Register | Log in

libdancer-perl

effortless web application framework

Choose email to subscribe with

general

source: libdancer-perl (main)
version: 1.3522-1
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: Damyan Ivanov [DMD] – gregor herrmann [DMD] – Iñigo Tejedor Arrondo [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.3513+dfsg-1
oldstable: 1.3521+dfsg-1
stable: 1.3521+dfsg-1
testing: 1.3522-1
unstable: 1.3522-1

versioned links

1.3513+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3521+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3522-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libdancer-perl

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems.

Created: 2026-04-30 Last update: 2026-05-01 10:02

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems.

Created: 2026-04-30 Last update: 2026-05-01 10:02

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems.

Created: 2026-04-30 Last update: 2026-05-01 10:02

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems.

Created: 2026-04-30 Last update: 2026-05-01 10:02

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems.

Created: 2026-04-30 Last update: 2026-05-01 10:02

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-03-31 15:01

news

[2026-02-24] libdancer-perl 1.3522-1 MIGRATED to testing (Debian testing watch)
[2026-02-21] Accepted libdancer-perl 1.3522-1 (source) into unstable (gregor herrmann)
[2023-02-13] libdancer-perl 1.3521+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-02-10] Accepted libdancer-perl 1.3521+dfsg-1 (source) into unstable (gregor herrmann)
[2023-01-08] libdancer-perl 1.3520+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-01-05] Accepted libdancer-perl 1.3520+dfsg-2 (source) into unstable (gregor herrmann)
[2023-01-03] Accepted libdancer-perl 1.3520+dfsg-1 (source) into unstable (gregor herrmann)
[2022-11-18] libdancer-perl 1.3513+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-11-14] Accepted libdancer-perl 1.3513+dfsg-2 (source) into unstable (gregor herrmann)
[2020-02-02] libdancer-perl 1.3513+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-01-30] Accepted libdancer-perl 1.3513+dfsg-1 (source) into unstable (gregor herrmann)
[2018-12-26] libdancer-perl 1.3500+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-12-23] Accepted libdancer-perl 1.3500+dfsg-1 (source) into unstable (gregor herrmann)
[2018-08-31] libdancer-perl 1.3400+dfsg-2 MIGRATED to testing (Debian testing watch)
[2018-08-28] Accepted libdancer-perl 1.3400+dfsg-2 (source) into unstable (gregor herrmann)
[2018-08-12] libdancer-perl 1.3400+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-08-09] Accepted libdancer-perl 1.3400+dfsg-1 (source) into unstable (Damyan Ivanov)
[2015-11-14] libdancer-perl 1.3202+dfsg-1 MIGRATED to testing (Britney)
[2015-11-08] Accepted libdancer-perl 1.3202+dfsg-1 (source) into unstable (gregor herrmann)
[2015-07-10] libdancer-perl 1.3140+dfsg-1 MIGRATED to testing (Britney)
[2015-07-04] Accepted libdancer-perl 1.3140+dfsg-1 (source all) into unstable (gregor herrmann)
[2015-05-15] libdancer-perl 1.3135+dfsg-1 MIGRATED to testing (Britney)
[2015-05-09] Accepted libdancer-perl 1.3135+dfsg-1 (source all) into unstable (gregor herrmann)
[2014-11-03] libdancer-perl 1.3132+dfsg-1 MIGRATED to testing (Britney)
[2014-10-23] Accepted libdancer-perl 1.3132+dfsg-1 (source all) into unstable (gregor herrmann)
[2014-10-19] libdancer-perl 1.3130+dfsg-1 MIGRATED to testing (Britney)
[2014-10-08] Accepted libdancer-perl 1.3130+dfsg-1 (source all) into unstable (gregor herrmann)
[2014-07-22] libdancer-perl 1.3126+dfsg-1 MIGRATED to testing (Britney)
[2014-07-16] Accepted libdancer-perl 1.3126+dfsg-1 (source all) (gregor herrmann)
[2014-05-17] libdancer-perl 1.3124+dfsg-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.3521+dfsg-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing