NIXPKGS-2025-0010 published on 1 Nov 2025 CVE-2025-40920 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse accepted as draft 2 months, 2 weeks ago @LeSuisse published on GitHub 2 months, 2 weeks ago Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616. Affected products Catalyst-Authentication-Credential-HTTP =<1.018 Matching in nixpkgs pkgs.perlPackages.CatalystAuthenticationCredentialHTTP HTTP Basic and Digest authentication for Catalyst nixos-unstable - nixpkgs-unstable 1.018 pkgs.perl538Packages.CatalystAuthenticationCredentialHTTP HTTP Basic and Digest authentication for Catalyst nixos-unstable - nixpkgs-unstable 1.018 pkgs.perl540Packages.CatalystAuthenticationCredentialHTTP HTTP Basic and Digest authentication for Catalyst nixos-unstable - nixpkgs-unstable 1.018
CVE-2025-40920 updated 2 months, 2 weeks ago by @LeSuisse Activity log Created automatic suggestion 4 months ago @LeSuisse accepted as draft 2 months, 2 weeks ago @LeSuisse published on GitHub 2 months, 2 weeks ago Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616. Affected products Catalyst-Authentication-Credential-HTTP =<1.018 Matching in nixpkgs pkgs.perlPackages.CatalystAuthenticationCredentialHTTP HTTP Basic and Digest authentication for Catalyst nixos-unstable - nixpkgs-unstable 1.018 pkgs.perl538Packages.CatalystAuthenticationCredentialHTTP HTTP Basic and Digest authentication for Catalyst nixos-unstable - nixpkgs-unstable 1.018 pkgs.perl540Packages.CatalystAuthenticationCredentialHTTP HTTP Basic and Digest authentication for Catalyst nixos-unstable - nixpkgs-unstable 1.018
pkgs.perlPackages.CatalystAuthenticationCredentialHTTP HTTP Basic and Digest authentication for Catalyst nixos-unstable - nixpkgs-unstable 1.018
pkgs.perl538Packages.CatalystAuthenticationCredentialHTTP HTTP Basic and Digest authentication for Catalyst nixos-unstable - nixpkgs-unstable 1.018
pkgs.perl540Packages.CatalystAuthenticationCredentialHTTP HTTP Basic and Digest authentication for Catalyst nixos-unstable - nixpkgs-unstable 1.018