Register | Log in

libcatalyst-authentication-credential-http-perl

HTTP Basic and Digest authentication for Catalyst

Choose email to subscribe with

general

source: libcatalyst-authentication-credential-http-perl (main)
version: 1.018-4
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: Jonas Smedegaard [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.018-1
oldstable: 1.018-2
stable: 1.018-3
testing: 1.018-3
unstable: 1.018-4

versioned links

1.018-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.018-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.018-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.018-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcatalyst-authentication-credential-http-perl

action needed

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-40920: Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.

Created: 2025-08-12 Last update: 2025-08-12 23:32

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-40920: (needs triaging) Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-08-12 Last update: 2025-08-12 23:32

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-40920: (needs triaging) Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-08-12 Last update: 2025-08-12 23:32

testing migrations

excuses:
- Migrates after: libcrypt-sysrandom-perl
- Migration status for libcatalyst-authentication-credential-http-perl (1.018-3 to 1.018-4): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ autopkgtest for ciderwebmail: amd64: Test in progress, arm64: Test in progress, armel: Test in progress, armhf: Test in progress, i386: Test in progress, ppc64el: Test in progress, riscv64: Test in progress, s390x: Test in progress
- ∙ ∙ autopkgtest for libcatalyst-authentication-credential-http-perl: amd64: Test in progress, arm64: Test in progress, armel: Test in progress, armhf: Test in progress, i386: Test in progress, ppc64el: Test in progress, riscv64: Test in progress, s390x: Test in progress
- ∙ ∙ Too young, only 0 of 5 days old
- ∙ ∙ No reproducible data available at all for amd64
- ∙ ∙ No reproducible data available at all for arm64
- ∙ ∙ Build-Depends-Indep: libcatalyst-authentication-credential-http-perl libcrypt-sysrandom-perl
- ∙ ∙ Depends: libcatalyst-authentication-credential-http-perl libcrypt-sysrandom-perl
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libc/libcatalyst-authentication-credential-http-perl.html
- Not considered

news

[2025-08-12] Accepted libcatalyst-authentication-credential-http-perl 1.018-4 (source) into unstable (gregor herrmann)
[2024-03-11] libcatalyst-authentication-credential-http-perl 1.018-3 MIGRATED to testing (Debian testing watch)
[2024-03-04] Accepted libcatalyst-authentication-credential-http-perl 1.018-3 (source) into unstable (gregor herrmann)
[2022-06-12] libcatalyst-authentication-credential-http-perl 1.018-2 MIGRATED to testing (Debian testing watch)
[2022-06-09] Accepted libcatalyst-authentication-credential-http-perl 1.018-2 (source) into unstable (Jelmer Vernooĳ) (signed by: Jelmer Vernooij)
[2017-10-29] libcatalyst-authentication-credential-http-perl 1.018-1 MIGRATED to testing (Debian testing watch)
[2017-10-23] Accepted libcatalyst-authentication-credential-http-perl 1.018-1 (source) into unstable (Damyan Ivanov)
[2017-08-08] libcatalyst-authentication-credential-http-perl 1.016-3 MIGRATED to testing (Debian testing watch)
[2017-08-02] Accepted libcatalyst-authentication-credential-http-perl 1.016-3 (source) into unstable (gregor herrmann)
[2014-12-18] libcatalyst-authentication-credential-http-perl 1.016-2 MIGRATED to testing (Britney)
[2014-11-04] Accepted libcatalyst-authentication-credential-http-perl 1.016-2 (source all) into unstable (Jonas Smedegaard)
[2013-08-13] libcatalyst-authentication-credential-http-perl 1.016-1 MIGRATED to testing (Debian testing watch)
[2013-08-02] Accepted libcatalyst-authentication-credential-http-perl 1.016-1 (source all) (Jonas Smedegaard)
[2013-07-31] libcatalyst-authentication-credential-http-perl 1.015-2 MIGRATED to testing (Debian testing watch)
[2013-07-20] Accepted libcatalyst-authentication-credential-http-perl 1.015-2 (source all) (Jonas Smedegaard)
[2013-05-05] libcatalyst-authentication-credential-http-perl 1.015-1 MIGRATED to testing (Debian testing watch)
[2012-08-08] Accepted libcatalyst-authentication-credential-http-perl 1.015-1 (source all) (Jonas Smedegaard)
[2012-06-18] libcatalyst-authentication-credential-http-perl 1.014-1 MIGRATED to testing (Debian testing watch)
[2012-06-07] Accepted libcatalyst-authentication-credential-http-perl 1.014-1 (source all) (Jonas Smedegaard)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.018-3

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing