Fedora alert FEDORA-2025-c38fd06bec (perl-Mojolicious)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 41 Update: perl-Mojolicious-9.39-1.fc41 | |
| Date: | Wed, 21 May 2025 02:06:17 +0000 | |
| Message-ID: | <20250521020617.B28162046AFB@bastion01.iad2.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c38fd06bec 2025-05-21 02:04:40.357842+00:00 -------------------------------------------------------------------------------- Name : perl-Mojolicious Product : Fedora 41 Version : 9.39 Release : 1.fc41 URL : https://metacpan.org/release/Mojolicious Summary : A next generation web framework for Perl Description : Back in the early days of the web there was this wonderful Perl library called CGI, many people only learned Perl because of it. It was simple enough to get started without knowing much about the language and powerful enough to keep you going, learning by doing was much fun. While most of the techniques used are outdated now, the idea behind it is not. Mojolicious is a new attempt at implementing this idea using state of the art technology. -------------------------------------------------------------------------------- Update Information: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. Mojolicious 9.39 added EXPERIMENTAL support for encrypted session cookies. This feature is much more secure than signed cookies and can be enabled by installing CryptX and setting the encrypted attribute. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 24 2024 Emmanuel Seyman <emmanuel@seyman.fr> - 9.39-1 - Update to 9.39 * Sun Sep 1 2024 Emmanuel Seyman <emmanuel@seyman.fr> - 9.38-1 - Update to 9.38 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364057 - CVE-2024-58134 perl-Mojolicious: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2364057 [ 2 ] Bug #2364058 - CVE-2024-58134 perl-Mojolicious: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2364058 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c38fd06bec' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue