-
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Changes
369 lines (272 loc) · 10.4 KB
/
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
Revision history for Perl extension CPAN-Audit
20240911.001_01 2024-09-10T16:51:05Z
* check `cpan-audit dist perl 5.024004` for #62
20240910.001 2024-09-10T15:07:37Z
* data update for 2024-09-10
* fix --version message for cpan-audit so it does not show warning
20240908.001 2024-09-09T08:35:55Z
* Data upate for 2024-09-08. This inclues CVE-2024-45321 for
App::cpanminus.
20240826.002 2024-08-26T06:11:07Z
* data update for 2024-08-26
* new report for Mozilla::CA (briandfoy/cpan-security-advisory#161)
20240824.003 2024-08-24T06:51:28Z
* data update for 2024-08-24
* now uses the v2 version of the cpan-security-advisory, which allows
for arrays of values for affected_versions and fixed versions.
* this is the first step toward breaking out the CPAN::Audit::DB module
into a separate distribution
20240824.001 2024-08-23T16:06:49Z
* data update for 2024-08-24
* some additional reports for Image::ExifTool
20240822.001 2024-08-22T06:32:12Z
* Data update for 2024-08-22
20240718.001 2024-07-18T17:32:37Z
* data update, and fix for briandfoy/cpan-security-advisory#157
20240715.001 2024-07-15T05:54:32Z
* data update for 2024-07-15
20240626.001 2024-06-26T14:35:29Z
* data update for 2024-06-26 (mainly polyfill.io compromise)
https://stackdiary.com/polyfill-compromise-hits-100000-sites-in-a-supply-chain-attack/
20240615.002 2024-06-15T15:57:57Z
* update the POSIX::2008 advisories
20240615.001 2024-06-15T05:41:25Z
* Data update for 2024-06-15
* Added advisory for POSIX::2008 (briandfoy/cpan-security-advisory#154)
20240601.001 2024-06-01T20:15:25Z
* data update for 2024-06-01
20240503.001 2024-05-03T17:25:39Z
* Data update for 2024-05-03; inlcudes CVE-2024-4140 for Email::MIME
20240430.001 2024-04-30T23:00:42Z
* data update for 2024-04-30
* includes CVE-2024-2467 - Crypt::OpenSSL::RSA
20240414.001 2024-04-15T00:01:30Z
* data update for 2024-04-14
20240410.001 2024-04-10T17:51:12Z
* data update for 2024-04-10
20240401.002 2024-04-01T12:27:17Z
* Fix some incorrect data in CPANSA-HTTP-Body-2013-4407 (CVE report
is wrong). From Stig in briandfoy/cpan-security-advisory#150 .
20240401.001 2024-04-01T11:50:11Z
* data update for 2024-04-01
* fix data issue for Mojolicious report (briandfoy/cpan-security-advisory#149)
(Timothy Legge)
20240329.002 2024-03-29T12:08:01Z
* Data update for 2024-03-29
20240318.001 2024-03-19T01:54:37Z
* Data update for 2024-03-18
* CVE-2013-4184 for Data::UUID is resolved by 1.227
20240307.001 2024-03-09T01:47:48Z
* Latest updates to reports and CPAN versions
20240302.001 2024-03-03T00:40:47Z
* Data update for 2024-03-02
20240215.001 2024-02-16T04:10:22Z
* data update for 2024-02-15
* add --exit-zero option to always exit with unix true even if there
are advisories (#57 from Mario Minati)
20240209.001 2024-02-10T06:44:21Z
* Fix docs for the --fresh option (mariominati22, #56)
20240117.001 2024-01-17T18:00:26Z
* Update for Spreadsheet::ParseXLSX XXE bug. (GitHub #134)
20240110.002 2024-01-10T21:33:57Z
* data update for 2024-01-10
* A CVE was assigned for Spreadsheet::Parse::XLSX, so a report was
updated (briandfoy/cpan-security-advisory#131)
20240110.001 2024-01-10T16:22:34Z
* Data update for 2024-01-10
20240103.002 2024-01-04T02:55:45Z
* Update database (#55)
20240103.001 2024-01-03T18:23:43Z
* Database update for 2024-01-03
20231226.001 2023-12-26T12:58:18Z
Data update for 2023-12-26
20231129.001 2023-11-29T20:14:52Z
* Update for 2023-11-29. This includes the CVE-2023-47038 and
CVE-2023-47039, both on perl.
20230826.001 2023-08-26T08:48:19Z
* Update for CVE-2022-48522 (perl)
20230709.001 2023-07-09T23:24:24Z
* Renée Bäcker added 'queried_module' to the JSON output so yoou
can tie what you asked about to the distribution the report gave
you. GitHub #50.
20230601.002 2023-06-02T15:43:55Z
* Fix a problem that masked some reports from Mojolicious
* Fixed a report for PGObject::Util::DBAdmin that used the wrong namespace
* Moved MojoX::Dispatch::Static report to Mojolicious
* Data update for 2023-06-02
20230601.001 2023-06-02T01:21:17Z
* Database update up to 2023-06-01
* Many improvements to util/generate from the Perl Toolchain Summit
and garu
20230309.004 2023-03-09T12:01:45Z
* Fix the GPG signature
20230309.003 2023-03-09T11:52:21Z
* Fix the GPG signature
20230309.002 2023-03-09T10:13:33Z
* Data cleansing for HTTP::Daemon and App::cpanminus. Thanks to
Salve Nilsen and Robert Rothenberg.
20230309.001 2023-03-09T06:44:23Z
* Make the 'dist' option do the same thing as 'release', from
Salve Nilsen.
* No updates to the database
20230308.001 2023-03-08T23:49:32Z
* Latest database with some new reports and some fixes to existing
reports. Thanks to Salve Nilsen, Robert Rothenberg, and others for
the updates.
20230205.001 2023-02-05T14:20:15Z
* fix test that checks for exit value of advisory count. Max is now
126 so we don't bump into 127.
20230202.003 2023-02-03T02:48:17Z
* Advisories for Apache-Session-Browseable and Apache-Session-LDAP
20230125.002 2023-01-26T00:55:49Z
* fixes a test and a missing method. The previous 202301* releases
are no good.
20230125.001_002 2023-01-25T19:18:38Z
* Github #34 - missing message() method (Robert Rothenberg)
20230125.001_001 2023-01-25T18:03:16Z
* Fix json testing bug (Robert Rothenberg, #35)
* no updates to DB
20230104.001 2023-01-24T19:56:41Z
* January update
20230104.001 2023-01-04T20:58:18Z
* Add --json to get output in JSON (Renée Bäcker, #24)
* Updated for latest advisories
20220817.001 2022-08-18T22:27:26Z
* Added the --exclude-file option to cpan-audit (Graham TerMarsch)
* No database updates just yet as we straighten out some things in
cpan-security-advisory
20220729.001 2022-07-29T06:29:54Z
* Added feature to exclude reports, mostly for those persistent
vulnerabilities, such as File::Temp, that won't go away.
* Added a freshness check. You can check if your database is
old.
* There's no database update in this release. That's coming soon.
20220713.001_001 2022-07-15T16:38:39Z
* Try out a way to exclude some reports (say, like File::Temp)
from Graham TerMarsch (Github #5). This feature might change.
* No database updates in this release.
20220708.001 2022-07-08T08:51:14Z
* Many more reports (thanks to Robert Rothenberg)
20220705.001 2022-07-05T16:44:45Z
* check for simple "freshness" of DB with `cpan-audit -f`
* weekly update for the data - too many additions to list (thanks
to Robert Rothenberg)
20220629.003 2022-06-29T17:56:53Z
* This is the same as the last release, where I forgot to update the
version in CPAN::Audit to match that in CPAN::Audit::DB.
20220627.003 2022-06-29T15:44:34Z
* Updates for CPANSA-App-revealup, Mozilla-CA, Plack-Middleware-StaticShared,
and CPANSA-Socket (Robert Rothenberg)
* Starting to track which problems are embedded, non-Perl libraries
(Robert Rothenberg)
* The lib/CPAN/Audit/DB.pm file is now GPG-signed, although we don't do
anything with that just yet. See GPG_README.md.
* There are several discussions on GitHub where people can note their
preferences on future development.
20220625.001 2022-06-25T19:44:05Z
* Updates to File::Slurp and JavaScript::Duktape(::XS)?
* New reports for Crypt
20220624.001 2022-06-25T00:35:07Z
* reports for JavaScript-Duktape-XS, File-Slurp, RPC-XML, CBOX-XS,
IPC-Run, XML-Simple, Sys-Syslog, WWW-Mechanize, LWP, Imager, GD,
CryptX, Mojolicious, all from Robert Rothenberg.
20220622.002 2022-06-22T23:33:43Z
* I put the docs in the wrong file!
20220622.001 2022-06-22T20:59:18Z
* Advisories for Plack, DBD::SQLite from Robert Rothenberg
* Refactored and documented util/generated - can now output JSON,
although that probably isn't useful yet
20220620.001 2022-06-21T03:14:25Z
* Add CVE-2020-8927 for IO-Compress-Brotli (Robert Rothenberg)
briandfoy/cpan-security-advisory#18
* Fix to perl versions so they don't appear as if they are in
the future (#4)
20220613.001 2022-06-13T18:10:47Z
* Fix DB for Perl versions by specify all versions as semantic versions
(noted by Robert Rothenberg)
20220611 2022-06-12T22:58:50Z
* Use GNU tar instead of bsdtar. Upgrading macOS apparently breaks
the established way of avoiding weird Mac tarballs.
* Added a couple of ancient security reports to CPANSA.
20220608 2022-06-08T15:08:53Z
* Update for the latest CVEs
* Now also tracks CVEs in perl too
* now maintained by brian d foy
0.15 2019-03-09T09:47:36Z
- regenerate database fixing Plack-Middleware-Session distribution name
0.14 2019-01-26T10:23:21Z
[ADVISORIES]
CPANSA-Dancer2
CPANSA-HTTP-Session2
CPANSA-Plack-Middleware-Session-Cookie
0.13 2018-11-22T20:38:09Z
- --no-corelist option by MCRayRay
- test fixes
0.12 2018-11-11T19:43:25Z
- require Module::CoreList latest version
0.11 2018-11-11T18:57:53Z
- check core modules by James Raspass
0.10 2018-11-07T20:17:30Z
- --quiet option
- small refactoring
- require the latest version of Pod::Usage
0.09 2018-11-05T21:17:35Z
- do not hide db from pause (#7)
0.08 2018-10-17T18:10:41Z
[ADVISORIES]
- CPANSA-Net-DNS
- CPANSA-PAR
- CPANSA-PAR-Packer
- CPANSA-RT-Authen-ExternalAuth
- CPANSA-Tk
- CPANSA-UI-Dialog (updated)
- CPANSA-XML-LibXML
0.07 2018-10-16T21:37:20Z
- test fixes
0.06 2018-10-16T19:19:22Z
- use name instead of fullname
- fix installed modules discovery
0.05 2018-10-15T19:36:39Z
[ADVISORIES]
- CPANSA-MHonArc
- CPANSA-Module-Signature
- CPANSA-libapreq2
- CPANSA-mod_perl
- CPANSA-Compress-Raw-Bzip2
- CPANSA-Compress-Raw-Zlib
[IMPROVEMENTS]
- kritika.io and metacpan badges
0.04 2018-10-14T10:56:27Z
[FEATURES]
- install command accepts path to installations
[IMPROVEMENTS]
- get rid of Carton dependency
- more test coverage
- CI integrations
- perl 5.8 compat
0.03 2018-10-13T12:59:36Z
[ADVISORIES]
- CPANSA-App-Github-Email
- CPANSA-Crypt-OpenSSL-DSA
- CPANSA-Crypt-Passwd-XS
- CPANSA-DBD-MariaDB
- CPANSA-Dancer
- CPANSA-Data-Dumper
- CPANSA-Email-Address
- CPANSA-Encode
- CPANSA-ExtUtils-MakeMaker
- CPANSA-FCGI
- CPANSA-Fake-Encode
- CPANSA-Fake-Our
- CPANSA-File-DataClass
- CPANSA-File-Path
- CPANSA-HTTP-Tiny
- CPANSA-Imager
- CPANSA-PathTools
[FEATURES]
- new installed command to audit all installed modules
- cpan.snapshot support by Takumi Akiyama (github.com/akiym)
0.02 2018-10-09T08:24:36Z
- support perl 5.8
0.01 2018-10-08T06:39:07Z
- original version