CVE-2025-27552

NameCVE-2025-27552
DescriptionDBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libdbix-class-encodedcolumn-perl (PTS)bullseye0.00020-1vulnerable
bookworm0.00020-2vulnerable
sid, trixie0.00020-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libdbix-class-encodedcolumn-perlsource(unstable)0.00020-3

Notes

[bookworm] - libdbix-class-encodedcolumn-perl <ignored> (Minor issue, too intrusive to backport)
[bullseye] - libdbix-class-encodedcolumn-perl <postponed> (Minor issue, leaf package, fix requires libcrypt-urandom-token-perl or a replacement)
https://github.com/wreis/DBIx-Class-EncodedColumn/commit/5e9e51f574f7e64e8c014e9e4f00ee8fd87a5335 (0.11)
Search for package or bug name: Reporting problems