ELA-1366-1 libdata-entropy-perl security update

insecure entropy source

2025-03-31
Packagelibdata-entropy-perl
Version0.007-3.1+deb11u1~deb10u1 (buster)
Related CVEs CVE-2025-1860


The perl module Data::Entropy was using the cryptographically insecure rand() function as the default entropy source.



For Debian 10 buster, these problems have been fixed in version 0.007-3.1+deb11u1~deb10u1.

We recommend that you upgrade your libdata-entropy-perl packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.