| Subject: | security vulnerabilities discovered on Net::SSLeay modules |
| Date: | Sat, 12 Oct 2019 06:20:38 +0000 |
| To: | bug-Net-SSLeay [...] rt.cpan.org |
| From: | "Jun Hua Bie" <biejunh [...] cn.ibm.com> |
Hello Net::SSLeay bug team,
We are using Strawberry Perl 5.30.0.1 and some Perl modules on our
application, according to company's security policy, we ran static code
scanning for these open source code, but some security vulnerabilities are
discovered during scanning.
Net::SSLeay::Handle
CWE: 266
API: Missing Setuid
Caller:
src\perl32\vendor\lib\Net\SSLeay\Handle.pm at line 107 call :write($ssl,
$msg)
src\perl32\vendor\lib\Net\SSLeay\Handle.pm at line 149 call :write($ssl,
substr($buf, $offset, $len)
src\perl32\vendor\lib\Net\SSLeay\Handle.pm at line 156 call
"close($fileno)
src\perl32\vendor\lib\Net\SSLeay\Handle.pm at line 232 call
select($old_select)
src\perl64\vendor\lib\Net\SSLeay\Handle.pm at line 149 call :write($ssl,
substr($buf, $offset, $len)
src\perl64\vendor\lib\Net\SSLeay\Handle.pm at line 156 call
"close($fileno)
src\perl64\vendor\lib\Net\SSLeay\Handle.pm at line 232 call
select($socket)
src\perl64\vendor\lib\Net\SSLeay\Handle.pm at line 107 call :write($ssl,
$msg)
src\perl64\vendor\lib\Net\SSLeay\Handle.pm at line 232 call
select($old_select)
src\perl32\vendor\lib\Net\SSLeay\Handle.pm at line 232 call
select($socket)
For the details, please refer to following reporting:
Do you have any solution to fix these security issues ? It is very
urgent for us to fix these issues for our project, could you take it as
high priority ?
Thanks in advance !
Best Regards,
Jun Hua Bie
Senior IT Specialist
Global Technical Service
IBM Service
Mobile: +86-138-2370-2390
mailto:biejunh@cn.ibm.com
Message body is not shown because sender requested not to inline it.