- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2026-06-27 14:11:06 UTC
- Severity:
- normal
- Tags:
Hi [ Reason ] libbytes-random-secure-perl is affected by CVE-2026-11625, that were an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. [ Impact ] Secrets generated in multiprocess applications are predictable across processes. [ Tests ] Running test suite and done a debusine upload as well as https://debusine.debian.net/debian/developers/work-request/894435/ [ Risks ] The upstream pull request is not yet merged, but the patch referenced in the CPAN security advisory and taken from there. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] [ Other info ] Nothing special. Regards, Salvatore
package release.debian.org tags 1140810 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: libbytes-random-secure-perl Version: 0.29-4~deb13u1~deb12u1 Explanation: fix incorrect usage of seed in PRNG [CVE-2026-11625]
package release.debian.org tags 1140810 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: libbytes-random-secure-perl Version: 0.29-4~deb13u1~deb12u1 Explanation: fix incorrect usage of seed in PRNG [CVE-2026-11625]