'version' => '0.7' }, { 'date' => '2002-05-06T13:23:28', 'version' => '0.71' }, { 'date' => '2002-05-09T15:58:13', 'version' => '0.72' }, { 'date' => '2002-05-22T13:20:13', 'version' => '0.73' }, { 'date' => '2002-05-23T13:48:23', 'version' => '0.74' }, { 'date' => '2003-01-28T17:59:36', 'version' => '0.75' }, { 'date' => '2003-09-26T19:35:48', 'version' => '0.77' }, { 'date' => '2004-03-09T06:22:24', 'version' => '0.78' }, { 'date' => '2005-01-19T23:50:56', 'version' => '0.79' }, { 'date' => '2006-03-10T15:30:59', 'version' => '0.80_91' }, { 'date' => '2006-05-10T20:00:28', 'version' => '0.80' }, { 'date' => '2008-10-15T09:59:57', 'version' => '0.81_01' }, { 'date' => '2008-12-18T12:01:25', 'version' => '0.82' }, { 'date' => '2009-07-09T16:38:18', 'version' => '0.83' }, { 'date' => '2009-07-13T00:59:41', 'version' => '0.84' }, { 'date' => '2010-03-23T05:12:54', 'version' => '0.85' }, { 'date' => '2010-03-24T20:11:05', 'version' => '0.86' }, { 'date' => '2010-03-29T18:03:50', 'version' => '0.87' }, { 'date' => '2010-03-30T18:14:22', 'version' => '0.88' }, { 'date' => '2010-04-01T04:48:26', 'version' => '0.89' }, { 'date' => '2011-06-03T04:41:40', 'version' => '0.90_01' }, { 'date' => '2011-06-29T04:15:08', 'version' => '0.90_02' }, { 'date' => '2011-07-01T04:18:30', 'version' => '0.90_03' }, { 'date' => '2011-07-03T20:10:42', 'version' => '0.90' }, { 'date' => '2012-01-25T05:16:00', 'version' => '0.91_01' }, { 'date' => '2012-02-15T04:50:23', 'version' => '0.91' }, { 'date' => '2012-08-22T15:00:56', 'version' => '0.92_01' }, { 'date' => '2012-08-30T15:26:42', 'version' => '0.92' }, { 'date' => '2014-12-11T05:59:50', 'version' => '0.93' }, { 'date' => '2014-12-11T07:48:28', 'version' => '0.93_01' }, { 'date' => '2014-12-14T07:23:31', 'version' => '0.94' }, { 'date' => '2016-04-13T03:11:26', 'version' => '0.94_01' }, { 'date' => '2016-04-14T05:15:22', 'version' => '0.94_02' }, { 'date' => '2017-04-25T01:29:03', 'version' => '0.95' }, { 'date' => '2017-05-12T13:48:34', 'version' => '0.96' }, { 'date' => '2018-03-26T21:45:38', 'version' => '0.97' }, { 'date' => '2018-03-29T18:52:43', 'version' => '0.98' }, { 'date' => '2018-03-30T22:49:37', 'version' => '0.99' }, { 'date' => '2018-05-23T17:24:25', 'version' => '20180523.0' }, { 'date' => '2020-05-05T20:57:23', 'version' => '20200505.0' }, { 'date' => '2022-08-07T12:50:57', 'version' => '20220807.0' }, { 'date' => '2023-10-03T01:09:01', 'version' => '20231003.0' } ] }, 'IPTables-Parse' => { 'advisories' => [ { 'affected_versions' => '<1.6', 'cves' => [ 'CVE-2015-8326' ], 'description' => 'The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. ', 'distribution' => 'IPTables-Parse', 'fixed_versions' => undef, 'id' => 'CPANSA-IPTables-Parse-2015-8326', 'references' => [ 'https://metacpan.org/source/MRASH/IPTables-Parse-1.6/Changes', 'https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87', 'https://bugzilla.redhat.com/show_bug.cgi?id=1267962', 'http://www.openwall.com/lists/oss-security/2015/11/24/10' ], 'reported' => '2017-06-07', 'severity' => 'medium' } ], 'main_module' => 'IPTables::Parse', 'versions' => [ { 'date' => '2008-10-26T23:15:50', 'version' => '0.7' }, { 'date' => '2012-02-27T02:20:58', 'version' => '0.8' }, { 'date' => '2012-02-27T02:22:29', 'version' => '0.9' }, { 'date' => '2012-02-29T02:51:44', 'version' => '1.0' }, { 'date' => '2012-03-03T03:56:08', 'version' => '1.1' }, { 'date' => '2015-02-25T02:08:58', 'version' => '1.1' }, { 'date' => '2015-03-01T20:15:52', 'version' => '1.3.1' }, { 'date' => '2015-03-01T20:50:07', 'version' => '1.4' }, { 'date' => '2015-09-09T13:53:26', 'version' => '1.5' }, { 'date' => '2015-11-07T21:08:49', 'version' => '1.6' }, { 'date' => '2015-11-30T01:16:22', 'version' => '1.6.1' } ] }, 'Image-ExifTool' => { 'advisories' => [ { 'affected_versions' => '<=12.37', 'cves' => [ 'CVE-2022-23935' ], 'description' => 'lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\\|$/ check, leading to command injection. ', 'distribution' => 'Image-ExifTool', 'fixed_versions' => '>12.38', 'id' => 'CPANSA-Image-ExifTool-2022-23935', 'references' => [ 'https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582', 'https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429' ], 'reported' => '2022-01-25', 'severity' => 'critical' } ], 'main_module' => 'Image::ExifTool', 'versions' => [ { 'date' => '2004-10-04T15:37:06', 'version' => '3.60' }, { 'date' => '2004-11-02T12:46:54', 'version' => '3.72' }, { 'date' => '2004-11-05T12:41:52', 'version' => '3.74' }, { 'date' => '2004-11-11T18:24:18', 'version' => '3.82' }, { 'date' => '2004-11-24T18:42:42', 'version' => '3.93' }, { 'date' => '2004-11-25T16:34:47', 'version' => '3.94' }, { 'date' => '2005-01-24T13:15:55', 'version' => '4.36' }, { 'date' => '2005-02-07T15:56:43', 'version' => '4.53' }, { 'date' => '2005-02-18T00:42:59', 'version' => '4.64' }, { 'date' => '2005-03-01T19:23:29', 'version' => '4.73' }, { 'date' => '2005-03-15T12:09:56', 'version' => '4.87' }, { 'date' => '2005-04-02T19:46:41', 'version' => '4.93' }, { 'date' => '2005-04-20T12:41:30', 'version' => '5.05' }, { 'date' => '2005-05-16T15:54:07', 'version' => '5.18' }, { 'date' => '2005-06-03T19:21:17', 'version' => '5.25' }, { 'date' => '2005-06-15T17:21:33', 'version' => '5.32' }, { 'date' => '2005-07-19T18:16:02', 'version' => '5.46' }, { 'date' => '2005-08-24T14:58:18', 'version' => '5.55' }, { 'date' => '2005-10-13T13:15:01', 'version' => '5.67' }, { 'date' => '2005-11-18T13:04:29', 'version' => '5.77' }, { 'date' => '2005-12-22T16:42:56', 'version' => '5.87' }, { 'date' => '2006-02-19T20:26:14', 'version' => '6.00' }, { 'date' => '2006-05-12T12:10:32', 'version' => '6.17' }, { 'date' => '2006-07-24T13:18:05', 'version' => '6.29' }, { 'date' => '2006-09-06T20:26:16', 'version' => '6.36' }, { 'date' => '2006-09-21T15:39:52', 'version' => '6.42' }, { 'date' => '2006-11-20T13:52:55', 'version' => '6.57' }, { 'date' => '2006-12-20T13:07:23', 'version' => '6.66' }, { 'date' => '2007-02-14T13:28:50', 'version' => '6.75' }, { 'date' => '2007-02-16T13:21:27', 'version' => '6.76' }, { 'date' => '2007-05-10T18:53:15', 'version' => '6.90' }, { 'date' => '2007-10-24T11:39:52', 'version' => '7.00' }, { 'date' => '2008-02-05T17:21:39', 'version' => '7.15' }, { 'date' => '2008-03-12T12:24:57', 'version' => '7.21' }, { 'date' => '2008-04-18T13:09:00', 'version' => '7.25' }, { 'date' => '2008-05-31T11:39:35', 'version' => '7.30' }, { 'date' => '2008-10-26T19:00:34', 'version' => '7.50' }, { 'date' => '2008-10-27T13:48:39', 'version' => '7.51' }, { 'date' => '2009-01-06T13:48:18', 'version' => '7.60' }, { 'date' => '2009-02-09T14:25:12', 'version' => '7.67' }, { 'date' => '2009-07-02T15:42:38', 'version' => '7.82' }, { 'date' => '2009-08-18T01:30:53', 'version' => '7.88' }, { 'date' => '2009-08-18T12:03:19', 'version' => '7.89' }, { 'date' => '2009-11-20T19:06:24', 'version' => '8.00' }, { 'date' => '2010-02-08T20:49:00', 'version' => '8.10' }, { 'date' => '2010-03-18T14:09:58', 'version' => '8.15' }, { 'date' => '2010-07-13T12:35:33', 'version' => '8.25' }, { 'date' => '2010-11-21T21:29:00', 'version' => '8.40' }, { 'date' => '2011-03-01T12:43:02', 'version' => '8.50' }, { 'date' => '2011-06-27T11:52:50', 'version' => '8.60' }, { 'date' => '2011-09-24T10:53:29', 'version' => '8.65' }, { 'date' => '2012-01-08T13:48:19', 'version' => '8.75' }, { 'date' => '2012-01-27T14:19:10', 'version' => '8.77' }, { 'date' => '2012-03-25T12:07:06', 'version' => '8.85' }, { 'date' => '2012-04-28T12:06:48', 'version' => '8.90' }, { 'date' => '2012-08-25T12:28:04', 'version' => '9.01' }, { 'date' => '2012-11-03T16:37:48', 'version' => '9.04' }, { 'date' => '2013-01-02T21:07:34', 'version' => '9.11' }, { 'date' => '2013-01-03T01:49:33', 'version' => '9.12' }, { 'date' => '2013-01-10T15:05:11', 'version' => '9.13' }, { 'date' => '2013-04-06T11:38:39', 'version' => '9.25' }, { 'date' => '2013-04-15T11:20:13', 'version' => '9.27' }, { 'date' => '2014-01-11T22:58:56', 'version' => '9.46' }, { 'date' => '2014-02-22T14:40:30', 'version' => '9.53' }, { 'date' => '2014-05-11T13:34:36', 'version' => '9.60' }, { 'date' => '2014-09-03T12:19:55', 'version' => '9.70' }, { 'date' => '2014-11-15T15:14:24', 'version' => '9.76' }, { 'date' => '2015-03-14T11:33:58', 'version' => '9.90' }, { 'date' => '2015-08-18T13:30:08', 'version' => '10.00' }, { 'date' => '2016-01-22T15:51:06', 'version' => '10.10' }, { 'date' => '2016-04-20T13:25:01', 'version' => '10.15' }, { 'date' => '2016-06-13T14:05:58', 'version' => '10.20' }, { 'date' => '2016-11-24T16:55:55', 'version' => '10.36' }, { 'date' => '2017-01-13T16:02:53', 'version' => '10.39' }, { 'date' => '2017-01-14T17:30:45', 'version' => '10.40' }, { 'date' => '2017-04-20T12:54:29', 'version' => '10.50' }, { 'date' => '2017-06-05T14:41:23', 'version' => '10.55' }, { 'date' => '2018-02-22T13:27:40', 'version' => '10.80' }, { 'date' => '2018-06-07T11:44:16', 'version' => '11.00' }, { 'date' => '2018-06-11T12:18:41', 'version' => '11.01' }, { 'date' => '2018-09-28T01:34:43', 'version' => '11.11' }, { 'date' => '2019-03-06T15:14:28', 'version' => '11.30' }, { 'date' => '2019-06-11T15:29:41', 'version' => '11.50' }, { 'date' => '2019-10-10T13:04:36', 'version' => '11.70' }, { 'date' => '2020-01-28T15:40:58', 'version' => '11.85' }, { 'date' => '2020-06-11T20:36:48', 'version' => '12.00' }, { 'date' => '2021-01-18T14:03:50', 'version' => '12.15' }, { 'date' => '2021-01-21T17:51:28', 'version' => '12.16' }, { 'date' => '2021-05-21T00:37:46', 'version' => '12.26' }, { 'date' => '2021-08-12T13:13:43', 'version' => '12.30' }, { 'date' => '2022-06-07T11:39:06', 'version' => '12.42' }, { 'date' => '2022-06-07T20:05:13', 'version' => '12.42' }, { 'date' => '2022-11-09T11:41:50', 'version' => '12.50' }, { 'date' => '2023-04-05T15:01:59', 'version' => '12.60' }, { 'date' => '2023-11-19T16:15:22', 'version' => '12.70' }, { 'date' => '2024-01-31T01:08:08', 'version' => '12.75' }, { 'date' => '2024-01-31T15:31:14', 'version' => '12.76' } ] }, 'Image-Info' => { 'advisories' => [ { 'affected_versions' => '>=2.12', 'cves' => [ 'CVE-2016-9181' ], 'description' => 'perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure. ', 'distribution' => 'Image-Info', 'fixed_versions' => undef, 'id' => 'CPANSA-Image-Info-2016-01', 'references' => [ 'http://www.securityfocus.com/bid/94220', 'http://www.openwall.com/lists/oss-security/2016/11/04/2' ], 'reported' => '2016-11-04' } ], 'main_module' => 'Image::Info', 'versions' => [ { 'date' => '1999-12-19T07:09:24', 'version' => '0.01' }, { 'date' => '1999-12-22T00:03:22', 'version' => '0.02' }, { 'date' => '1999-12-25T22:43:22', 'version' => '0.03' }, { 'date' => '2000-01-07T18:20:42', 'version' => '0.04' }, { 'date' => '2000-08-24T09:09:25', 'version' => '0.05' }, { 'date' => '2000-10-18T19:55:02', 'version' => '1.00' }, { 'date' => '2000-10-31T17:32:56', 'version' => '1.01' }, { 'date' => '2000-11-10T18:21:41', 'version' => '1.02' }, { 'date' => '2000-11-13T19:44:44', 'version' => '1.03' }, { 'date' => '2000-11-30T20:25:46', 'version' => '1.04' }, { 'date' => '2001-03-24T20:20:31', 'version' => '0.06' }, { 'date' => '2001-03-24T20:40:20', 'version' => '1.05' }, { 'date' => '2001-03-26T19:28:11', 'version' => '1.06' }, { 'date' => '2001-04-11T00:53:39', 'version' => '1.07' }, { 'date' => '2001-08-24T18:29:39', 'version' => '1.08' }, { 'date' => '2001-12-14T23:07:08', 'version' => '1.09' }, { 'date' => '2002-05-29T00:04:22', 'version' => '1.10' }, { 'date' => '2002-07-04T17:37:20', 'version' => '1.11' }, { 'date' => '2002-12-31T00:09:32', 'version' => '1.12' }, { 'date' => '2003-10-06T17:27:43', 'version' => '1.13' }, { 'date' => '2003-10-06T21:50:56', 'version' => '1.14' }, { 'date' => '2003-10-06T22:10:09', 'version' => '1.15' }, { 'date' => '2004-01-07T12:47:37', 'version' => '1.16' }, { 'date' => '2006-01-28T12:41:59', 'version' => '1.17' }, { 'date' => '2006-03-03T15:31:07', 'version' => '1.18' }, { 'date' => '2006-03-05T09:19:05', 'version' => '1.18' }, { 'date' => '2006-03-13T20:52:28', 'version' => '1.18' }, { 'date' => '2006-05-01T14:33:54', 'version' => '1.18' }, { 'date' => '2006-07-16T12:43:58', 'version' => '1.18' }, { 'date' => '2006-09-30T12:35:03', 'version' => '1.23' }, { 'date' => '2007-02-25T12:39:30', 'version' => '1.24' }, { 'date' => '2007-05-14T19:11:49', 'version' => '1.25' }, { 'date' => '2007-09-09T11:23:15', 'version' => '1.26' }, { 'date' => '2007-12-15T13:50:50', 'version' => '1.27' }, { 'date' => '2008-03-30T19:16:37', 'version' => '1.28' }, { 'date' => '2009-07-08T20:39:39', 'version' => '1.28_50' }, { 'date' => '2009-07-09T22:26:22', 'version' => '1.28_51' }, { 'date' => '2009-07-17T18:24:54', 'version' => '1.28_52' }, { 'date' => '2009-07-31T21:09:25', 'version' => '1.29' }, { 'date' => '2009-08-14T20:25:31', 'version' => '1.29_50' }, { 'date' => '2009-09-14T19:04:17', 'version' => '1.29_51' }, { 'date' => '2009-09-16T19:23:40', 'version' => '1.29_51' }, { 'date' => '2009-10-23T20:45:13', 'version' => '1.29_51' }, { 'date' => '2009-10-31T09:21:38', 'version' => '1.29_51' }, { 'date' => '2009-11-14T16:30:54', 'version' => '1.30_50' }, { 'date' => '2009-11-22T22:10:25', 'version' => '1.30_51' }, { 'date' => '2010-02-09T20:08:40', 'version' => '1.30_52' }, { 'date' => '2010-02-09T20:43:56', 'version' => '1.30_53' }, { 'date' => '2010-09-25T15:42:44', 'version' => '1.31' }, { 'date' => '2011-12-28T21:32:21', 'version' => '1.31_50' }, { 'date' => '2011-12-28T21:53:50', 'version' => '1.31_51' }, { 'date' => '2012-02-21T21:03:11', 'version' => '1.32' }, { 'date' => '2012-10-23T19:59:15', 'version' => '1.32_50' }, { 'date' => '2012-10-24T20:24:17', 'version' => '1.32_51' }, { 'date' => '2012-10-25T21:49:45', 'version' => '1.32_52' }, { 'date' => '2012-11-03T19:12:43', 'version' => '1.33' }, { 'date' => '2013-01-27T13:49:04', 'version' => '1.33_50' }, { 'date' => '2013-01-28T11:15:59', 'version' => '1.33_51' }, { 'date' => '2013-01-29T16:18:27', 'version' => '1.34' }, { 'date' => '2013-04-03T20:29:08', 'version' => '1.34_50' }, { 'date' => '2013-04-10T19:22:43', 'version' => '1.35' }, { 'date' => '2013-05-06T10:32:44', 'version' => '1.35_50' }, { 'date' => '2013-06-28T08:29:45', 'version' => '1.35_51' }, { 'date' => '2013-07-05T08:23:26', 'version' => '1.36' }, { 'date' => '2014-12-19T23:10:31', 'version' => '1.36_51' }, { 'date' => '2014-12-29T22:23:42', 'version' => '1.36_52' }, { 'date' => '2014-12-31T08:44:32', 'version' => '1.37' }, { 'date' => '2015-04-20T05:00:55', 'version' => '1.38' }, { 'date' => '2016-10-01T15:35:13', 'version' => '1.38_50' }, { 'date' => '2016-10-01T17:43:27', 'version' => '1.38_51' }, { 'date' => '2016-10-08T09:00:58', 'version' => '1.39' }, { 'date' => '2017-03-19T20:16:19', 'version' => '1.39_50' }, { 'date' => '2017-03-21T19:05:30', 'version' => '1.40' }, { 'date' => '2017-06-30T17:22:28', 'version' => '1.40_50' }, { 'date' => '2017-07-12T16:34:02', 'version' => '1.41' }, { 'date' => '2019-10-16T19:12:33', 'version' => '1.41_50' }, { 'date' => '2019-10-19T06:46:49', 'version' => '1.42' }, { 'date' => '2022-07-17T15:58:54', 'version' => '1.42_50' }, { 'date' => '2022-10-03T17:54:30', 'version' => '1.43' }, { 'date' => '2023-07-25T18:26:43', 'version' => '1.43_50' }, { 'date' => '2023-08-03T17:14:43', 'version' => '1.44' } ] }, 'Imager' => { 'advisories' => [ { 'affected_versions' => '<1.006', 'cves' => [ 'CVE-2016-1238' ], 'description' => 'Imager would search the default current directory entry in @INC when searching for file format support modules. ', 'distribution' => 'Imager', 'fixed_versions' => '>=1.006', 'id' => 'CPANSA-Imager-2016-1238', 'references' => [ 'https://metacpan.org/dist/Imager/changes', 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'reviewed_by' => [ { 'date' => '2022-06-23', 'email' => 'rrwo@cpan.org', 'name' => 'Robert Rothenberg' } ], 'severity' => 'high' }, { 'affected_versions' => '>=0.42,<=0.63', 'cves' => [ 'CVE-2008-1928' ], 'description' => 'Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels. ', 'distribution' => 'Imager', 'fixed_versions' => '>=0.64', 'id' => 'CPANSA-Imager-2008-1928', 'references' => [ 'https://metacpan.org/dist/Imager/changes', 'http://rt.cpan.org/Public/Bug/Display.html?id=35324', 'http://imager.perl.org/i/release064/Imager_0_64', 'https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00569.html', 'http://www.securityfocus.com/bid/28980', 'http://secunia.com/advisories/30030', 'http://secunia.com/advisories/30011', 'http://www.vupen.com/english/advisories/2008/1387/references', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/41986' ], 'reported' => '2008-04-24', 'reviewed_by' => [ { 'date' => '2022-06-23', 'email' => 'rrwo@cpan.org', 'name' => 'Robert Rothenberg' } ], 'severity' => undef }, { 'affected_versions' => '>=0.21,<=0.56', 'cves' => [ 'CVE-2007-2459' ], 'description' => 'Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files. ', 'distribution' => 'Imager', 'fixed_versions' => '>=0.57', 'id' => 'CPANSA-Imager-2007-2459', 'references' => [ 'http://imager.perl.org/a/65.html', 'http://rt.cpan.org/Public/Bug/Display.html?id=26811', 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582', 'http://www.debian.org/security/2008/dsa-1498', 'http://www.securityfocus.com/bid/23711', 'http://secunia.com/advisories/25038', 'http://secunia.com/advisories/28868', 'http://osvdb.org/39846', 'http://www.vupen.com/english/advisories/2007/1587', 'http://osvdb.org/35470', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/34010' ], 'reported' => '2007-05-02', 'reviewed_by' => [ { 'date' => '2022-06-23', 'email' => 'rrwo@cpan.org', 'name' => 'Robert Rothenberg' } ], 'severity' => undef }, { 'affected_versions' => '<0.98', 'cves' => [], 'description' => 'When drawing on an image with an alpha channel where the source minimum is greater than zero, Imager would read from beyond the end of a malloc() allocated buffer. In rare circumstances this could lead to some of the source image not being written to the target image, or possibly to a segmentation fault. ', 'distribution' => 'Imager', 'fixed_versions' => '>=0.98', 'id' => 'CPANSA-Imager-2014-01', 'references' => [ 'https://metacpan.org/dist/Imager/changes' ], 'reported' => '2014-01-03', 'severity' => undef } ], 'main_module' => 'Imager', 'versions' => [ { 'date' => '1999-07-19T14:26:37', 'version' => '0.21' }, { 'date' => '2000-01-03T20:14:03', 'version' => '0.27' }, { 'date' => '2000-01-04T11:16:56', 'version' => '0.28' }, { 'date' => '2000-01-05T10:48:05', 'version' => '0.29' }, { 'date' => '2000-01-16T12:52:22', 'version' => '0.31' }, { 'date' => '2000-03-04T13:28:32', 'version' => '0.32' }, { 'date' => '2001-01-29T00:50:14', 'version' => '0.35' }, { 'date' => '2001-01-29T15:06:27', 'version' => '0.36' }, { 'date' => '2001-01-31T05:02:15', 'version' => '0.37' }, { 'date' => '2001-05-21T16:21:08', 'version' => '0.38' }, { 'date' => '2001-11-02T21:39:20', 'version' => '0.39' }, { 'date' => '2002-04-11T15:09:57', 'version' => '0.40' }, { 'date' => '2002-04-12T12:07:29', 'version' => '0.41' }, { 'date' => '2004-01-04T12:47:37', 'version' => '0.42' }, { 'date' => '2004-02-17T07:53:52', 'version' => '0.43' }, { 'date' => '2004-12-07T23:58:16', 'version' => '0.43_03' }, { 'date' => '2004-12-15T13:02:40', 'version' => '0.44' }, { 'date' => '2005-05-24T07:08:15', 'version' => '0.44_01' }, { 'date' => '2005-05-30T04:41:43', 'version' => '0.45' }, { 'date' => '2005-12-12T04:07:30', 'version' => '0.45_02' }, { 'date' => '2005-12-20T00:13:31', 'version' => '0.46' }, { 'date' => '2005-12-30T06:05:50', 'version' => '0.47' }, { 'date' => '2006-02-21T06:09:30', 'version' => '0.47_01' }, { 'date' => '2006-03-03T05:06:46', 'version' => '0.48' }, { 'date' => '2006-03-07T01:04:03', 'version' => '0.49' }, { 'date' => '2006-03-28T04:31:56', 'version' => '0.49_01' }, { 'date' => '2006-03-29T00:31:03', 'version' => '0.50' }, { 'date' => '2006-04-23T14:29:42', 'version' => '0.51' }, { 'date' => '2006-06-28T13:38:48', 'version' => '0.51_01' }, { 'date' => '2006-07-04T14:03:23', 'version' => '0.51_02' }, { 'date' => '2006-07-19T00:58:22', 'version' => '0.51_03' }, { 'date' => '2006-07-25T05:09:08', 'version' => '0.52' }, { 'date' => '2006-07-27T01:01:57', 'version' => '0.53' }, { 'date' => '2006-09-14T07:58:27', 'version' => '0.54' }, { 'date' => '2006-12-16T22:31:19', 'version' => '0.55' }, { 'date' => '2007-04-01T12:30:34', 'version' => '0.56' }, { 'date' => '2007-04-30T08:49:39', 'version' => '0.57' }, { 'date' => '2007-05-11T11:00:18', 'version' => '0.57_01' }, { 'date' => '2007-05-16T12:49:23', 'version' => '0.58' }, { 'date' => '2007-06-14T07:33:05', 'version' => '0.59' }, { 'date' => '2007-08-30T07:51:36', 'version' => '0.60' }, { 'date' => '2007-11-05T07:53:45', 'version' => '0.61' }, { 'date' => '2007-11-28T10:06:27', 'version' => '0.61_02' }, { 'date' => '2007-12-10T08:31:12', 'version' => '0.62' }, { 'date' => '2008-04-07T08:49:14', 'version' => '0.63' }, { 'date' => '2008-04-23T04:10:18', 'version' => '0.64' }, { 'date' => '2008-05-20T06:34:48', 'version' => '0.65' }, { 'date' => '2008-12-12T11:57:40', 'version' => '0.67' }, { 'date' => '2009-09-02T07:05:11', 'version' => '0.67_01' }, { 'date' => '2009-09-07T05:14:24', 'version' => '0.68' }, { 'date' => '2009-09-08T09:23:38', 'version' => '0.69' }, { 'date' => '2009-09-21T03:36:15', 'version' => '0.70' }, { 'date' => '2009-11-16T04:15:54', 'version' => '0.71' }, { 'date' => '2009-11-30T07:17:33', 'version' => '0.71_01' }, { 'date' => '2009-12-01T09:06:53', 'version' => '0.71_02' }, { 'date' => '2009-12-04T14:21:49', 'version' => '0.71_03' }, { 'date' => '2009-12-10T00:44:51', 'version' => '0.72' }, { 'date' => '2010-03-15T07:24:59', 'version' => '0.73' }, { 'date' => '2010-05-06T14:29:21', 'version' => '0.74' }, { 'date' => '2010-06-20T10:47:23', 'version' => '0.75' }, { 'date' => '2010-08-06T10:49:44', 'version' => '0.75_01' }, { 'date' => '2010-08-07T01:48:37', 'version' => '0.75_02' }, { 'date' => '2010-08-09T12:49:36', 'version' => '0.75_03' }, { 'date' => '2010-08-11T09:33:24', 'version' => '0.77' }, { 'date' => '2010-09-13T10:48:57', 'version' => '0.77_01' }, { 'date' => '2010-09-27T04:59:03', 'version' => '0.77_02' }, { 'date' => '2010-10-04T09:00:26', 'version' => '0.78' }, { 'date' => '2010-12-11T01:09:12', 'version' => '0.79' }, { 'date' => '2011-01-17T07:43:35', 'version' => '0.80' }, { 'date' => '2011-02-14T08:22:57', 'version' => '0.81' }, { 'date' => '2011-03-14T12:18:07', 'version' => '0.82' }, { 'date' => '2011-05-17T11:15:02', 'version' => '0.82_01' }, { 'date' => '2011-05-20T14:07:44', 'version' => '0.83' }, { 'date' => '2011-06-20T12:54:05', 'version' => '0.84' }, { 'date' => '2011-08-08T12:39:58', 'version' => '0.84_01' }, { 'date' => '2011-08-22T09:28:25', 'version' => '0.84_02' }, { 'date' => '2011-08-29T09:19:04', 'version' => '0.85' }, { 'date' => '2011-10-10T07:22:51', 'version' => '0.85_01' }, { 'date' => '2011-10-24T10:14:57', 'version' => '0.85_02' }, { 'date' => '2011-10-31T10:37:15', 'version' => '0.86' }, { 'date' => '2012-01-03T05:27:14', 'version' => '0.87' }, { 'date' => '2012-02-22T05:13:09', 'version' => '0.88' }, { 'date' => '2012-03-18T01:45:35', 'version' => '0.89' }, { 'date' => '2012-04-30T09:09:02', 'version' => '0.90' }, { 'date' => '2012-06-04T12:27:17', 'version' => '0.91' }, { 'date' => '2012-08-14T09:53:38', 'version' => '0.92' }, { 'date' => '2012-08-18T01:41:22', 'version' => '0.92_01' }, { 'date' => '2012-10-15T10:15:07', 'version' => '0.93' }, { 'date' => '2012-11-12T10:44:54', 'version' => '0.93_01' }, { 'date' => '2012-11-25T00:13:16', 'version' => '0.93_02' }, { 'date' => '2012-12-14T22:59:55', 'version' => '0.94' }, { 'date' => '2013-03-02T08:34:07', 'version' => '0.94_01' }, { 'date' => '2013-04-05T06:19:32', 'version' => '0.94_02' }, { 'date' => '2013-04-19T12:13:27', 'version' => '0.95' }, { 'date' => '2013-05-19T04:27:19', 'version' => '0.96' }, { 'date' => '2013-07-01T13:21:32', 'version' => '0.96_01' }, { 'date' => '2013-07-09T13:46:48', 'version' => '0.96_02' }, { 'date' => '2013-07-15T09:52:06', 'version' => '0.97' }, { 'date' => '2014-01-02T22:22:03', 'version' => '0.98' }, { 'date' => '2014-06-25T11:36:29', 'version' => '0.99' }, { 'date' => '2014-06-29T05:06:45', 'version' => '0.99_01' }, { 'date' => '2014-07-21T09:16:17', 'version' => '0.99_02' }, { 'date' => '2014-07-29T09:13:55', 'version' => '1.000' }, { 'date' => '2015-01-02T03:34:59', 'version' => '1.001' }, { 'date' => '2015-04-03T01:31:26', 'version' => '1.002' }, { 'date' => '2015-05-12T08:11:18', 'version' => '1.003' }, { 'date' => '2015-11-08T09:45:59', 'version' => '1.004' }, { 'date' => '2016-03-16T08:35:26', 'version' => '1.004_001' }, { 'date' => '2016-03-20T01:27:53', 'version' => '1.004_002' }, { 'date' => '2016-03-23T09:34:13', 'version' => '1.004_003' }, { 'date' => '2016-04-15T05:58:07', 'version' => '1.004_004' }, { 'date' => '2016-04-16T00:01:33', 'version' => '1.005' }, { 'date' => '2017-08-26T04:27:06', 'version' => '1.006' }, { 'date' => '2018-11-24T01:47:34', 'version' => '1.007' }, { 'date' => '2018-12-31T10:04:02', 'version' => '1.008' }, { 'date' => '2019-01-11T09:10:13', 'version' => '1.009' }, { 'date' => '2019-02-13T08:14:07', 'version' => '1.010' }, { 'date' => '2019-03-07T03:20:03', 'version' => '1.011' }, { 'date' => '2020-06-14T03:26:02', 'version' => '1.012' }, { 'date' => '2022-04-27T05:18:23', 'version' => '1.013' }, { 'date' => '2022-04-28T07:22:51', 'version' => '1.014' }, { 'date' => '2022-05-07T04:35:16', 'version' => '1.015' }, { 'date' => '2022-06-12T05:27:23', 'version' => '1.016' }, { 'date' => '2022-06-14T09:55:03', 'version' => '1.017' }, { 'date' => '2022-06-19T12:04:12', 'version' => '1.018' }, { 'date' => '2022-07-09T03:41:29', 'version' => '1.019' }, { 'date' => '2023-11-12T06:55:05', 'version' => '1.020' }, { 'date' => '2023-12-01T06:53:47', 'version' => '1.021' }, { 'date' => '2023-12-02T23:32:54', 'version' => '1.022' }, { 'date' => '2024-01-19T03:18:43', 'version' => '1.023' } ] }, 'Jifty' => { 'advisories' => [ { 'affected_versions' => '<1.10518', 'cves' => [], 'description' => 'The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting \'/some/safe/place/../../../dangerous\' as a fragment. ', 'distribution' => 'Jifty', 'fixed_versions' => '>=1.10518', 'id' => 'CPANSA-Jifty-2011-01', 'references' => [ 'https://metacpan.org/dist/Jifty/changes' ], 'reported' => '2011-03-17' }, { 'affected_versions' => '<0.90409', 'cves' => [], 'description' => 'The REST plugin would let you call any method on the model. ', 'distribution' => 'Jifty', 'fixed_versions' => '>=0.90409', 'id' => 'CPANSA-Jifty-2009-01', 'references' => [ 'https://metacpan.org/dist/Jifty/changes' ], 'reported' => '2009-04-09' }, { 'affected_versions' => '<0.70408', 'cves' => [], 'description' => 'Allowed all actions on GET. ', 'distribution' => 'Jifty', 'fixed_versions' => '>=0.80408', 'id' => 'CPANSA-Jifty-2008-01', 'references' => [ 'https://metacpan.org/dist/Jifty/changes' ], 'reported' => '2009-04-08' }, { 'affected_versions' => '<0.60706', 'cves' => [], 'description' => 'Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files. ', 'distribution' => 'Jifty', 'fixed_versions' => '>=0.60706', 'id' => 'CPANSA-Jifty-2006-01', 'references' => [ 'https://metacpan.org/dist/Jifty/changes' ], 'reported' => '2006-07-06' } ], 'main_module' => 'Jifty', 'versions' => [ { 'date' => '2005-12-25T08:19:39', 'version' => '0.51225' }, { 'date' => '2005-12-28T17:23:39', 'version' => '0.51228' }, { 'date' => '2006-02-14T04:15:03', 'version' => '0.60213' }, { 'date' => '2006-02-22T04:57:24', 'version' => '0.60213' }, { 'date' => '2006-03-21T23:10:58', 'version' => '0.60213' }, { 'date' => '2006-05-05T18:56:21', 'version' => '0.60321' }, { 'date' => '2006-05-08T14:38:03', 'version' => '0.60507' }, { 'date' => '2006-06-15T14:01:15', 'version' => '0.60714' }, { 'date' => '2006-06-16T12:16:03', 'version' => '0.60616' }, { 'date' => '2006-07-07T04:32:27', 'version' => '0.60706' }, { 'date' => '2006-07-07T05:54:06', 'version' => '0.60707' }, { 'date' => '2006-07-23T00:27:10', 'version' => '0.60722' }, { 'date' => '2006-09-13T00:25:58', 'version' => '0.60912' }, { 'date' => '2006-11-24T03:39:06', 'version' => '0.61123_01' }, { 'date' => '2007-01-17T04:52:58', 'version' => '0.70116' }, { 'date' => '2007-01-17T20:49:04', 'version' => '0.70117' }, { 'date' => '2007-04-17T18:45:55', 'version' => '0.70415' }, { 'date' => '2007-04-23T01:08:41', 'version' => '0.70422' }, { 'date' => '2007-08-24T04:20:59', 'version' => '0.70824' }, { 'date' => '2007-11-29T22:13:17', 'version' => '0.71129' }, { 'date' => '2008-04-08T21:15:29', 'version' => '0.80408' }, { 'date' => '2009-04-09T23:10:34', 'version' => '0.90409' }, { 'date' => '2009-05-20T01:14:48', 'version' => '0.90519' }, { 'date' => '2009-06-30T17:41:18', 'version' => '0.90519' }, { 'date' => '2009-07-01T19:08:14', 'version' => '0.90519' }, { 'date' => '2009-11-18T00:08:35', 'version' => '0.90701' }, { 'date' => '2010-12-09T23:08:09', 'version' => '1.01209' }, { 'date' => '2011-02-14T22:10:50', 'version' => '1.10214' }, { 'date' => '2011-02-28T16:22:26', 'version' => '1.10228' }, { 'date' => '2011-05-18T18:12:42', 'version' => '1.10518' }, { 'date' => '2015-04-30T20:48:27', 'version' => '1.50430' } ] }, 'Jifty-DBI' => { 'advisories' => [ { 'affected_versions' => '<0.68', 'cves' => [], 'description' => 'SQL injection in column names, operators, order and group by. ', 'distribution' => 'Jifty-DBI', 'fixed_versions' => '>=0.68', 'id' => 'CPANSA-Jifty-DBI-2011-01', 'references' => [ 'https://metacpan.org/dist/Jifty-DBI/changes', 'https://metacpan.org/dist/Jifty/changes' ], 'reported' => '2011-04-04' } ], 'main_module' => 'Jifty::DBI', 'versions' => [ { 'date' => '2005-11-08T21:32:52', 'version' => '0.02' }, { 'date' => '2005-11-26T07:21:20', 'version' => '0.05_01' }, { 'date' => '2005-12-23T20:48:59', 'version' => '0.06' }, { 'date' => '2005-12-24T04:29:10', 'version' => '0.06' }, { 'date' => '2005-12-25T19:37:31', 'version' => '0.08' }, { 'date' => '2005-12-29T13:31:40', 'version' => '0.09' }, { 'date' => '2006-01-08T10:05:05', 'version' => '0.10' }, { 'date' => '2006-01-15T17:22:14', 'version' => '0.11' }, { 'date' => '2006-03-05T01:55:32', 'version' => '0.15' }, { 'date' => '2006-03-05T02:07:03', 'version' => '0.15' }, { 'date' => '2006-03-31T13:22:16', 'version' => '0.18' }, { 'date' => '2006-04-02T10:05:36', 'version' => '0.19' }, { 'date' => '2006-04-21T16:27:47', 'version' => '0.20' }, { 'date' => '2006-05-03T18:26:47', 'version' => '0.20' }, { 'date' => '2006-06-15T12:17:00', 'version' => '0.21' }, { 'date' => '2006-09-12T22:56:59', 'version' => '0.25' }, { 'date' => '2006-11-13T16:15:30', 'version' => '0.25' }, { 'date' => '2006-11-24T03:15:46', 'version' => '0.25' }, { 'date' => '2007-01-17T20:34:50', 'version' => '0.25' }, { 'date' => '2007-01-26T11:55:26', 'version' => '0.31' }, { 'date' => '2007-01-26T12:22:07', 'version' => '0.39_99' }, { 'date' => '2007-01-26T12:56:35', 'version' => '0.32' }, { 'date' => '2007-01-26T13:34:03', 'version' => '0.39_999' }, { 'date' => '2007-01-28T13:30:21', 'version' => '0.32' }, { 'date' => '2007-04-15T15:26:52', 'version' => '0.39_9999' }, { 'date' => '2007-04-16T20:21:33', 'version' => '0.41' }, { 'date' => '2007-08-24T04:20:36', 'version' => '0.43' }, { 'date' => '2007-10-26T16:48:22', 'version' => '0.43' }, { 'date' => '2007-11-07T17:27:17', 'version' => '0.46' }, { 'date' => '2007-11-16T21:28:33', 'version' => '0.46' }, { 'date' => '2007-11-29T21:38:34', 'version' => '0.46' }, { 'date' => '2008-04-08T03:05:48', 'version' => '0.49' }, { 'date' => '2009-03-25T19:32:29', 'version' => '0.53' }, { 'date' => '2009-05-19T12:33:45', 'version' => '0.53' }, { 'date' => '2009-07-14T07:29:33', 'version' => '0.53' }, { 'date' => '2009-11-19T01:16:21', 'version' => '0.59' }, { 'date' => '2010-01-04T18:04:58', 'version' => '0.60' }, { 'date' => '2010-12-08T20:15:10', 'version' => '0.63' }, { 'date' => '2010-12-08T20:24:47', 'version' => '0.64' }, { 'date' => '2011-02-14T21:27:51', 'version' => '0.66' }, { 'date' => '2011-02-28T16:00:37', 'version' => '0.67' }, { 'date' => '2011-04-14T16:20:25', 'version' => '0.68' }, { 'date' => '2011-05-17T19:54:33', 'version' => '0.69' }, { 'date' => '2011-06-15T20:46:39', 'version' => '0.70' }, { 'date' => '2011-06-17T20:39:50', 'version' => '0.71' }, { 'date' => '2011-10-17T16:45:06', 'version' => '0.72' }, { 'date' => '2012-01-25T21:39:16', 'version' => '0.73' }, { 'date' => '2012-01-25T21:45:14', 'version' => '0.74' }, { 'date' => '2013-01-29T20:18:33', 'version' => '0.75' }, { 'date' => '2013-06-17T22:14:37', 'version' => '0.76' }, { 'date' => '2013-12-01T18:11:35', 'version' => '0.77' }, { 'date' => '2015-04-30T19:16:36', 'version' => '0.78' } ] }, 'Kelp' => { 'advisories' => [ { 'affected_versions' => '<0.9001', 'cves' => [], 'description' => 'X-Real-IP, X-Forwarded-Host and X-Remote-User headers were trusted and used in Kelp::Request ', 'distribution' => 'Kelp', 'fixed_versions' => '>=0.9001', 'id' => 'CPANSA-Kelp-2014-01', 'references' => [ 'https://metacpan.org/dist/Kelp/changes', 'https://github.com/sgnix/kelp/commit/9f8f5a5215bdc1685a671c1157132a65727aadff' ], 'reported' => '2014-05-30', 'reviewed_by' => [ { 'date' => '2022-06-28', 'email' => 'rrwo@cpan.org', 'name' => 'Robert Rothenberg' } ] } ], 'main_module' => 'Kelp', 'versions' => [ { 'date' => '2013-04-12T17:16:52', 'version' => '0.1' }, { 'date' => '2013-04-12T17:39:48', 'version' => '0.11' }, { 'date' => '2013-04-14T01:05:22', 'version' => '0.2' }, { 'date' => '2013-04-16T21:52:38', 'version' => '0.21' }, { 'date' => '2013-04-17T04:59:31', 'version' => '0.215' }, { 'date' => '2013-04-17T13:16:42', 'version' => '0.216' }, { 'date' => '2013-04-17T19:13:12', 'version' => '0.217' }, { 'date' => '2013-04-20T01:47:43', 'version' => '0.218' }, { 'date' => '2013-04-20T20:27:42', 'version' => '0.2181' }, { 'date' => '2013-05-02T16:45:58', 'version' => '0.2182' }, { 'date' => '2013-05-06T03:44:19', 'version' => '0.219' }, { 'date' => '2013-05-14T20:01:26', 'version' => '0.2191' }, { 'date' => '2013-05-25T21:37:51', 'version' => '0.3001' }, { 'date' => '2013-06-14T05:59:18', 'version' => '0.3101' }, { 'date' => '2013-06-16T15:38:29', 'version' => '0.3102' }, { 'date' => '2013-07-03T02:34:18', 'version' => '0.4001' }, { 'date' => '2013-07-05T17:36:59', 'version' => '0.4011' }, { 'date' => '2013-07-05T22:46:46', 'version' => '0.4012' }, { 'date' => '2013-08-15T03:19:01', 'version' => '0.4501' }, { 'date' => '2013-11-11T18:10:07', 'version' => '0.455' }, { 'date' => '2013-11-20T05:15:34', 'version' => '0.456' }, { 'date' => '2014-03-02T17:34:04', 'version' => '0.457' }, { 'date' => '2014-03-27T16:29:16', 'version' => '0.4601' }, { 'date' => '2014-03-31T22:46:22', 'version' => '0.4602' }, { 'date' => '2014-05-31T00:52:57', 'version' => '0.9001' }, { 'date' => '2014-07-13T00:41:29', 'version' => '0.9012' }, { 'date' => '2014-08-08T17:57:48', 'version' => '0.9015' }, { 'date' => '2014-12-15T07:02:58', 'version' => '0.9021' }, { 'date' => '2015-04-03T00:32:47', 'version' => '0.9051' }, { 'date' => '2015-08-11T06:50:14', 'version' => '0.9071' }, { 'date' => '2016-11-09T00:00:02', 'version' => '0.9081' }, { 'date' => '2017-12-28T21:08:47', 'version' => '1.01' }, { 'date' => '2018-01-08T16:43:42', 'version' => '1.02' }, { 'date' => '2021-01-12T14:26:40', 'version' => '1.03' }, { 'date' => '2021-01-14T15:00:50', 'version' => '1.03_1' }, { 'date' => '2021-01-16T16:53:41', 'version' => '1.03_2' }, { 'date' => '2021-01-18T21:15:56', 'version' => '1.04' }, { 'date' => '2021-01-21T12:12:36', 'version' => '1.04_01' }, { 'date' => '2021-01-21T17:15:38', 'version' => '1.05' }, { 'date' => '2022-05-09T21:07:41', 'version' => '1.06' } ] }, 'Kossy' => { 'advisories' => [ { 'affected_versions' => '<0.60', 'cves' => [], 'description' => 'Flaw in defense from JSON hijacking. ', 'distribution' => 'Kossy', 'fixed_versions' => '>=0.60', 'id' => 'CPANSA-Kossy-2021-01', 'references' => [ 'https://github.com/kazeburo/Kossy/pull/16' ], 'reported' => '2021-08-29', 'severity' => undef } ], 'main_module' => 'Kossy', 'versions' => [ { 'date' => '2011-11-29T08:45:37', 'version' => '0.05' }, { 'date' => '2012-01-05T01:58:20', 'version' => '0.06' }, { 'date' => '2012-02-17T03:11:05', 'version' => '0.07' }, { 'date' => '2012-04-24T10:06:21', 'version' => '0.08' }, { 'date' => '2012-05-17T08:52:24', 'version' => '0.09' }, { 'date' => '2012-06-19T02:16:23', 'version' => '0.10' }, { 'date' => '2012-07-24T12:51:12', 'version' => '0.11' }, { 'date' => '2012-08-24T09:24:50', 'version' => '0.12' }, { 'date' => '2012-12-05T02:26:49', 'version' => '0.13' }, { 'date' => '2013-03-14T13:28:06', 'version' => '0.14' }, { 'date' => '2013-04-04T15:38:05', 'version' => '0.14' }, { 'date' => '2013-07-16T04:32:43', 'version' => '0.16' }, { 'date' => '2013-07-16T04:40:39', 'version' => '0.17' }, { 'date' => '2013-08-08T07:08:09', 'version' => '0.18' }, { 'date' => '2013-08-30T07:04:23', 'version' => '0.19' }, { 'date' => '2013-10-09T06:49:21', 'version' => '0.20' }, { 'date' => '2013-10-10T06:42:16', 'version' => '0.21' }, { 'date' => '2013-10-15T02:46:09', 'version' => '0.22' }, { 'date' => '2013-10-21T05:21:48', 'version' => '0.23' }, { 'date' => '2013-10-31T04:44:36', 'version' => '0.24' }, { 'date' => '2013-11-06T02:29:36', 'version' => '0.25' }, { 'date' => '2013-11-12T02:17:30', 'version' => '0.26' }, { 'date' => '2013-11-12T05:48:05', 'version' => '0.27' }, { 'date' => '2013-11-28T01:33:03', 'version' => '0.28' }, { 'date' => '2014-02-12T04:48:29', 'version' => '0.30' }, { 'date' => '2014-02-12T04:56:17', 'version' => '0.31' }, { 'date' => '2014-02-19T06:55:53', 'version' => '0.32' }, { 'date' => '2014-02-19T16:20:13', 'version' => '0.33' }, { 'date' => '2014-02-19T17:19:43', 'version' => '0.34' }, { 'date' => '2014-05-28T15:13:06', 'version' => '0.34' }, { 'date' => '2014-05-28T15:51:34', 'version' => '0.34' }, { 'date' => '2014-05-28T16:50:27', 'version' => '0.37' }, { 'date' => '2014-05-29T06:37:53', 'version' => '0.38' }, { 'date' => '2014-10-20T05:47:47', 'version' => '0.39' }, { 'date' => '2016-07-19T15:04:31', 'version' => '0.40' }, { 'date' => '2021-08-26T13:50:58', 'version' => '0.50' }, { 'date' => '2021-09-16T12:04:39', 'version' => '0.60' }, { 'date' => '2023-11-06T14:27:18', 'version' => '0.61' }, { 'date' => '2023-11-09T08:57:59', 'version' => '0.62' }, { 'date' => '2023-11-13T02:24:42', 'version' => '0.63' } ] }, 'LWP-Protocol-Net-Curl' => { 'advisories' => [ { 'affected_versions' => '<0.009', 'cves' => [], 'description' => 'Misconfiguration with libcurl v7.28.1 causes a HTTPS validation issues. ', 'distribution' => 'LWP-Protocol-Net-Curl', 'fixed_versions' => '>=0.009', 'id' => 'CPANSA-LWP-Protocol-Net-Curl-2012-01', 'references' => [ 'https://metacpan.org/changes/distribution/LWP-Protocol-Net-Curl', 'https://github.com/creaktive/LWP-Protocol-Net-Curl/commit/dc8b183c6520a2b6bcde685de635675ee4a7e019' ], 'reported' => '2012-11-28' } ], 'main_module' => 'LWP::Protocol::Net::Curl', 'versions' => [ { 'date' => '2012-10-24T18:49:20', 'version' => '0.001' }, { 'date' => '2012-10-26T20:05:13', 'version' => '0.002' }, { 'date' => '2012-10-29T18:55:46', 'version' => '0.003' }, { 'date' => '2012-10-31T13:01:46', 'version' => '0.004' }, { 'date' => '2012-11-01T15:17:14', 'version' => '0.005' }, { 'date' => '2012-11-12T12:23:09', 'version' => '0.006' }, { 'date' => '2012-11-13T14:33:10', 'version' => '0.007' }, { 'date' => '2012-11-25T22:38:58', 'version' => '0.008' }, { 'date' => '2012-11-28T19:03:10', 'version' => '0.009' }, { 'date' => '2012-12-07T00:13:55', 'version' => '0.010' }, { 'date' => '2012-12-18T12:05:00', 'version' => '0.011' }, { 'date' => '2013-02-08T11:00:04', 'version' => '0.012' }, { 'date' => '2013-02-11T01:56:30', 'version' => '0.013' }, { 'date' => '2013-02-16T12:51:03', 'version' => '0.014' }, { 'date' => '2013-05-13T21:41:47', 'version' => '0.015' }, { 'date' => '2013-05-18T22:12:03', 'version' => '0.016' }, { 'date' => '2013-07-13T12:22:34', 'version' => '0.017' }, { 'date' => '2013-08-17T11:34:49', 'version' => '0.018' }, { 'date' => '2013-10-11T12:33:53', 'version' => '0.019' }, { 'date' => '2013-10-13T09:02:17', 'version' => '0.020' }, { 'date' => '2014-01-21T17:46:37', 'version' => '0.021' }, { 'date' => '2014-07-09T15:04:06', 'version' => '0.022' }, { 'date' => '2014-12-23T17:06:56', 'version' => '0.023' }, { 'date' => '2019-07-12T12:27:08', 'version' => '0.024' }, { 'date' => '2019-07-15T11:29:17', 'version' => '0.025' }, { 'date' => '2019-10-08T12:01:54', 'version' => '0.026' } ] }, 'LWP-Protocol-https' => { 'advisories' => [ { 'affected_versions' => '>=6.04,<=6.06', 'cves' => [ 'CVE-2014-3230' ], 'description' => 'The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. ', 'distribution' => 'LWP-Protocol-https', 'fixed_versions' => undef, 'id' => 'CPANSA-LWP-Protocol-https-2014-3230', 'references' => [ 'http://www.openwall.com/lists/oss-security/2014/05/04/1', 'http://www.openwall.com/lists/oss-security/2014/05/02/8', 'http://www.openwall.com/lists/oss-security/2014/05/06/8', 'https://github.com/libwww-perl/lwp-protocol-https/pull/14', 'https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579' ], 'reported' => '2020-01-28', 'severity' => 'medium' } ], 'main_module' => 'LWP::Protocol::https', 'versions' => [ { 'date' => '2011-03-27T11:59:53', 'version' => '6.02' }, { 'date' => '2012-02-18T23:01:32', 'version' => '6.03' }, { 'date' => '2013-04-29T21:26:33', 'version' => '6.04' }, { 'date' => '2014-04-18T17:03:15', 'version' => '6.06' }, { 'date' => '2017-02-20T02:46:43', 'version' => '6.07' }, { 'date' => '2020-03-23T20:20:33', 'version' => '6.08' }, { 'date' => '2020-07-16T13:33:20', 'version' => '6.09' }, { 'date' => '2020-12-17T15:44:24', 'version' => '6.10' }, { 'date' => '2023-07-09T15:11:15', 'version' => '6.11' }, { 'date' => '2024-01-22T17:51:48', 'version' => '6.12' }, { 'date' => '2024-02-06T01:01:15', 'version' => '6.13' } ] }, 'Lemonldap-NG-Portal' => { 'advisories' => [ { 'affected_versions' => '<0.87', 'cves' => [], 'description' => 'When running on Apache with thread support setMacros and setGroups were not launched with the good datas. ', 'distribution' => 'Lemonldap-NG-Portal', 'fixed_versions' => '>=0.87', 'id' => 'CPANSA-Lemonldap-NG-Portal-2009-01', 'references' => [ 'https://metacpan.org/changes/distribution/Lemonldap-NG-Portal' ], 'reported' => '2009-02-08' } ], 'main_module' => 'Lemonldap::NG::Portal', 'versions' => [ { 'date' => '2005-06-29T18:44:50', 'version' => '0.01' }, { 'date' => '2005-07-02T08:49:37', 'version' => '0.02' }, { 'date' => '2006-10-07T13:24:36', 'version' => '0.1' }, { 'date' => '2006-10-14T13:26:07', 'version' => '0.11' }, { 'date' => '2006-10-14T14:11:06', 'version' => '0.111' }, { 'date' => '2006-10-17T13:58:53', 'version' => '0.2' }, { 'date' => '2006-11-02T15:23:31', 'version' => '0.4' }, { 'date' => '2006-11-03T07:25:06', 'version' => '0.41' }, { 'date' => '2006-12-07T21:02:36', 'version' => '0.42' }, { 'date' => '2006-12-19T18:26:07', 'version' => '0.5' }, { 'date' => '2006-12-31T13:03:32', 'version' => '0.51' }, { 'date' => '2007-01-13T19:47:36', 'version' => '0.6' }, { 'date' => '2007-02-28T22:29:18', 'version' => '0.62' }, { 'date' => '2007-03-04T18:23:52', 'version' => '0.63' }, { 'date' => '2007-03-09T20:18:23', 'version' => '0.64' }, { 'date' => '2007-03-29T19:52:31', 'version' => '0.7' }, { 'date' => '2007-04-01T20:26:10', 'version' => '0.71' }, { 'date' => '2007-04-14T20:46:13', 'version' => '0.72' }, { 'date' => '2007-04-20T06:51:13', 'version' => '0.73' }, { 'date' => '2007-06-13T13:54:26', 'version' => '0.74' }, { 'date' => '2007-07-22T20:35:13', 'version' => '0.76' }, { 'date' => '2007-07-31T05:11:34', 'version' => '0.77' }, { 'date' => '2007-10-15T06:03:56', 'version' => '0.8' }, { 'date' => '2008-02-28T07:13:04', 'version' => '0.81' }, { 'date' => '2008-04-11T14:53:38', 'version' => '0.82' }, { 'date' => '2008-06-06T05:50:06', 'version' => '0.83' }, { 'date' => '2008-06-06T12:46:10', 'version' => '0.84' }, { 'date' => '2008-08-25T19:53:48', 'version' => '0.85' }, { 'date' => '2008-12-25T08:26:49', 'version' => '0.86' }, { 'date' => '2009-02-08T07:13:05', 'version' => '0.87' }, { 'date' => '2009-06-29T10:14:46', 'version' => '0.88' }, { 'date' => '2009-07-05T11:40:59', 'version' => '0.89' }, { 'date' => '2009-10-11T08:26:21', 'version' => '0.90' }, { 'date' => '2010-10-13T21:02:21', 'version' => '0.99' }, { 'date' => '2010-10-22T05:36:29', 'version' => '0.99.1' }, { 'date' => '2010-10-22T05:45:04', 'version' => '0.991' }, { 'date' => '2010-10-24T06:33:29', 'version' => '0.992' }, { 'date' => '2010-11-26T13:38:59', 'version' => '1.0.0' }, { 'date' => '2011-02-28T13:42:23', 'version' => '1.0.2' }, { 'date' => '2011-03-07T11:17:03', 'version' => 'v1.0.3' }, { 'date' => '2011-03-23T14:54:26', 'version' => '1.0.4' }, { 'date' => '2011-04-15T14:51:44', 'version' => '1.0.5' }, { 'date' => '2011-05-30T08:40:46', 'version' => '1.0.6' }, { 'date' => '2011-07-08T09:33:35', 'version' => '1.1.0' }, { 'date' => '2011-07-29T13:43:35', 'version' => '1.1.1' }, { 'date' => '2011-10-07T12:58:06', 'version' => '1.1.2' }, { 'date' => '2012-06-18T10:13:31', 'version' => '1.2.0' }, { 'date' => '2012-07-06T09:18:54', 'version' => '1.2.1' }, { 'date' => '2012-09-17T14:04:26', 'version' => '1.2.2' }, { 'date' => '2013-01-25T21:51:54', 'version' => '1.2.2_01' }, { 'date' => '2013-02-08T17:11:38', 'version' => '1.2.3' }, { 'date' => '2013-04-23T13:19:57', 'version' => '1.2.4' }, { 'date' => '2013-08-26T10:39:11', 'version' => '1.2.5' }, { 'date' => '2013-11-02T16:31:10', 'version' => 'v1.3.0' }, { 'date' => '2013-11-10T18:00:31', 'version' => 'v1.3.0_01' }, { 'date' => '2013-11-11T14:01:21', 'version' => 'v1.3.1' }, { 'date' => '2014-02-05T09:31:50', 'version' => '1.3.2' }, { 'date' => '2014-03-07T13:55:23', 'version' => '1.3.3' }, { 'date' => '2014-06-30T12:54:16', 'version' => 'v1.4.0' }, { 'date' => '2014-07-25T09:55:37', 'version' => 'v1.4.1' }, { 'date' => '2014-11-05T15:15:30', 'version' => 'v1.4.2' }, { 'date' => '2014-12-19T10:31:47', 'version' => 'v1.4.3' }, { 'date' => '2015-04-15T10:05:31', 'version' => 'v1.4.4' }, { 'date' => '2015-05-22T16:54:10', 'version' => 'v1.4.5' }, { 'date' => '2015-10-09T09:21:04', 'version' => 'v1.4.6' }, { 'date' => '2016-03-02T09:50:24', 'version' => 'v1.9.0' }, { 'date' => '2016-03-22T14:25:24', 'version' => 'v1.4.7' }, { 'date' => '2016-04-05T16:02:49', 'version' => 'v1.9.1' }, { 'date' => '2016-04-27T15:23:10', 'version' => 'v1.4.8' }, { 'date' => '2016-05-01T19:25:36', 'version' => 'v1.9.2' }, { 'date' => '2016-06-03T14:14:52', 'version' => 'v1.4.9' }, { 'date' => '2016-06-07T15:48:38', 'version' => 'v1.9.3' }, { 'date' => '2016-06-14T18:36:34', 'version' => 'v1.9.4' }, { 'date' => '2016-07-13T09:08:18', 'version' => 'v1.4.10' }, { 'date' => '2016-07-13T12:58:54', 'version' => 'v1.9.5' }, { 'date' => '2016-10-10T13:34:33', 'version' => 'v1.4.11' }, { 'date' => '2016-10-16T12:23:25', 'version' => 'v1.9.6' }, { 'date' => '2016-12-14T19:57:55', 'version' => 'v1.9.7' }, { 'date' => '2017-02-28T21:11:18', 'version' => 'v1.9.99_2.0alpha1' }, { 'date' => '2017-03-02T14:55:34', 'version' => 'v1.9.8' }, { 'date' => '2017-03-07T05:48:09', 'version' => 'v1.9.99_02' }, { 'date' => '2017-03-07T06:00:28', 'version' => 'v1.9.99_03' }, { 'date' => '2017-03-15T05:34:48', 'version' => 'v1.9.991_01' }, { 'date' => '2017-03-17T07:21:31', 'version' => 'v1.9.9' }, { 'date' => '2017-05-19T18:48:42', 'version' => 'v1.9.10' }, { 'date' => '2017-09-01T10:32:34', 'version' => 'v1.9.11' }, { 'date' => '2017-09-12T08:40:27', 'version' => 'v1.9.12' }, { 'date' => '2017-09-29T14:00:36', 'version' => 'v1.9.13' }, { 'date' => '2017-11-24T19:59:18', 'version' => 'v1.9.14' }, { 'date' => '2018-01-23T12:50:53', 'version' => 'v1.9.15' }, { 'date' => '2018-03-16T10:34:13', 'version' => 'v1.9.16' }, { 'date' => '2018-06-16T09:27:27', 'version' => 'v1.9.17' }, { 'date' => '2018-10-05T09:40:26', 'version' => 'v1.9.18' }, { 'date' => '2018-11-30T10:49:52', 'version' => 'v2.0.0' }, { 'date' => '2019-02-12T17:13:39', 'version' => 'v2.0.2' }, { 'date' => '2019-04-11T12:23:10', 'version' => 'v2.0.3' }, { 'date' => '2019-05-13T13:07:36', 'version' => 'v2.0.4' }, { 'date' => '2019-06-29T21:31:33', 'version' => 'v2.0.5' }, { 'date' => '2019-09-24T13:01:00', 'version' => 'v2.0.6' }, { 'date' => '2019-12-21T21:46:38', 'version' => 'v2.0.7' }, { 'date' => '2020-05-05T16:14:25', 'version' => 'v2.0.8' }, { 'date' => '2020-09-07T06:21:08', 'version' => 'v2.0.9' }, { 'date' => '2021-01-17T17:24:36', 'version' => 'v2.0.10' }, { 'date' => '2021-01-31T14:52:09', 'version' => 'v2.0.11' }, { 'date' => '2021-07-22T17:38:26', 'version' => 'v2.0.12' }, { 'date' => '2021-08-23T07:09:56', 'version' => 'v2.0.13' }, { 'date' => '2022-02-22T18:13:11', 'version' => 'v2.0.14' }, { 'date' => '2022-09-09T17:10:35', 'version' => 'v2.0.15' }, { 'date' => '2022-09-16T08:36:23', 'version' => 'v2.0.15.1' }, { 'date' => '2023-02-01T15:29:55', 'version' => 'v2.0.16' }, { 'date' => '2023-05-12T17:38:52', 'version' => 'v2.16.2' }, { 'date' => '2023-08-30T16:24:40', 'version' => 'v2.17.0' }, { 'date' => '2023-12-20T21:12:20', 'version' => 'v2.18.0' }, { 'date' => '2023-12-22T23:41:14', 'version' => 'v2.18.1' }, { 'date' => '2024-02-06T17:49:13', 'version' => 'v2.18.2' } ] }, 'Locale-Maketext' => { 'advisories' => [ { 'affected_versions' => '<1.25', 'cves' => [ 'CVE-2012-6329' ], 'description' => 'The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. ', 'distribution' => 'Locale-Maketext', 'fixed_versions' => undef, 'id' => 'CPANSA-Locale-Maketext-2012-6329', 'references' => [ 'http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8', 'http://sourceforge.net/mailarchive/message.php?msg_id=30219695', 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224', 'http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329', 'http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod', 'http://openwall.com/lists/oss-security/2012/12/11/4', 'http://code.activestate.com/lists/perl5-porters/187763/', 'http://code.activestate.com/lists/perl5-porters/187746/', 'https://bugzilla.redhat.com/show_bug.cgi?id=884354', 'http://rhn.redhat.com/errata/RHSA-2013-0685.html', 'http://www.mandriva.com/security/advisories?name=MDVSA-2013:113', 'https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032', 'http://www.ubuntu.com/usn/USN-2099-1', 'http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html', 'http://www.securityfocus.com/bid/56950', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735', 'http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705' ], 'reported' => '2013-01-04', 'severity' => undef }, { 'affected_versions' => '<1.28', 'cves' => [ 'CVE-2016-1238' ], 'description' => 'Does not remove . from @INC, which might allow local users to gain privileges via a Trojan horse module under the current working directory. ', 'distribution' => 'Locale-Maketext', 'fixed_versions' => '>=1.28', 'id' => 'CPANSA-Locale-Maketext-2016-1238', 'references' => [ 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'severity' => 'high' } ], 'main_module' => 'Locale::Maketext', 'versions' => [ { 'date' => '1999-03-16T05:22:44', 'version' => '0.17' }, { 'date' => '2000-05-14T08:26:33', 'version' => '0.18' }, { 'date' => '2001-05-25T14:21:01', 'version' => '1.01' }, { 'date' => '2001-06-20T08:28:48', 'version' => '1.02' }, { 'date' => '2001-06-22T05:27:18', 'version' => '1.03' }, { 'date' => '2003-04-02T20:20:43', 'version' => '1.04' }, { 'date' => '2003-04-19T06:11:36', 'version' => '1.05' }, { 'date' => '2003-06-22T07:51:14', 'version' => '1.06' }, { 'date' => '2004-01-12T04:18:16', 'version' => '1.07' }, { 'date' => '2004-01-20T00:14:54', 'version' => '1.08' }, { 'date' => '2004-03-31T06:47:07', 'version' => '1.09' }, { 'date' => '2005-11-11T03:42:57', 'version' => '1.10' }, { 'date' => '2007-05-08T05:03:08', 'version' => '1.11_01' }, { 'date' => '2007-11-18T05:22:03', 'version' => '1.12' }, { 'date' => '2008-05-28T15:01:40', 'version' => '1.13' }, { 'date' => '2009-06-23T18:13:14', 'version' => '1.13_80' }, { 'date' => '2009-06-24T00:22:21', 'version' => '1.13_81' }, { 'date' => '2009-06-24T02:33:08', 'version' => '1.13_82' }, { 'date' => '2010-09-28T22:59:25', 'version' => '1.15_01' }, { 'date' => '2010-10-07T14:12:19', 'version' => '1.15_02' }, { 'date' => '2010-10-11T18:07:07', 'version' => '1.16' }, { 'date' => '2010-10-20T15:54:47', 'version' => '1.16_01' }, { 'date' => '2010-10-20T18:42:13', 'version' => '1.17' }, { 'date' => '2011-05-25T15:44:55', 'version' => '1.18_01' }, { 'date' => '2011-05-31T19:29:50', 'version' => '1.19' }, { 'date' => '2011-12-15T04:02:22', 'version' => '1.19_01' }, { 'date' => '2011-12-23T15:18:14', 'version' => '1.21' }, { 'date' => '2012-01-15T05:02:24', 'version' => '1.22' }, { 'date' => '2012-12-04T21:29:08', 'version' => '1.23' }, { 'date' => '2014-04-14T03:15:07', 'version' => '1.25_01' }, { 'date' => '2014-04-15T20:10:23', 'version' => '1.25' }, { 'date' => '2014-12-04T20:57:02', 'version' => '1.26' }, { 'date' => '2016-06-22T23:30:00', 'version' => '1.27' }, { 'date' => '2016-07-25T17:57:25', 'version' => '1.28' }, { 'date' => '2020-01-20T05:04:23', 'version' => '1.29' }, { 'date' => '2022-04-01T19:18:30', 'version' => '1.30' }, { 'date' => '2022-04-14T21:18:43', 'version' => '1.31' }, { 'date' => '2022-08-22T19:20:51', 'version' => '1.32' }, { 'date' => '2023-12-30T21:23:51', 'version' => '1.33' } ] }, 'Log-Any' => { 'advisories' => [ { 'affected_versions' => '>=1.712,<=1.715', 'cves' => [], 'description' => 'The WithStackTrace proxy may expose sensitive information ', 'distribution' => 'Log-Any', 'fixed_versions' => '1.716', 'id' => 'CPANSA-Log-Any-2023-001', 'references' => [ 'https://metacpan.org/dist/Log-Any/changes', 'https://github.com/preaction/Log-Any/pull/97' ], 'reported' => undef, 'severity' => undef } ], 'main_module' => 'Log::Any', 'versions' => [ { 'date' => '2009-07-11T14:11:33', 'version' => '0.01' }, { 'date' => '2009-07-14T23:34:51', 'version' => '0.02' }, { 'date' => '2009-07-18T03:41:02', 'version' => '0.03' }, { 'date' => '2009-09-04T00:32:59', 'version' => '0.03' }, { 'date' => '2009-10-27T22:26:20', 'version' => '0.05' }, { 'date' => '2009-10-31T23:24:23', 'version' => '0.06' }, { 'date' => '2009-12-07T17:57:19', 'version' => '0.07' }, { 'date' => '2009-12-16T01:31:06', 'version' => '0.08' }, { 'date' => '2010-01-05T21:20:31', 'version' => '0.09' }, { 'date' => '2010-01-05T21:27:46', 'version' => '0.10' }, { 'date' => '2010-02-12T13:08:17', 'version' => '0.11' }, { 'date' => '2011-03-23T21:55:43', 'version' => '0.12' }, { 'date' => '2011-08-02T13:27:07', 'version' => '0.13' }, { 'date' => '2011-08-31T22:51:22', 'version' => '0.14' }, { 'date' => '2013-04-10T17:16:43', 'version' => '0.15' }, { 'date' => '2014-12-12T22:09:51', 'version' => '0.90' }, { 'date' => '2014-12-15T03:15:09', 'version' => '0.91' }, { 'date' => '2014-12-15T12:13:47', 'version' => '0.92' }, { 'date' => '2014-12-26T03:04:57', 'version' => '1.00' }, { 'date' => '2014-12-27T03:26:31', 'version' => '1.01' }, { 'date' => '2014-12-28T12:07:41', 'version' => '1.02' }, { 'date' => '2015-01-02T03:43:07', 'version' => '1.03' }, { 'date' => '2015-03-26T10:09:30', 'version' => '1.031' }, { 'date' => '2015-03-26T21:24:48', 'version' => '1.032' }, { 'date' => '2016-02-03T15:34:02', 'version' => '1.033' }, { 'date' => '2016-02-04T19:48:49', 'version' => '1.035' }, { 'date' => '2016-02-06T01:27:07', 'version' => '1.037' }, { 'date' => '2016-02-10T21:18:02', 'version' => '1.038' }, { 'date' => '2016-02-24T22:48:34', 'version' => '1.040' }, { 'date' => '2016-08-18T05:02:37', 'version' => '1.041' }, { 'date' => '2016-08-27T04:38:20', 'version' => '1.042' }, { 'date' => '2016-11-04T02:48:06', 'version' => '1.043' }, { 'date' => '2016-11-06T21:53:19', 'version' => '1.044' }, { 'date' => '2016-11-12T03:54:03', 'version' => '1.045' }, { 'date' => '2017-01-12T03:44:21', 'version' => '1.046' }, { 'date' => '2017-03-23T01:25:09', 'version' => '1.047' }, { 'date' => '2017-03-27T20:17:22', 'version' => '1.048' }, { 'date' => '2017-03-28T21:03:30', 'version' => '1.049' }, { 'date' => '2017-08-04T03:30:12', 'version' => '1.050' }, { 'date' => '2017-08-07T01:43:24', 'version' => '1.051' }, { 'date' => '2017-09-28T22:00:06', 'version' => '1.700' }, { 'date' => '2017-10-02T19:38:09', 'version' => '1.701' }, { 'date' => '2017-11-28T21:20:01', 'version' => '1.702' }, { 'date' => '2017-11-29T16:57:31', 'version' => '1.703' }, { 'date' => '2017-12-18T00:14:35', 'version' => '1.704' }, { 'date' => '2018-01-17T19:50:35', 'version' => '1.705' }, { 'date' => '2018-07-07T01:21:05', 'version' => '1.706' }, { 'date' => '2018-08-02T03:56:11', 'version' => '1.707' }, { 'date' => '2020-01-13T03:58:06', 'version' => '1.708' }, { 'date' => '2021-02-17T21:17:28', 'version' => '1.709' }, { 'date' => '2021-08-02T15:11:51', 'version' => '1.710' }, { 'date' => '2022-11-22T17:29:07', 'version' => '1.711' }, { 'date' => '2022-12-09T17:06:31', 'version' => '1.712' }, { 'date' => '2022-12-12T18:45:32', 'version' => '1.713' }, { 'date' => '2023-03-20T16:49:03', 'version' => '1.714' }, { 'date' => '2023-05-04T18:09:55', 'version' => '1.715' }, { 'date' => '2023-06-26T19:15:29', 'version' => '1.716' }, { 'date' => '2023-08-17T15:53:05', 'version' => '1.717' } ] }, 'MARC-File-XML' => { 'advisories' => [ { 'affected_versions' => '<1.0.2', 'cves' => [ 'CVE-2014-1626' ], 'description' => 'XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file. ', 'distribution' => 'MARC-File-XML', 'fixed_versions' => undef, 'id' => 'CPANSA-MARC-File-XML-2014-1626', 'references' => [ 'http://www.securityfocus.com/bid/65057', 'http://www.nntp.perl.org/group/perl.perl4lib/2014/01/msg3073.html', 'http://secunia.com/advisories/55404', 'http://libmail.georgialibraries.org/pipermail/open-ils-general/2014-January/009442.html', 'https://metacpan.org/source/GMCHARLT/MARC-XML-1.0.2/Changes', 'http://lists.katipo.co.nz/pipermail/koha/2014-January/038430.html', 'http://osvdb.org/102367', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/90620' ], 'reported' => '2014-01-26', 'severity' => undef } ], 'main_module' => 'MARC::File::XML', 'versions' => [ { 'date' => '2017-05-24T01:18:18', 'version' => 'v1.0.5' } ] }, 'MDK-Common' => { 'advisories' => [ { 'affected_versions' => [ '=1.1.11', '=1.1.24', '>=1.2.9,<=1.2.14' ], 'cves' => [ 'CVE-2009-0912' ], 'description' => 'perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly other versions, in Mandriva Linux does not properly handle strings when writing them to configuration files, which allows attackers to gain privileges via "special characters" in unspecified vectors.\' ', 'distribution' => 'MDK-Common', 'fixed_versions' => undef, 'id' => 'CPANSA-MDK-Common-2009-0912', 'references' => [ 'http://www.securityfocus.com/bid/34089', 'http://www.vupen.com/english/advisories/2009/0688', 'http://www.mandriva.com/security/advisories?name=MDVSA-2009:072', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/49220' ], 'reported' => '2009-03-16', 'severity' => undef } ], 'main_module' => 'MDK::Common', 'versions' => [ { 'date' => '2012-09-14T16:23:25', 'version' => '1.2.29' }, { 'date' => '2014-05-06T17:14:10', 'version' => 'v1.2.30' }, { 'date' => '2017-10-27T22:31:26', 'version' => 'v1.2.32' }, { 'date' => '2017-10-27T23:18:48', 'version' => 'v1.2.33' }, { 'date' => '2017-10-28T01:09:39', 'version' => 'v1.2.34' }, { 'date' => '2017-10-28T03:37:17', 'version' => 'v1.2.34.1' }, { 'date' => '2017-10-28T04:28:13', 'version' => 'v1.2.34.2' } ] }, 'MHonArc' => { 'advisories' => [ { 'affected_versions' => '<2.6.17', 'cves' => [ 'CVE-2010-4524' ], 'description' => 'Improper escaping of certain HTML sequences (XSS). ', 'distribution' => 'MHonArc', 'fixed_versions' => '>=2.6.17', 'id' => 'CPANSA-MHonArc-2011-01', 'references' => [ 'https://metacpan.org/changes/distribution/MHonArc' ], 'reported' => '2011-01-09' }, { 'affected_versions' => '<2.6.17', 'cves' => [ 'CVE-2010-1677' ], 'description' => 'DoS when processing html messages with deep tag nesting. ', 'distribution' => 'MHonArc', 'fixed_versions' => '>=2.6.17', 'id' => 'CPANSA-MHonArc-2011-02', 'references' => [ 'https://metacpan.org/changes/distribution/MHonArc' ], 'reported' => '2011-01-09' } ], 'main_module' => 'MHonArc::UTF8', 'versions' => [ { 'date' => '1997-12-11T20:44:41', 'version' => '2.1' }, { 'date' => '1998-03-04T01:06:00', 'version' => 'v2.2.0' }, { 'date' => '1998-10-11T02:56:10', 'version' => 'v2.3.0' }, { 'date' => '1998-10-25T19:27:37', 'version' => 'v2.3.1' }, { 'date' => '1998-11-01T20:02:48', 'version' => 'v2.3.2' }, { 'date' => '1998-11-08T21:59:21', 'version' => 'v2.3.3' }, { 'date' => '1999-06-26T07:57:53', 'version' => 'v2.4.0' }, { 'date' => '1999-07-26T19:30:51', 'version' => 'v2.4.1' }, { 'date' => '1999-08-12T07:16:14', 'version' => 'v2.4.2' }, { 'date' => '1999-08-16T06:25:39', 'version' => 'v2.4.3' }, { 'date' => '1999-10-01T19:43:07', 'version' => 'v2.4.4' }, { 'date' => '2000-02-15T03:44:03', 'version' => 'v2.4.5' }, { 'date' => '2000-04-24T08:35:56', 'version' => 'v2.4.6' }, { 'date' => '2000-10-29T04:18:32', 'version' => 'v2.4.7' }, { 'date' => '2000-10-30T06:29:47', 'version' => 'v2.4.7' }, { 'date' => '2001-04-14T21:48:01', 'version' => 'v2.4.8' }, { 'date' => '2001-06-11T03:09:13', 'version' => 'v2.4.9' }, { 'date' => '2001-08-26T19:46:53', 'version' => 'v2.5.0' }, { 'date' => '2001-09-07T15:24:19', 'version' => 'v2.5.0' }, { 'date' => '2001-10-17T16:03:13', 'version' => 'v2.5.0' }, { 'date' => '2001-11-14T05:09:59', 'version' => 'v2.5.1' }, { 'date' => '2001-11-25T06:46:19', 'version' => 'v2.5.2' }, { 'date' => '2002-04-18T07:23:29', 'version' => 'v2.5.3' }, { 'date' => '2002-05-03T05:06:16', 'version' => 'v2.5.4' }, { 'date' => '2002-05-28T05:43:00', 'version' => 'v2.5.5' }, { 'date' => '2002-06-18T18:07:38', 'version' => 'v2.5.6' }, { 'date' => '2002-06-21T22:59:36', 'version' => 'v2.5.7' }, { 'date' => '2002-06-29T03:22:26', 'version' => 'v2.5.8' }, { 'date' => '2002-07-20T02:39:53', 'version' => 'v2.5.9' }, { 'date' => '2002-07-29T00:10:32', 'version' => 'v2.5.10' }, { 'date' => '2002-08-04T04:25:22', 'version' => 'v2.5.11' }, { 'date' => '2002-09-04T04:32:14', 'version' => 'v2.5.12' }, { 'date' => '2002-10-21T17:13:35', 'version' => 'v2.5.13' }, { 'date' => '2002-12-22T01:07:40', 'version' => 'v2.5.14' }, { 'date' => '2003-02-10T05:23:02', 'version' => 'v2.6.0' }, { 'date' => '2003-02-23T00:39:05', 'version' => 'v2.6.1' }, { 'date' => '2003-03-12T01:55:48', 'version' => 'v2.6.2' }, { 'date' => '2003-04-06T02:11:59', 'version' => 'v2.6.3' }, { 'date' => '2003-06-22T21:54:52', 'version' => 'v2.6.4' }, { 'date' => '2003-07-20T04:51:56', 'version' => 'v2.6.5' }, { 'date' => '2003-07-21T17:20:07', 'version' => 'v2.6.6' }, { 'date' => '2003-08-07T23:49:43', 'version' => 'v2.6.7' }, { 'date' => '2003-08-13T04:47:02', 'version' => 'v2.6.8' }, { 'date' => '2004-05-17T06:24:46', 'version' => 'v2.6.9' }, { 'date' => '2004-05-17T06:25:16', 'version' => 'v2.6.10' }, { 'date' => '2005-05-20T17:15:40', 'version' => 'v2.6.11' }, { 'date' => '2005-06-09T02:30:11', 'version' => 'v2.6.12' }, { 'date' => '2005-07-06T05:15:55', 'version' => 'v2.6.13' }, { 'date' => '2005-07-23T07:15:49', 'version' => '2.6.14' }, { 'date' => '2005-07-27T03:46:13', 'version' => '2.6.15' }, { 'date' => '2006-06-10T03:21:01', 'version' => '2.6.16' }, { 'date' => '2011-01-09T10:04:06', 'version' => '2.6.17' }, { 'date' => '2011-01-09T16:35:39', 'version' => '2.6.18' }, { 'date' => '2014-04-22T03:33:53', 'version' => '2.6.19' }, { 'date' => '2020-09-14T09:22:58', 'version' => 'v2.6.20' }, { 'date' => '2020-09-14T11:54:14', 'version' => 'v2.6.21' }, { 'date' => '2020-09-21T07:06:18', 'version' => 'v2.6.22' }, { 'date' => '2020-11-12T12:54:55', 'version' => 'v2.6.23' }, { 'date' => '2020-11-16T14:24:54', 'version' => 'v2.6.24' } ] }, 'MIME-tools' => { 'advisories' => [ { 'affected_versions' => '<4.109', 'cves' => [], 'description' => 'There was a potential security hole when outputting entities with recommended filenames. ', 'distribution' => 'MIME-tools', 'fixed_versions' => '>=4.109', 'id' => 'CPANSA-MIME-tools-1998-01', 'references' => [ 'https://metacpan.org/dist/MIME-tools/changes' ], 'reported' => '1998-01-10', 'severity' => undef } ], 'main_module' => 'MIME::Body', 'versions' => [ { 'date' => '1996-10-18T13:57:11', 'version' => '2.01' }, { 'date' => '1996-10-23T19:20:59', 'version' => '2.02' }, { 'date' => '1996-10-28T18:27:36', 'version' => '2.03' }, { 'date' => '1996-11-03T00:35:36', 'version' => '2.04' }, { 'date' => '1997-01-13T10:17:14', 'version' => '2.13' }, { 'date' => '1997-01-14T07:05:37', 'version' => '2.14' }, { 'date' => '1997-01-21T03:40:48', 'version' => '3.203' }, { 'date' => '1997-01-22T11:24:13', 'version' => '3.204' }, { 'date' => '1998-01-14T15:44:55', 'version' => '4.111' }, { 'date' => '1998-01-18T04:23:37', 'version' => '4.112' }, { 'date' => '1998-01-20T08:21:18', 'version' => '4.113' }, { 'date' => '1998-02-14T21:45:26', 'version' => '4.116' }, { 'date' => '1998-05-05T14:32:36', 'version' => '4.119' }, { 'date' => '1998-06-04T13:30:01', 'version' => '4.121' }, { 'date' => '1999-02-10T05:39:03', 'version' => '4.122' }, { 'date' => '1999-05-14T13:29:15', 'version' => '4.124' }, { 'date' => '2000-05-24T14:44:21', 'version' => '5.115' }, { 'date' => '2000-05-26T04:46:25', 'version' => '5.116' }, { 'date' => '2000-06-06T16:14:02', 'version' => '5.205' }, { 'date' => '2000-06-08T07:36:13', 'version' => '5.206' }, { 'date' => '2000-06-09T03:44:00', 'version' => '5.207' }, { 'date' => '2000-06-10T08:12:36', 'version' => '5.209' }, { 'date' => '2000-06-20T13:24:34', 'version' => '5.210' }, { 'date' => '2000-06-24T06:57:34', 'version' => '5.211' }, { 'date' => '2000-07-07T14:46:11', 'version' => '5.304' }, { 'date' => '2000-07-20T06:47:41', 'version' => '5.306' }, { 'date' => '2000-08-15T14:22:44', 'version' => '5.310' }, { 'date' => '2000-08-16T05:28:11', 'version' => '5.311' }, { 'date' => '2000-09-05T04:17:48', 'version' => '5.313' }, { 'date' => '2000-09-06T04:59:03', 'version' => '5.314' }, { 'date' => '2000-09-21T06:14:25', 'version' => '5.316' }, { 'date' => '2000-11-05T15:24:04', 'version' => '5.404' }, { 'date' => '2000-11-06T00:34:39', 'version' => '5.405' }, { 'date' => '2000-11-10T05:27:35', 'version' => '5.408' }, { 'date' => '2000-11-20T18:04:43', 'version' => '5.409' }, { 'date' => '2000-11-23T05:31:08', 'version' => '5.410' }, { 'date' => '2001-06-05T15:21:25', 'version' => '5.411' }, { 'date' => '2001-11-16T17:32:32', 'version' => '5.411' }, { 'date' => '2003-06-09T16:42:00', 'version' => '6.200_01' }, { 'date' => '2003-07-22T20:49:42', 'version' => '6.200_02' }, { 'date' => '2004-09-14T14:20:07', 'version' => '5.412' }, { 'date' => '2004-09-15T14:11:08', 'version' => '5.413' }, { 'date' => '2004-10-06T19:46:54', 'version' => '5.414' }, { 'date' => '2004-10-27T12:51:54', 'version' => '5.415' }, { 'date' => '2005-01-03T15:45:29', 'version' => '5.416' }, { 'date' => '2005-01-20T21:24:25', 'version' => '5.417' }, { 'date' => '2005-09-29T19:40:53', 'version' => '5.418' }, { 'date' => '2005-12-22T21:52:16', 'version' => '5.419' }, { 'date' => '2006-03-17T21:20:12', 'version' => '5.420' }, { 'date' => '2007-06-18T20:04:22', 'version' => '5.420_01' }, { 'date' => '2007-08-31T18:03:20', 'version' => '5.420_02' }, { 'date' => '2007-09-20T21:33:01', 'version' => '5.421' }, { 'date' => '2007-09-25T22:31:20', 'version' => '5.422' }, { 'date' => '2007-09-27T15:50:17', 'version' => '5.423' }, { 'date' => '2007-11-07T15:36:31', 'version' => '5.424' }, { 'date' => '2007-11-17T16:20:42', 'version' => '5.425' }, { 'date' => '2008-03-18T13:45:38', 'version' => '5.426' }, { 'date' => '2008-06-30T18:41:00', 'version' => '5.426' }, { 'date' => '2010-04-22T15:31:33', 'version' => '5.428' }, { 'date' => '2010-04-30T13:47:59', 'version' => '5.500' }, { 'date' => '2011-01-07T15:59:19', 'version' => '5.500' }, { 'date' => '2011-02-17T18:37:12', 'version' => '5.501' }, { 'date' => '2011-03-08T14:03:11', 'version' => '5.502' }, { 'date' => '2012-06-08T13:44:12', 'version' => '5.503' }, { 'date' => '2013-01-30T21:01:40', 'version' => '5.504' }, { 'date' => '2013-11-14T15:27:15', 'version' => '5.505' }, { 'date' => '2015-04-22T17:32:26', 'version' => '5.506' }, { 'date' => '2015-09-30T13:21:56', 'version' => '5.507' }, { 'date' => '2016-08-29T14:52:28', 'version' => '5.508' }, { 'date' => '2017-04-05T18:13:30', 'version' => '5.508' }, { 'date' => '2022-07-06T14:20:39', 'version' => '5.503' }, { 'date' => '2024-01-02T15:38:07', 'version' => '5.503' }, { 'date' => '2024-01-08T18:22:18', 'version' => '5.503' }, { 'date' => '2024-01-25T16:28:54', 'version' => '5.503' }, { 'date' => '2024-02-06T20:49:02', 'version' => '5.503' } ] }, 'MT' => { 'advisories' => [ { 'affected_versions' => '>=4.20,<=4.38', 'cves' => [ 'CVE-2013-0209' ], 'description' => 'lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2013-0209', 'references' => [ 'http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt', 'http://www.movabletype.org/2013/01/movable_type_438_patch.html', 'http://openwall.com/lists/oss-security/2013/01/22/3', 'http://www.sec-1.com/blog/?p=402' ], 'reported' => '2013-01-23', 'severity' => undef }, { 'affected_versions' => [ '>=7,<=7.9.4', '>=6,<=6.8.6', '>=4,<=5' ], 'cves' => [ 'CVE-2022-38078' ], 'description' => 'Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. ', 'distribution' => 'MT', 'fixed_versions' => [ '7.9.5', '6.8.7' ], 'id' => 'CPANSA-MT-2022-38078', 'references' => [ 'https://movabletype.org/news/2022/08/mt-795-687-released.html', 'https://jvn.jp/en/jp/JVN57728859/index.html' ], 'reported' => '2022-08-24', 'severity' => 'critical' }, { 'affected_versions' => [ '>=7,<=7.8.1', '>=6,<=6.8.2', '<6' ], 'cves' => [ 'CVE-2021-20837' ], 'description' => 'Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8.2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2021-20837', 'references' => [ 'https://jvn.jp/en/jp/JVN41119755/index.html', 'https://movabletype.org/news/2021/10/mt-782-683-released.html', 'http://packetstormsecurity.com/files/164818/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html', 'http://packetstormsecurity.com/files/164705/Movable-Type-7-r.5002-XMLRPC-API-Remote-Command-Injection.html' ], 'reported' => '2021-10-26', 'severity' => 'critical' }, { 'affected_versions' => [ '>=7,<7.8.0' ], 'cves' => [ 'CVE-2021-20814' ], 'description' => 'Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2021-20814', 'references' => [ 'https://movabletype.org/news/2021/08/mt-780-681-released.html', 'https://jvn.jp/en/jp/JVN97545738/index.html' ], 'reported' => '2021-08-26', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.8.0' ], 'cves' => [ 'CVE-2021-20813' ], 'description' => 'Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2021-20813', 'references' => [ 'https://movabletype.org/news/2021/08/mt-780-681-released.html', 'https://jvn.jp/en/jp/JVN97545738/index.html' ], 'reported' => '2021-08-26', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.8.0', '>=6,<=6.8.0' ], 'cves' => [ 'CVE-2021-20815' ], 'description' => 'Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2021-20815', 'references' => [ 'https://movabletype.org/news/2021/08/mt-780-681-released.html', 'https://jvn.jp/en/jp/JVN97545738/index.html' ], 'reported' => '2021-08-26', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.8.0', '>=6,<=6.8.0' ], 'cves' => [ 'CVE-2021-20811' ], 'description' => 'Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2021-20811', 'references' => [ 'https://movabletype.org/news/2021/08/mt-780-681-released.html', 'https://jvn.jp/en/jp/JVN97545738/index.html' ], 'reported' => '2021-08-26', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.8.0', '>=6,<=6.8.0' ], 'cves' => [ 'CVE-2021-20810' ], 'description' => 'Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2021-20810', 'references' => [ 'https://movabletype.org/news/2021/08/mt-780-681-released.html', 'https://jvn.jp/en/jp/JVN97545738/index.html' ], 'reported' => '2021-08-26', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.8.0', '>=6,<=6.8.0' ], 'cves' => [ 'CVE-2021-20809' ], 'description' => 'Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2021-20809', 'references' => [ 'https://movabletype.org/news/2021/08/mt-780-681-released.html', 'https://jvn.jp/en/jp/JVN97545738/index.html' ], 'reported' => '2021-08-26', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.8.0', '>=6,<=6.8.0' ], 'cves' => [ 'CVE-2021-20808' ], 'description' => 'Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2021-20808', 'references' => [ 'https://movabletype.org/news/2021/08/mt-780-681-released.html', 'https://jvn.jp/en/jp/JVN97545738/index.html' ], 'reported' => '2021-08-26', 'severity' => 'medium' }, { 'affected_versions' => undef, 'cves' => [ 'CVE-2020-5669' ], 'description' => 'Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2020-5669', 'references' => [ 'https://www.sixapart.jp/movabletype/news/2020/11/18-1101.html', 'https://jvn.jp/en/jp/JVN94245475/index.html' ], 'reported' => '2021-10-26', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.2.1', '>=6,<=6.5.3' ], 'cves' => [ 'CVE-2020-5577' ], 'description' => 'Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2020-5577', 'references' => [ 'https://jvn.jp/en/jp/JVN28806943/index.html', 'https://movabletype.org/news/2020/05/mt-730-660-6312-released.html' ], 'reported' => '2020-05-14', 'severity' => 'high' }, { 'affected_versions' => [ '>=7,<7.2.1', '>=6,<=6.5.3' ], 'cves' => [ 'CVE-2020-5576' ], 'description' => 'Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2020-5576', 'references' => [ 'https://jvn.jp/en/jp/JVN28806943/index.html', 'https://movabletype.org/news/2020/05/mt-730-660-6312-released.html' ], 'reported' => '2020-05-14', 'severity' => 'high' }, { 'affected_versions' => [ '>=7,<7.2.1', '>=6,<=6.5.3' ], 'cves' => [ 'CVE-2020-5575' ], 'description' => 'Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2020-5575', 'references' => [ 'https://jvn.jp/en/jp/JVN28806943/index.html', 'https://movabletype.org/news/2020/05/mt-730-660-6312-released.html' ], 'reported' => '2020-05-14', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.2.1', '>=6,<=6.5.3' ], 'cves' => [ 'CVE-2020-5574' ], 'description' => 'HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2020-5574', 'references' => [ 'https://jvn.jp/en/jp/JVN28806943/index.html', 'https://movabletype.org/news/2020/05/mt-730-660-6312-released.html' ], 'reported' => '2020-05-14', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.1.4', '>=6,<=6.5.2' ], 'cves' => [ 'CVE-2020-5528' ], 'description' => 'Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2020-5528', 'references' => [ 'https://movabletype.org/news/2020/02/movable_type_r4605_v720_v653_and_v6311_released.html', 'http://jvn.jp/en/jp/JVN94435544/index.html' ], 'reported' => '2020-02-06', 'severity' => 'medium' }, { 'affected_versions' => [ '>=7,<7.1.3', '>=6.5.0,<=6.5.1', '>=6,<=6.3.9' ], 'cves' => [ 'CVE-2019-6025' ], 'description' => 'Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2019-6025', 'references' => [ 'https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html', 'http://jvn.jp/en/jp/JVN65280626/index.html' ], 'reported' => '2019-12-26', 'severity' => 'medium' }, { 'affected_versions' => '=6.3.1', 'cves' => [ 'CVE-2018-0672' ], 'description' => 'Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2018-0672', 'references' => [ 'http://jvn.jp/en/jp/JVN89550319/index.html' ], 'reported' => '2018-09-04', 'severity' => 'medium' }, { 'affected_versions' => [ '>=6.0.0,<6.1.3', '>=6.2.0,<6.2.6', '<5.2.13' ], 'cves' => [ 'CVE-2016-5742' ], 'description' => 'SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2016-5742', 'references' => [ 'https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html', 'http://www.openwall.com/lists/oss-security/2016/06/22/6', 'http://www.openwall.com/lists/oss-security/2016/06/22/5', 'http://www.openwall.com/lists/oss-security/2016/06/22/3', 'http://www.securitytracker.com/id/1036160' ], 'reported' => '2017-01-23', 'severity' => 'critical' }, { 'affected_versions' => [ '<5.2.12', '>=6.0.0,<=6.0.7' ], 'cves' => [ 'CVE-2015-1592' ], 'description' => 'Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2015-1592', 'references' => [ 'https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html', 'http://www.securityfocus.com/bid/72606', 'http://www.openwall.com/lists/oss-security/2015/02/12/17', 'http://www.openwall.com/lists/oss-security/2015/02/12/2', 'https://www.debian.org/security/2015/dsa-3183', 'http://www.securitytracker.com/id/1031777', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/100912' ], 'reported' => '2015-02-19', 'severity' => undef }, { 'affected_versions' => [ '<5.18', '>=5.2.0,<5.2.11', '>=6,<6.0.6' ], 'cves' => [ 'CVE-2014-9057' ], 'description' => 'SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2014-9057', 'references' => [ 'https://movabletype.org/news/2014/12/6.0.6.html', 'https://movabletype.org/documentation/appendices/release-notes/6.0.6.html', 'http://secunia.com/advisories/61227', 'https://www.debian.org/security/2015/dsa-3183' ], 'reported' => '2014-12-16', 'severity' => undef }, { 'affected_versions' => '<5.2.6', 'cves' => [ 'CVE-2013-2184' ], 'description' => 'Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2013-2184', 'references' => [ 'https://movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html', 'http://www.debian.org/security/2015/dsa-3183', 'http://seclists.org/oss-sec/2013/q2/568', 'http://seclists.org/oss-sec/2013/q2/560' ], 'reported' => '2015-03-27', 'severity' => undef }, { 'affected_versions' => [ '>=4.20,<4.38' ], 'cves' => [ 'CVE-2013-0209' ], 'description' => 'lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injection attack against the core_drop_meta_for_table function, leading to execution of arbitrary Perl code. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2013-0209', 'references' => [ 'http://www.sec-1.com/blog/wp-content/uploads/2013/01/movabletype_upgrade_exec.rb_.txt', 'http://www.movabletype.org/2013/01/movable_type_438_patch.html', 'http://openwall.com/lists/oss-security/2013/01/22/3', 'http://www.sec-1.com/blog/?p=402' ], 'reported' => '2013-01-23', 'severity' => undef }, { 'affected_versions' => '=5.13', 'cves' => [ 'CVE-2012-1503' ], 'description' => 'Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2012-1503', 'references' => [ 'http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html', 'http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html', 'http://www.exploit-db.com/exploits/22151', 'http://osvdb.org/show/osvdb/86729', 'http://www.securityfocus.com/bid/56160', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/79521' ], 'reported' => '2014-08-29', 'severity' => undef }, { 'affected_versions' => [ '<4.38', '>=5,<5.07', '>=5.10,<5.13' ], 'cves' => [ 'CVE-2012-0320' ], 'description' => 'Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2012-0320', 'references' => [ 'http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html', 'http://www.movabletype.org/documentation/appendices/release-notes/513.html', 'http://jvndb.jvn.jp/jvndb/JVNDB-2012-000018', 'http://jvn.jp/en/jp/JVN20083397/index.html', 'http://www.securitytracker.com/id?1026738', 'http://www.securityfocus.com/bid/52138', 'http://www.debian.org/security/2012/dsa-2423' ], 'reported' => '2012-03-03', 'severity' => undef }, { 'affected_versions' => [ '<4.38', '>=5,<5.07', '>=5.10,<5.13' ], 'cves' => [ 'CVE-2012-0317' ], 'description' => 'Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2012-0317', 'references' => [ 'http://jvn.jp/en/jp/JVN70683217/index.html', 'http://www.movabletype.org/documentation/appendices/release-notes/513.html', 'http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html', 'http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015', 'http://www.securitytracker.com/id?1026738', 'http://www.securityfocus.com/bid/52138', 'http://www.debian.org/security/2012/dsa-2423' ], 'reported' => '2012-03-03', 'severity' => undef }, { 'affected_versions' => [ '>=4,<4.36', '>=5,<5.05' ], 'cves' => [ 'CVE-2011-5085' ], 'description' => 'Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to read or modify data via unknown vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2011-5085', 'references' => [ 'http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html', 'http://www.debian.org/security/2012/dsa-2423' ], 'reported' => '2012-04-02', 'severity' => undef }, { 'affected_versions' => [ '>=4,<4.36', '>=5,<5.05' ], 'cves' => [ 'CVE-2011-5084' ], 'description' => 'Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2011-5084', 'references' => [ 'http://www.movabletype.org/2011/05/movable_type_51_and_505_436_security_update.html', 'http://www.debian.org/security/2012/dsa-2423' ], 'reported' => '2012-04-02', 'severity' => undef }, { 'affected_versions' => '>=5.0,<=5.01', 'cves' => [ 'CVE-2010-1985' ], 'description' => 'Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2010-1985', 'references' => [ 'http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000017.html', 'http://www.movabletype.com/blog/2010/05/movable-type-502.html', 'http://www.vupen.com/english/advisories/2010/1136', 'http://secunia.com/advisories/39741', 'http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html', 'http://jvn.jp/en/jp/JVN92854093/index.html' ], 'reported' => '2010-05-19', 'severity' => undef }, { 'affected_versions' => '<4.261', 'cves' => [ 'CVE-2009-2492' ], 'description' => 'Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2009-2492', 'references' => [ 'http://jvn.jp/en/jp/JVN86472161/index.html', 'http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000042.html', 'http://www.vupen.com/english/advisories/2009/1668', 'http://secunia.com/advisories/35534', 'http://www.securityfocus.com/bid/35885' ], 'reported' => '2009-07-17', 'severity' => undef }, { 'affected_versions' => '<4.261', 'cves' => [ 'CVE-2009-2481' ], 'description' => 'mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2009-2481', 'references' => [ 'http://jvn.jp/en/jp/JVN08369659/index.html', 'http://www.vupen.com/english/advisories/2009/1668', 'http://www.securityfocus.com/bid/35471', 'http://secunia.com/advisories/35534', 'http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/51330' ], 'reported' => '2009-07-16', 'severity' => undef }, { 'affected_versions' => '<4.24', 'cves' => [ 'CVE-2009-0752' ], 'description' => 'Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2009-0752', 'references' => [ 'http://www.movabletype.com/blog/2009/02/movable-type-424-get-updated-with-better-password-recovery.html' ], 'reported' => '2009-03-03', 'severity' => undef }, { 'affected_versions' => '<4.23', 'cves' => [ 'CVE-2008-5846' ], 'description' => 'Six Apart Movable Type (MT) before 4.23 allows remote authenticated users with create permission for posts to bypass intended access restrictions and publish posts via a "system-wide entry listing screen." ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2008-5846', 'references' => [ 'http://www.movabletype.org/mt_423_change_log.html', 'http://www.securityfocus.com/bid/33133', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/47759' ], 'reported' => '2009-01-05', 'severity' => undef }, { 'affected_versions' => '<4.23', 'cves' => [ 'CVE-2008-5845' ], 'description' => 'Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2008-5845', 'references' => [ 'http://www.movabletype.org/mt_423_change_log.html', 'http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000031.html', 'http://jvn.jp/en/jp/JVN45658190/index.html' ], 'reported' => '2009-01-05', 'severity' => undef }, { 'affected_versions' => [ '>=3,<=3.38', '>=4,<4.23' ], 'cves' => [ 'CVE-2008-5808' ], 'description' => 'Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to "application management." ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2008-5808', 'references' => [ 'http://secunia.com/advisories/32935', 'http://www.securityfocus.com/bid/32604', 'http://jvn.jp/en/jp/JVN02216739/index.html', 'http://www.movabletype.jp/blog/_movable_type_423.html', 'http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000067.html', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/47019' ], 'reported' => '2009-01-02', 'severity' => undef }, { 'affected_versions' => '>=7,<=7.7.1', 'cves' => [ 'CVE-2021-20812' ], 'description' => 'Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2021-20812', 'references' => [ 'https://movabletype.org/news/2021/08/mt-780-681-released.html', 'https://jvn.jp/en/jp/JVN97545738/index.html' ], 'reported' => '2021-08-26', 'severity' => 'medium' }, { 'affected_versions' => '<=7', 'cves' => [ 'CVE-2022-43660' ], 'description' => 'Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of \'Manage of Content Types\' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. ', 'distribution' => 'MT', 'fixed_versions' => undef, 'id' => 'CPANSA-MT-2022-43660', 'references' => [ 'https://movabletype.org/news/2022/11/mt-796-688-released.html', 'https://jvn.jp/en/jp/JVN37014768/index.html' ], 'reported' => '2022-12-07', 'severity' => undef } ] }, 'Mail-Audit' => { 'advisories' => [ { 'affected_versions' => undef, 'cves' => [ 'CVE-2005-4536' ], 'description' => 'Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file. ', 'distribution' => 'Mail-Audit', 'fixed_versions' => undef, 'id' => 'CPANSA-Mail-Audit-2005-4536', 'references' => [ 'http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029', 'http://www.debian.org/security/2006/dsa-960', 'http://secunia.com/advisories/18652', 'http://secunia.com/advisories/18656', 'http://www.securityfocus.com/bid/16434', 'http://www.vupen.com/english/advisories/2006/0378', 'https://exchange.xforce.ibmcloud.com/vulnerabilities/24380' ], 'reported' => '2005-12-31', 'severity' => undef } ], 'main_module' => 'Mail::Audit', 'versions' => [ { 'date' => '2000-03-25T11:22:17', 'version' => '1.0' }, { 'date' => '2000-06-17T08:03:59', 'version' => '1.1' }, { 'date' => '2000-06-17T10:56:28', 'version' => '1.2' }, { 'date' => '2000-06-17T11:13:20', 'version' => '1.3' }, { 'date' => '2001-01-04T20:17:04', 'version' => '1.4' }, { 'date' => '2001-01-07T14:23:39', 'version' => '1.5' }, { 'date' => '2001-01-13T22:45:20', 'version' => '1.6' }, { 'date' => '2001-01-27T11:31:56', 'version' => '1.7' }, { 'date' => '2001-02-12T16:34:27', 'version' => '1.8' }, { 'date' => '2001-03-21T21:35:00', 'version' => '1.9' }, { 'date' => '2001-04-23T15:45:51', 'version' => '1.10' }, { 'date' => '2001-05-16T23:20:35', 'version' => '1.11' }, { 'date' => '2001-12-10T21:02:24', 'version' => '2.0' }, { 'date' => '2002-03-04T19:59:38', 'version' => '2.1' }, { 'date' => '2006-05-27T01:36:59', 'version' => '2.200_01' }, { 'date' => '2006-05-31T01:58:52', 'version' => '2.200_02' }, { 'date' => '2006-06-02T02:17:31', 'version' => '2.200_03' }, { 'date' => '2006-06-04T20:18:18', 'version' => '2.200_04' }, { 'date' => '2006-06-05T03:39:12', 'version' => '2.200_05' }, { 'date' => '2006-07-16T21:50:04', 'version' => '2.201' }, { 'date' => '2006-07-21T12:18:37', 'version' => '2.202' }, { 'date' => '2006-07-22T00:53:55', 'version' => '2.203' }, { 'date' => '2006-09-19T11:26:30', 'version' => '2.210' }, { 'date' => '2006-09-19T11:38:19', 'version' => '2.211' }, { 'date' => '2006-10-31T15:24:49', 'version' => '2.212' }, { 'date' => '2007-02-15T17:05:02', 'version' => '2.213' }, { 'date' => '2007-02-15T19:32:24', 'version' => '2.214' }, { 'date' => '2007-02-19T21:14:15', 'version' => '2.215' }, { 'date' => '2007-02-27T01:52:17', 'version' => '2.216' }, { 'date' => '2007-03-05T17:16:08', 'version' => '2.217' }, { 'date' => '2007-03-06T16:24:21', 'version' => '2.218' }, { 'date' => '2007-06-14T22:28:51', 'version' => '2.219' }, { 'date' => '2007-07-14T19:04:32', 'version' => '2.220' }, { 'date' => '2007-09-17T13:26:24', 'version' => '2.221' }, { 'date' => '2007-11-02T03:23:46', 'version' => '2.222' }, { 'date' => '2008-04-17T20:32:32', 'version' => '2.223' }, { 'date' => '2009-09-18T17:22:37', 'version' => '2.224' }, { 'date' => '2009-11-23T19:27:24', 'version' => '2.225' }, { 'date' => '2011-11-11T16:37:46', 'version' => '2.226' }, { 'date' => '2011-11-14T19:21:44', 'version' => '2.227' }, { 'date' => '2013-09-29T01:21:47', 'version' => '2.228' } ] }, 'MailTools' => { 'advisories' => [ { 'affected_versions' => '<1.51', 'cves' => [ 'CVE-2002-1271' ], 'description' => 'The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx. ', 'distribution' => 'MailTools', 'fixed_versions' => '>=1.51', 'id' => 'CPANSA-Mail-Mailer-2002-1271', 'references' => [ 'http://www.iss.net/security_center/static/10548.php', 'http://www.debian.org/security/2003/dsa-386', 'http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php', 'http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html', 'http://www.securityfocus.com/bid/6104', 'http://marc.info/?l=bugtraq&m=103659723101369&w=2', 'http://marc.info/?l=bugtraq&m=103679569705086&w=2' ], 'reported' => '2002-11-12', 'severity' => undef } ], 'main_module' => 'MailTools', 'versions' => [ { 'date' => '1995-10-21T04:25:33', 'version' => '1.03' }, { 'date' => '1995-11-21T11:54:38', 'version' => '1.04' }, { 'date' => '1996-08-13T09:42:17', 'version' => '1.06' }, { 'date' => '1997-01-02T10:39:44', 'version' => '1.07' }, { 'date' => '1997-01-07T13:38:49', 'version' => '1.08' }, { 'date' => '1997-02-24T09:04:31', 'version' => '1.09' }, { 'date' => '1997-11-13T02:23:35', 'version' => '1.10' }, { 'date' => '1997-11-16T16:16:12', 'version' => '1.1001' }, { 'date' => '1997-11-18T01:49:48', 'version' => '1.1002' }, { 'date' => '1997-11-26T02:32:07', 'version' => '1.1003' }, { 'date' => '1998-01-03T03:56:45', 'version' => '1.11' }, { 'date' => '1998-09-26T14:47:35', 'version' => '1.12' }, { 'date' => '1999-03-31T17:45:02', 'version' => '1.13' }, { 'date' => '2000-03-29T12:35:40', 'version' => '1.14' }, { 'date' => '2000-04-14T10:53:46', 'version' => '1.1401' }, { 'date' => '2000-09-04T14:01:06', 'version' => '1.15' }, { 'date' => '2001-08-08T09:13:27', 'version' => '1.16' }, { 'date' => '2001-08-24T18:19:52', 'version' => '1.40' }, { 'date' => '2001-11-14T10:36:58', 'version' => '1.41' }, { 'date' => '2001-12-10T18:28:08', 'version' => '1.42' }, { 'date' => '2002-02-08T09:41:37', 'version' => '1.43' }, { 'date' => '2002-03-23T09:36:15', 'version' => '1.44' }, { 'date' => '2002-05-23T08:17:57', 'version' => '1.45' }, { 'date' => '2002-05-29T13:09:54', 'version' => '1.46' }, { 'date' => '2002-07-05T10:03:43', 'version' => '1.47' }, { 'date' => '2002-08-07T21:07:03', 'version' => '1.48' }, { 'date' => '2002-08-28T06:38:30', 'version' => '1.49' }, { 'date' => '2002-09-03T22:35:45', 'version' => '1.50' }, { 'date' => '2002-10-29T13:24:48', 'version' => '1.51' }, { 'date' => '2002-11-29T12:50:47', 'version' => '1.52' }, { 'date' => '2002-12-09T16:47:38', 'version' => '1.53' }, { 'date' => '2003-01-06T07:02:35', 'version' => '1.54' }, { 'date' => '2003-01-06T07:07:36', 'version' => '1.55' }, { 'date' => '2003-01-06T16:16:54', 'version' => '1.56' }, { 'date' => '2003-01-14T08:49:45', 'version' => '1.57' }, { 'date' => '2003-01-14T13:45:20', 'version' => '1.58' }, { 'date' => '2003-08-13T06:16:07', 'version' => '1.59' }, { 'date' => '2003-09-24T07:21:11', 'version' => '1.60' }, { 'date' => '2004-03-10T09:55:12', 'version' => '1.61' }, { 'date' => '2004-03-24T12:32:28', 'version' => '1.62' }, { 'date' => '2004-08-16T15:30:07', 'version' => '1.63' }, { 'date' => '2004-08-17T20:26:08', 'version' => '1.64' }, { 'date' => '2004-11-24T15:05:58', 'version' => '1.65' }, { 'date' => '2005-01-20T09:18:51', 'version' => '1.66' }, { 'date' => '2005-03-31T10:07:53', 'version' => '1.67' }, { 'date' => '2006-01-05T09:33:09', 'version' => '1.68' }, { 'date' => '2006-01-05T10:19:56', 'version' => '1.70' }, { 'date' => '2006-01-05T10:22:10', 'version' => '1.71' }, { 'date' => '2006-01-17T08:11:53', 'version' => '1.72' }, { 'date' => '2006-01-21T08:58:00', 'version' => '1.73' }, { 'date' => '2006-02-28T07:44:59', 'version' => '1.74' }, { 'date' => '2007-04-10T07:27:15', 'version' => '1.76' }, { 'date' => '2007-05-11T12:17:49', 'version' => '1.77' }, { 'date' => '2007-06-20T12:42:21', 'version' => '2.00_01' }, { 'date' => '2007-07-21T10:31:51', 'version' => '2.00_02' }, { 'date' => '2007-09-25T10:30:00', 'version' => '2.00_03' }, { 'date' => '2007-11-28T09:50:07', 'version' => '2.01' }, { 'date' => '2007-11-30T09:00:20', 'version' => '2.02' }, { 'date' => '2008-04-14T09:14:48', 'version' => '2.03' }, { 'date' => '2008-07-29T09:46:50', 'version' => '2.04' }, { 'date' => '2009-12-18T22:01:23', 'version' => '2.05' }, { 'date' => '2010-01-26T09:04:49', 'version' => '2.06' }, { 'date' => '2010-10-01T10:39:38', 'version' => '2.07' }, { 'date' => '2011-06-01T11:56:43', 'version' => '2.08' }, { 'date' => '2012-02-25T13:51:23', 'version' => '2.09' }, { 'date' => '2012-08-28T08:28:08', 'version' => '2.10' }, { 'date' => '2012-08-29T07:13:34', 'version' => '2.11' }, { 'date' => '2012-12-21T11:27:10', 'version' => '2.12' }, { 'date' => '2014-01-05T18:36:21', 'version' => '2.13' }, { 'date' => '2014-11-21T16:15:46', 'version' => '2.14' }, { 'date' => '2016-04-18T12:11:57', 'version' => '2.15' }, { 'date' => '2016-04-18T16:00:17', 'version' => '2.16' }, { 'date' => '2016-05-11T15:27:31', 'version' => '2.17' }, { 'date' => '2016-05-18T21:54:30', 'version' => '2.18' }, { 'date' => '2017-08-22T11:37:34', 'version' => '2.19' }, { 'date' => '2018-01-23T12:52:56', 'version' => '2.20' }, { 'date' => '2019-05-21T14:28:18', 'version' => '2.21' } ] }, 'Module-Load-Conditional' => { 'advisories' => [ { 'affected_versions' => '<0.66', 'cves' => [ 'CVE-2016-1238' ], 'description' => '(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. ', 'distribution' => 'Module-Load-Conditional', 'fixed_versions' => '>=0.66', 'id' => 'CPANSA-Module-Load-Conditional-2016-1238', 'references' => [ 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'severity' => 'high' } ], 'main_module' => 'Module::Load::Conditional', 'versions' => [ { 'date' => '2003-05-10T16:59:45', 'version' => '0.02' }, { 'date' => '2003-05-31T12:30:25', 'version' => '0.03' }, { 'date' => '2003-10-05T15:11:11', 'version' => '0.04' }, { 'date' => '2004-05-22T14:34:33', 'version' => '0.05' }, { 'date' => '2004-12-03T15:53:27', 'version' => '0.06' }, { 'date' => '2005-01-13T18:59:45', 'version' => '0.07' }, { 'date' => '2005-01-14T17:32:34', 'version' => '0.08' }, { 'date' => '2006-08-01T20:05:30', 'version' => '0.10' }, { 'date' => '2006-08-13T13:08:40', 'version' => '0.12' }, { 'date' => '2007-01-03T17:38:46', 'version' => '0.14' }, { 'date' => '2007-01-25T21:40:29', 'version' => '0.16' }, { 'date' => '2007-09-15T14:20:27', 'version' => '0.18' }, { 'date' => '2007-10-03T15:27:25', 'version' => '0.20' }, { 'date' => '2007-10-15T08:19:21', 'version' => '0.22' }, { 'date' => '2008-01-02T15:57:46', 'version' => '0.24' }, { 'date' => '2008-02-29T16:01:59', 'version' => '0.26' }, { 'date' => '2008-12-17T12:56:57', 'version' => '0.28' }, { 'date' => '2009-01-19T15:56:22', 'version' => '0.30' }, { 'date' => '2009-10-23T09:16:58', 'version' => '0.31_01' }, { 'date' => '2009-10-23T20:58:24', 'version' => '0.32' }, { 'date' => '2009-10-29T09:27:23', 'version' => '0.34' }, { 'date' => '2010-02-09T14:20:49', 'version' => '0.36' }, { 'date' => '2010-04-23T15:03:33', 'version' => '0.38' }, { 'date' => '2011-01-07T22:28:54', 'version' => '0.40' }, { 'date' => '2011-02-09T15:29:28', 'version' => '0.42' }, { 'date' => '2011-02-09T21:54:40', 'version' => '0.44' }, { 'date' => '2011-09-07T23:02:16', 'version' => '0.46' }, { 'date' => '2012-03-15T13:58:36', 'version' => '0.48' }, { 'date' => '2012-04-27T21:29:11', 'version' => '0.50' }, { 'date' => '2012-07-29T09:13:49', 'version' => '0.52' }, { 'date' => '2012-08-12T08:13:47', 'version' => '0.54' }, { 'date' => '2013-08-29T20:32:38', 'version' => '0.56' }, { 'date' => '2013-09-01T10:25:33', 'version' => '0.58' }, { 'date' => '2014-01-16T12:31:47', 'version' => '0.60' }, { 'date' => '2014-01-24T15:55:28', 'version' => '0.62' }, { 'date' => '2015-01-17T13:36:11', 'version' => '0.64' }, { 'date' => '2016-07-27T07:37:34', 'version' => '0.66' }, { 'date' => '2016-07-29T07:05:40', 'version' => '0.68' }, { 'date' => '2019-11-10T14:37:30', 'version' => '0.70' }, { 'date' => '2020-06-25T07:23:00', 'version' => '0.72' }, { 'date' => '2020-08-21T08:09:10', 'version' => '0.74' } ] }, 'Module-Metadata' => { 'advisories' => [ { 'affected_versions' => '<1.000015', 'cves' => [ 'CVE-2013-1437' ], 'description' => 'Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. ', 'distribution' => 'Module-Metadata', 'fixed_versions' => '>=1.000015', 'id' => 'CPANSA-Module-Metadata-2013-1437', 'references' => [ 'http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html', 'https://metacpan.org/changes/distribution/Module-Metadata', 'http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html' ], 'reported' => '2020-01-28', 'reviewed_by' => [ { 'date' => '2022-07-11', 'email' => 'rrwo@cpan.org', 'name' => 'Robert Rothenberg' } ], 'severity' => 'critical' } ], 'main_module' => 'Module::Metadata', 'versions' => [ { 'date' => '2010-07-06T21:16:54', 'version' => '1.000000' }, { 'date' => '2010-07-08T23:56:47', 'version' => '1.000001' }, { 'date' => '2010-12-10T17:07:09', 'version' => '1.000002' }, { 'date' => '2011-01-07T02:35:06', 'version' => '1.000003' }, { 'date' => '2011-02-03T07:55:40', 'version' => '1.000004' }, { 'date' => '2011-08-03T01:41:05', 'version' => '1.000005' }, { 'date' => '2011-08-29T19:48:33', 'version' => '1.000006' }, { 'date' => '2011-09-07T16:01:55', 'version' => '1.000007' }, { 'date' => '2012-02-08T03:31:54', 'version' => '1.000008' }, { 'date' => '2012-02-08T17:34:49', 'version' => '1.000009' }, { 'date' => '2012-07-29T19:21:55', 'version' => '1.000010' }, { 'date' => '2012-08-16T00:07:05', 'version' => '1.000010_001' }, { 'date' => '2012-08-16T00:15:02', 'version' => '1.000010_002' }, { 'date' => '2012-08-16T04:54:55', 'version' => '1.000010_003' }, { 'date' => '2012-08-16T19:57:31', 'version' => '1.000011' }, { 'date' => '2013-05-05T04:59:03', 'version' => '1.000012' }, { 'date' => '2013-05-08T23:00:33', 'version' => '1.000013' }, { 'date' => '2013-05-09T09:02:22', 'version' => '1.000014' }, { 'date' => '2013-08-21T15:46:56', 'version' => '1.000015' }, { 'date' => '2013-08-22T05:59:11', 'version' => '1.000016' }, { 'date' => '2013-09-11T01:06:02', 'version' => '1.000017' }, { 'date' => '2013-09-11T16:28:24', 'version' => '1.000018' }, { 'date' => '2013-10-06T16:50:13', 'version' => '1.000019' }, { 'date' => '2014-04-27T20:57:08', 'version' => '1.000020' }, { 'date' => '2014-04-29T18:29:51', 'version' => '1.000021' }, { 'date' => '2014-04-29T22:06:21', 'version' => '1.000022' }, { 'date' => '2014-06-02T02:39:20', 'version' => '1.000023' }, { 'date' => '2014-06-03T01:54:30', 'version' => '1.000024' }, { 'date' => '2015-01-04T18:57:40', 'version' => '1.000025' }, { 'date' => '2015-01-17T19:23:52', 'version' => '1.000026' }, { 'date' => '2015-04-11T00:23:53', 'version' => '1.000027' }, { 'date' => '2015-09-11T04:25:25', 'version' => '1.000028' }, { 'date' => '2015-09-11T16:26:57', 'version' => '1.000029' }, { 'date' => '2015-11-20T03:05:34', 'version' => '1.000030' }, { 'date' => '2015-11-24T03:59:40', 'version' => '1.000031' }, { 'date' => '2016-04-23T22:38:13', 'version' => '1.000032' }, { 'date' => '2016-07-24T23:34:48', 'version' => '1.000033' }, { 'date' => '2018-07-19T20:31:14', 'version' => '1.000034' }, { 'date' => '2019-04-18T02:44:48', 'version' => '1.000035' }, { 'date' => '2019-04-18T18:27:14', 'version' => '1.000036' }, { 'date' => '2019-09-07T18:34:09', 'version' => '1.000037' }, { 'date' => '2023-04-28T11:27:07', 'version' => '1.000038' } ] }, 'Module-Provision' => { 'advisories' => [ { 'affected_versions' => '<0.42.1', 'cves' => [ 'CVE-2016-1238' ], 'description' => '(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. ', 'distribution' => 'Module-Provision', 'fixed_versions' => '>=0.42.1', 'id' => 'CPANSA-Module-Provision-2016-1238', 'references' => [ 'http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html', 'http://www.securitytracker.com/id/1036440', 'http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab', 'https://rt.perl.org/Public/Bug/Display.html?id=127834', 'http://www.securityfocus.com/bid/92136', 'http://www.debian.org/security/2016/dsa-3628', 'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/', 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/', 'https://security.gentoo.org/glsa/201701-75', 'https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E', 'https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html', 'https://security.gentoo.org/glsa/201812-07', 'http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html' ], 'reported' => '2016-08-02', 'severity' => 'high' } ], 'main_module' => 'Module::Provision', 'versions' => [ { 'date' => '2013-04-14T19:20:34', 'version' => 'v0.3.43' }, { 'date' => '2013-04-15T12:46:30', 'version' => 'v0.3.44' }, { 'date' => '2013-04-15T17:33:39', 'version' => 'v0.3.45' }, { 'date' => '2013-04-21T16:14:43', 'version' => 'v0.4.47' }, { 'date' => '2013-04-22T15:09:36', 'version' => 'v0.4.51' }, { 'date' => '2013-04-24T04:13:42', 'version' => 'v0.6.59' }, { 'date' => '2013-04-24T23:34:41', 'version' => 'v0.7.4' }, { 'date' => '2013-04-27T01:18:07', 'version' => 'v0.7.6' }, { 'date' => '2013-04-27T11:36:59', 'version' => 'v0.7.7' }, { 'date' => '2013-04-30T22:32:47', 'version' => 'v0.8.3' }, { 'date' => '2013-05-02T18:45:43', 'version' => 'v0.9.5' }, { 'date' => '2013-05-04T00:14:46', 'version' => 'v0.10.1' }, { 'date' => '2013-05-04T20:22:41', 'version' => 'v0.11.1' }, { 'date' => '2013-05-06T15:08:18', 'version' => 'v0.12.1' }, { 'date' => '2013-05-08T15:51:41', 'version' => 'v0.12.3' }, { 'date' => '2013-05-09T23:42:20', 'version' => 'v0.12.5' }, { 'date' => '2013-05-10T19:29:24', 'version' => 'v0.12.6' }, { 'date' => '2013-05-11T02:15:00', 'version' => 'v0.13.1' }, { 'date' => '2013-05-11T13:59:50', 'version' => 'v0.14.2' }, { 'date' => '2013-05-12T18:03:55', 'version' => 'v0.15.3' }, { 'date' => '2013-05-14T12:49:37', 'version' => 'v0.15.5' }, { 'date' => '2013-05-15T17:55:40', 'version' => 'v0.15.6' }, { 'date' => '2013-05-15T20:59:19', 'version' => 'v0.15.7' }, { 'date' => '2013-05-16T23:02:48', 'version' => 'v0.15.8' }, { 'date' => '2013-05-19T12:59:15', 'version' => 'v0.15.9' }, { 'date' => '2013-06-08T17:12:50', 'version' => 'v0.16.1' }, { 'date' => '2013-07-28T18:42:27', 'version' => 'v0.17.16' }, { 'date' => '2013-07-29T16:10:28', 'version' => 'v0.17.17' }, { 'date' => '2013-07-29T23:51:34', 'version' => 'v0.17.18' }, { 'date' => '2013-07-30T13:06:37', 'version' => 'v0.17.19' }, { 'date' => '2013-08-07T17:56:55', 'version' => 'v0.18.0' }, { 'date' => '2013-08-07T17:58:22', 'version' => 'v0.18.1' }, { 'date' => '2013-08-08T13:39:44', 'version' => 'v0.18.2' }, { 'date' => '2013-08-10T08:51:08', 'version' => 'v0.18.3' }, { 'date' => '2013-08-10T21:18:54', 'version' => 'v0.18.4' }, { 'date' => '2013-08-17T15:47:30', 'version' => '0.20.1' }, { 'date' => '2013-08-21T12:36:06', 'version' => '0.21.1' }, { 'date' => '2013-08-21T12:56:35', 'version' => '0.22.1' }, { 'date' => '2013-09-14T09:38:12', 'version' => '0.23.1' }, { 'date' => '2013-09-16T20:23:50', 'version' => '0.24.1' }, { 'date' => '2013-11-23T13:38:55', 'version' => '0.25.1' }, { 'date' => '2013-11-25T21:30:21', 'version' => '0.26.1' }, { 'date' => '2013-12-11T17:25:32', 'version' => '0.27.1' }, { 'date' => '2013-12-12T14:23:50', 'version' => '0.28.1' }, { 'date' => '2013-12-12T21:54:50', 'version' => '0.29.1' }, { 'date' => '2014-01-24T21:05:50', 'version' => '0.31.2' }, { 'date' => '2014-05-01T14:42:10', 'version' => '0.32.1' }, { 'date' => '2014-05-15T20:55:59', 'version' => '0.33.1' }, { 'date' => '2014-05-19T11:47:05', 'version' => '0.34.1' }, { 'date' => '2014-10-28T13:51:21', 'version' => '0.36.1' }, { 'date' => '2015-02-11T17:52:30', 'version' => '0.38.1' }, { 'date' => '2015-02-11T19:03:04', 'version' => '0.39.1' }, { 'date' => '2015-06-08T21:47:29', 'version' => '0.40.1' }, { 'date' => '2016-04-04T12:15:12', 'version' => '0.41.1' }, { 'date' => '2017-05-08T19:30:17', 'version' => '0.42.1' } ] }, 'Module-Signature' => { 'advisories' => [ { 'affected_versions' => '<0.72', 'cves' => [ 'CVE-2013-2145' ], 'description' => 'The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/. ', 'distribution' => 'Module-Signature', 'fixed_versions' => '>=0.72', 'id' => 'CPANSA-Module-Signature-2013-01', 'references' => [ 'https://metacpan.org/changes/distribution/Module-Signature' ], 'reported' => '2013-08-19' } ], 'main_module' => 'Module::Signature', 'versions' => [ { 'date' => '2002-08-13T14:04:00', 'version' => '0.02' }, { 'date' => '2002-08-13T15:48:18', 'version' => '0.03' }, { 'date' => '2002-08-14T08:03:45', 'version' => '0.04' }, { 'date' => '2002-08-14T09:28:41', 'version' => '0.05' }, { 'date' => '2002-10-10T15:22:33', 'version' => '0.06' }, { 'date' => '2002-10-11T04:16:01', 'version' => '0.07' }, { 'date' => '2002-10-11T19:32:19', 'version' => '0.08' }, { 'date' => '2002-10-12T10:33:29', 'version' => '0.09' }, { 'date' => '2002-10-12T11:10:21', 'version' => '0.10' }, { 'date' => '2002-10-12T19:23:48', 'version' => '0.11' }, { 'date' => '2002-10-12T22:55:54', 'version' => '0.12' }, { 'date' => '2002-10-13T05:22:45', 'version' => '0.13' }, { 'date' => '2002-10-17T06:14:07', 'version' => '0.14' }, { 'date' => '2002-10-17T22:01:57', 'version' => '0.15' }, { 'date' => '2002-10-28T23:37:00', 'version' => '0.16' }, { 'date' => '2002-10-30T07:05:06', 'version' => '0.17' }, { 'date' => '2002-11-04T15:08:41', 'version' => '0.18' }, { 'date' => '2002-11-04T15:13:45', 'version' => '0.19' }, { 'date' => '2002-11-04T15:24:41', 'version' => '0.20' }, { 'date' => '2002-11-22T10:28:48', 'version' => '0.21' }, { 'date' => '2003-05-15T18:44:28', 'version' => '0.23' }, { 'date' => '2003-07-08T02:49:57', 'version' => '0.24' }, { 'date' => '2003-07-16T06:31:58', 'version' => '0.25' }, { 'date' => '2003-07-17T14:03:19', 'version' => '0.26' }, { 'date' => '2003-07-28T14:31:54', 'version' => '0.27' }, { 'date' => '2003-07-29T15:30:55', 'version' => '0.28' }, { 'date' => '2003-08-08T02:54:01', 'version' => '0.29' }, { 'date' => '2003-08-10T13:35:38', 'version' => '0.30' }, { 'date' => '2003-08-10T17:17:19', 'version' => '0.31' }, { 'date' => '2003-08-11T09:15:13', 'version' => '0.32' }, { 'date' => '2003-08-12T04:11:59', 'version' => '0.33' }, { 'date' => '2003-08-18T15:32:45', 'version' => '0.34' }, { 'date' => '2003-08-27T07:08:31', 'version' => '0.35' }, { 'date' => '2003-10-28T04:22:56', 'version' => '0.36' }, { 'date' => '2003-11-06T10:55:07', 'version' => '0.37' }, { 'date' => '2004-01-01T10:14:15', 'version' => '0.38' }, { 'date' => '2004-06-17T15:17:14', 'version' => '0.39' }, { 'date' => '2004-07-01T12:18:17', 'version' => '0.40' }, { 'date' => '2004-07-04T08:19:11', 'version' => '0.41' }, { 'date' => '2004-11-20T06:19:22', 'version' => '0.42' }, { 'date' => '2004-12-16T06:45:55', 'version' => '0.43' }, { 'date' => '2004-12-16T07:17:30', 'version' => '0.44' }, { 'date' => '2005-08-09T04:23:46', 'version' => '0.45' }, { 'date' => '2005-08-21T08:16:22', 'version' => '0.50' }, { 'date' => '2006-01-01T18:41:57', 'version' => '0.51' }, { 'date' => '2006-01-18T16:32:37', 'version' => '0.52' }, { 'date' => '2006-01-31T05:02:24', 'version' => '0.53' }, { 'date' => '2006-05-11T17:12:46', 'version' => '0.54' }, { 'date' => '2006-07-30T01:15:07', 'version' => '0.55' }, { 'date' => '2009-11-16T14:59:35', 'version' => '0.60' }, { 'date' => '2009-11-18T16:58:07', 'version' => '0.61' }, { 'date' => '2010-03-23T21:21:37', 'version' => '0.62' }, { 'date' => '2010-03-28T02:49:21', 'version' => '0.62' }, { 'date' => '2010-05-08T22:55:43', 'version' => '0.62' }, { 'date' => '2010-09-03T19:55:36', 'version' => '0.65' }, { 'date' => '2010-09-06T20:58:24', 'version' => '0.66' }, { 'date' => '2011-04-17T15:09:22', 'version' => '0.67' }, { 'date' => '2011-05-13T09:55:20', 'version' => '0.68' }, { 'date' => '2012-11-02T15:20:28', 'version' => '0.69' }, { 'date' => '2012-11-28T17:49:21', 'version' => '0.70' }, { 'date' => '2013-06-04T10:29:18', 'version' => '0.71' }, { 'date' => '2013-06-05T15:21:34', 'version' => '0.72' }, { 'date' => '2013-06-05T20:57:10', 'version' => '0.73' }, { 'date' => '2015-04-06T18:39:32', 'version' => '0.74' }, { 'date' => '2015-04-06T20:58:34', 'version' => '0.75' }, { 'date' => '2015-04-08T10:13:11', 'version' => '0.76' }, { 'date' => '2015-04-08T11:47:26', 'version' => '0.77' }, { 'date' => '2015-04-09T09:00:30', 'version' => '0.78' }, { 'date' => '2015-05-18T15:18:02', 'version' => '0.79' }, { 'date' => '2016-06-07T06:36:30', 'version' => '0.80' }, { 'date' => '2016-09-05T06:41:06', 'version' => '0.81' }, { 'date' => '2018-08-26T15:19:13', 'version' => '0.81' }, { 'date' => '2018-08-29T08:35:25', 'version' => '0.83' }, { 'date' => '2020-06-25T13:01:10', 'version' => '0.84' }, { 'date' => '2020-06-25T13:10:23', 'version' => '0.86' }, { 'date' => '2020-07-04T07:16:32', 'version' => '0.87' }, { 'date' => '2021-12-18T03:39:32', 'version' => '0.87' } ] }, 'MojoMojo' => { 'advisories' => [ { 'affected_versions' => '<0.999033', 'cves' => [], 'description' => 'Anonymous users can delete attachments. ', 'distribution' => 'MojoMojo', 'fixed_versions' => '>=0.999033', 'id' => 'CPANSA-MojoMojo-2009-01', 'references' => [ 'https://metacpan.org/changes/distribution/MojoMojo', 'https://github.com/mojomojo/mojomojo/commit/a9b9fd4f4f037627d30f3cbaa10abe42a3439637' ], 'reported' => '2009-08-14' } ], 'main_module' => 'MojoMojo', 'versions' => [ { 'date' => '2007-08-29T14:32:52', 'version' => '0.05' }, { 'date' => '2007-09-12T21:46:24', 'version' => '0.05' }, { 'date' => '2007-09-13T11:28:37', 'version' => '0.05' }, { 'date' => '2007-09-18T07:33:43', 'version' => '0.999004' }, { 'date' => '2007-09-18T08:02:02', 'version' => '0.999005' }, { 'date' => '2007-09-19T20:59:39', 'version' => '0.999006' }, { 'date' => '2007-09-23T23:30:59', 'version' => '0.999007' }, { 'date' => '2007-11-12T22:25:35', 'version' => '0.999008' }, { 'date' => '2008-01-20T23:15:07', 'version' => '0.999010' }, { 'date' => '2008-01-23T23:00:05', 'version' => '0.999011' }, { 'date' => '2008-02-05T23:20:47', 'version' => '0.999012' }, { 'date' => '2008-03-05T00:34:49', 'version' => '0.999013' }, { 'date' => '2008-05-02T18:11:49', 'version' => '0.999014' }, { 'date' => '2008-05-03T16:10:08', 'version' => '0.999015' }, { 'date' => '2008-06-29T13:03:39', 'version' => '0.999016' }, { 'date' => '2008-07-09T14:26:56', 'version' => '0.999017' }, { 'date' => '2008-07-16T19:26:46', 'version' => '0.999018' }, { 'date' => '2008-07-19T21:33:36', 'version' => '0.999018' }, { 'date' => '2008-07-29T16:25:08', 'version' => '0.999018' }, { 'date' => '2008-11-01T01:04:37', 'version' => '0.999021' }, { 'date' => '2008-11-15T09:09:37', 'version' => '0.999022' }, { 'date' => '2008-11-23T16:45:05', 'version' => '0.999023' }, { 'date' => '2008-12-31T17:53:50', 'version' => '0.999024' }, { 'date' => '2009-01-04T22:51:40', 'version' => '0.999025' }, { 'date' => '2009-01-07T23:28:15', 'version' => '0.999026' }, { 'date' => '2009-01-30T23:29:25', 'version' => '0.999027' }, { 'date' => '2009-04-23T10:06:20', 'version' => '0.999028' }, { 'date' => '2009-05-09T23:21:10', 'version' => '0.999029' }, { 'date' => '2009-07-18T19:39:14', 'version' => '0.999030' }, { 'date' => '2009-07-26T19:39:37', 'version' => '0.999031' }, { 'date' => '2009-08-02T21:28:51', 'version' => '0.999032' }, { 'date' => '2009-08-14T12:50:18', 'version' => '0.999033' }, { 'date' => '2009-09-04T18:27:34', 'version' => '0.999040' }, { 'date' => '2009-10-26T16:07:25', 'version' => '0.999041' }, { 'date' => '2009-12-02T08:22:24', 'version' => '0.999042' }, { 'date' => '2010-05-11T22:58:19', 'version' => '1.00' }, { 'date' => '2010-05-27T07:44:39', 'version' => '1.01' }, { 'date' => '2010-08-30T21:24:41', 'version' => '1.02' }, { 'date' => '2011-01-13T12:48:10', 'version' => '1.03' }, { 'date' => '2011-03-12T23:37:45', 'version' => '1.04' }, { 'date' => '2011-09-14T10:09:05', 'version' => '1.05' }, { 'date' => '2012-08-07T10:39:42', 'version' => '1.06' }, { 'date' => '2012-11-12T23:30:00', 'version' => '1.07' }, { 'date' => '2013-01-06T07:46:41', 'version' => '1.08' }, { 'date' => '2013-01-25T16:06:42', 'version' => '1.09' }, { 'date' => '2013-05-12T22:59:03', 'version' => '1.10' }, { 'date' => '2014-12-25T17:13:24', 'version' => '1.11' }, { 'date' => '2017-05-13T13:47:52', 'version' => '1.12' } ] }, 'Mojolicious' => { 'advisories' => [ { 'affected_versions' => '<9.31', 'cves' => [], 'description' => 'Mojo::DOM did not correctly parse