CVE-2013-10031

NameCVE-2013-10031
DescriptionPlack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libplack-middleware-session-perl (PTS)bullseye0.33-1fixed
bookworm0.33-2fixed
trixie0.34-1fixed
forky, sid0.36-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libplack-middleware-session-perlsource(unstable)0.21-1

Notes

https://lists.security.metacpan.org/cve-announce/msg/35012183/
Fixed by: https://github.com/plack/Plack-Middleware-Session/commit/b7f0252269ba1bb812b5dc02303754fe94c808e4 (0.17)
Search for package or bug name: Reporting problems