Debian Package Tracker
Register | Log in
Subscribe

libauthen-sasl-perl

Authen::SASL - SASL Authentication framework

Choose email to subscribe with

general
  • source: libauthen-sasl-perl (main)
  • version: 2.1900-1
  • maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
  • uploaders: Ansgar Burchardt [DMD]
  • arch: all
  • std-ver: 4.7.2
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 2.1600-1.1
  • oldstable: 2.1600-3
  • stable: 2.1700-1
  • testing: 2.1900-1
  • unstable: 2.1900-1
versioned links
  • 2.1600-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.1600-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.1700-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.1900-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libauthen-sasl-perl (2 bugs: 0, 1, 1, 0)
action needed
1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:
  • CVE-2025-40918: (needs triaging) Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-07-16 Last update: 2025-08-17 09:00
1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:
  • CVE-2025-40918: (needs triaging) Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. It is RECOMMENDED that it contain at least 64 bits of entropy.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-07-16 Last update: 2025-08-17 09:00
news
[rss feed]
  • [2025-08-18] libauthen-sasl-perl 2.1900-1 MIGRATED to testing (Debian testing watch)
  • [2025-08-10] Accepted libauthen-sasl-perl 2.1900-1 (source) into unstable (Salvatore Bonaccorso)
  • [2025-08-10] Accepted libauthen-sasl-perl 2.1800-1 (source) into unstable (gregor herrmann)
  • [2023-10-27] libauthen-sasl-perl 2.1700-1 MIGRATED to testing (Debian testing watch)
  • [2023-09-24] Accepted libauthen-sasl-perl 2.1700-1 (source) into unstable (gregor herrmann)
  • [2022-10-16] libauthen-sasl-perl 2.1600-3 MIGRATED to testing (Debian testing watch)
  • [2022-10-13] Accepted libauthen-sasl-perl 2.1600-3 (source) into unstable (Jelmer Vernooij) (signed by: Jelmer Vernooij)
  • [2022-06-11] libauthen-sasl-perl 2.1600-2 MIGRATED to testing (Debian testing watch)
  • [2022-06-08] Accepted libauthen-sasl-perl 2.1600-2 (source) into unstable (Jelmer Vernooij) (signed by: Jelmer Vernooij)
  • [2020-12-24] libauthen-sasl-perl 2.1600-1.1 MIGRATED to testing (Debian testing watch)
  • [2020-12-18] Accepted libauthen-sasl-perl 2.1600-1.1 (source) into unstable (Holger Levsen)
  • [2014-03-21] libauthen-sasl-perl 2.1600-1 MIGRATED to testing (Debian testing watch)
  • [2014-03-10] Accepted libauthen-sasl-perl 2.1600-1 (source all) (Daniel Lintott) (signed by: gregor herrmann)
  • [2010-06-17] libauthen-sasl-perl 2.1500-1 MIGRATED to testing (Debian testing watch)
  • [2010-06-06] Accepted libauthen-sasl-perl 2.1500-1 (source all) (Ansgar Burchardt) (signed by: Chris Butler)
  • [2010-04-04] libauthen-sasl-perl 2.14-1 MIGRATED to testing (Debian testing watch)
  • [2010-03-17] Accepted libauthen-sasl-perl 2.14-1 (source all) (Franck Joncourt)
  • [2009-10-08] libauthen-sasl-perl 2.13-1 MIGRATED to testing (Debian testing watch)
  • [2009-09-27] Accepted libauthen-sasl-perl 2.13-1 (source all) (Gunnar Wolf) (signed by: Gunnar Eyal Wolf Iszaevich)
  • [2008-07-12] libauthen-sasl-perl 2.12-1 MIGRATED to testing (Debian testing watch)
  • [2008-07-01] Accepted libauthen-sasl-perl 2.12-1 (source all) (Gunnar Wolf)
  • [2008-05-07] libauthen-sasl-perl 2.11-1 MIGRATED to testing (Debian testing watch)
  • [2008-04-26] Accepted libauthen-sasl-perl 2.11-1 (source all) (AGOSTINI Yves) (signed by: gregor herrmann)
  • [2008-04-16] libauthen-sasl-perl 2.10-1.1 MIGRATED to testing (Debian testing watch)
  • [2008-04-05] Accepted libauthen-sasl-perl 2.10-1.1 (source all) (Stephen Gran)
  • [2006-04-14] libauthen-sasl-perl 2.10-1 MIGRATED to testing (Debian testing watch)
  • [2006-04-02] Accepted libauthen-sasl-perl 2.10-1 (source all) (Florian Ragwitz)
  • [2005-08-12] Accepted libauthen-sasl-perl 2.09-1 (source all) (Florian Ragwitz) (signed by: Joachim Breitner)
  • [2005-04-09] Accepted libauthen-sasl-perl 2.08-2 (all source) (Davide Puricelli (evo)) (signed by: Davide Puricelli)
  • [2004-08-21] Accepted libauthen-sasl-perl 2.08-1 (all source) (Davide Puricelli (evo)) (signed by: Davide Puricelli)
  • 1
  • 2
bugs [bug history graph]
  • all: 2
  • RC: 0
  • I&N: 1
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.1700-1
  • 1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing