IO-Socket-SSL 1.14 Deleted
Security Advisories
CVE-2010-4334
The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.
- http://osvdb.org/69626
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058
- http://www.securityfocus.com/bid/45189
- http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes
- http://secunia.com/advisories/42508
- http://secunia.com/advisories/42757
- http://www.openwall.com/lists/oss-security/2010/12/09/8
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html
- http://www.openwall.com/lists/oss-security/2010/12/24/1
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:092
Fixed version: >=1.35
Reported: 2011-01-14
CVE-2009-3024
The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.
- http://www.openwall.com/lists/oss-security/2009/08/31/4
- http://www.openwall.com/lists/oss-security/2009/08/28/1
- http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes
- http://www.openwall.com/lists/oss-security/2009/08/29/1
- http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
- http://www.vupen.com/english/advisories/2011/0118
- http://www.gentoo.org/security/en/glsa/glsa-201101-06.xml
- http://secunia.com/advisories/42893
Fixed version: >=1.26
Reported: 2009-08-31
Kwalitee Issues
No Core Issues.
- meta_yml_declares_perl_version
-
If you are using Build.PL define the {requires}{perl} = VERSION field. If you are using MakeMaker (Makefile.PL) you should upgrade ExtUtils::MakeMaker to 6.48 and use MIN_PERL_VERSION parameter. Perl::MinimumVersion can help you determine which version of Perl your module needs.
- has_meta_json
-
Add a META.json to the distribution. Your buildtool should be able to autogenerate it.
- no_stdin_for_prompting
-
Use the prompt() method from ExtUtils::MakeMaker/Module::Build.
- use_warnings
-
Add 'use warnings' (or its equivalents) to all modules, or convince us that your favorite module is well-known enough and people can easily see the modules warn when something bad happens.
Error: IO::Socket::SSL
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- meta_yml_has_repository_resource
-
Add a 'repository' resource to the META.yml via 'meta_add' accessor (for Module::Build) or META_ADD parameter (for ExtUtils::MakeMaker).
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
IO::Socket::SSL | Nearly transparent SSL encapsulation for IO::Socket::INET. | 1.14 | metacpan |