CVE-2020-16156 – perl-CPAN: Bypass of verification of signatures in CHECKSUMS files

https://notcve.org/view.php?id=CVE-2020-16156

13 Dec 2021 — CPAN 2.28 allows Signature Verification Bypass. CPAN versión 2.28, permite una Omisión de Verificación de Firmas A flaw was found in the way the perl-CPAN performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by a user, or a man-in-the-middle attacker, could use this flaw to bypass signature verification. USN-5689-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 22.10. • http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html • CWE-347: Improper Verification of Cryptographic Signature •