Your message dated Wed, 28 May 2025 10:19:10 +0000
with message-id <e1ukdsm-000fj0...@fasolo.debian.org>
and subject line Bug#1106699: fixed in libnet-cidr-set-perl 0.15-1
has caused the Debian Bug report #1106699,
regarding libnet-cidr-set-perl: CVE-2025-40911
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1106699: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106699
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libnet-cidr-set-perl
Version: 0.13-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 0.13-4
Hi,
The following vulnerability was published for libnet-cidr-set-perl.
CVE-2025-40911[0]:
| Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly
| handle leading zero characters in IP CIDR address strings, which
| could allow attackers to bypass access control that is based on IP
| addresses. Leading zeros are used to indicate octal numbers, which
| can confuse users who are intentionally using octal notation, as
| well as users who believe they are using decimal notation.
| Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar
| vulnerability CVE-2021-47154.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-40911
https://www.cve.org/CVERecord?id=CVE-2025-40911
[1]
https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libnet-cidr-set-perl
Source-Version: 0.15-1
Done: Roland Rosenfeld <rol...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libnet-cidr-set-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1106...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Rosenfeld <rol...@debian.org> (supplier of updated libnet-cidr-set-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 28 May 2025 11:51:45 +0200
Source: libnet-cidr-set-perl
Architecture: source
Version: 0.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Roland Rosenfeld <rol...@debian.org>
Closes: 1106699
Changes:
libnet-cidr-set-perl (0.15-1) unstable; urgency=medium
.
* New upstream version, fixes CVE-2025-40911 (Closes: #1106699).
* New upstream maintainer (adapted upstream/metadata, d/copyright).
* Declare compliance with Debian Policy 4.7.2.
Checksums-Sha1:
3b90663cf18292dd06d442cdeef2fb16ceda39b6 2133 libnet-cidr-set-perl_0.15-1.dsc
6f9f00557f2839864f31764fd7632987fbe44bea 14038
libnet-cidr-set-perl_0.15.orig.tar.gz
f840f0be4e00fdc0d108f91328bb20d87b3a4314 3048
libnet-cidr-set-perl_0.15-1.debian.tar.xz
207935aeecd616a64bf86514c36c2014938057de 6444
libnet-cidr-set-perl_0.15-1_source.buildinfo
Checksums-Sha256:
892d04baec7ca403462cef94efdf9b202000e669d89878b68f419005678e2308 2133
libnet-cidr-set-perl_0.15-1.dsc
e6321dd1d321eb885768528fe7001cafc936461e992afd2cf26ac20bc8f8e2e1 14038
libnet-cidr-set-perl_0.15.orig.tar.gz
4a0b626b23133093ddb5d02ed48522d8f73a422a1859e6ec2c95af6aca4bde62 3048
libnet-cidr-set-perl_0.15-1.debian.tar.xz
a198fd941449dc953c2db543330b3b8d2235992386e9d3f07d7f49c148b60bd6 6444
libnet-cidr-set-perl_0.15-1_source.buildinfo
Files:
b0844edab981970c4bb581875d22dbdf 2133 perl optional
libnet-cidr-set-perl_0.15-1.dsc
82972dd3df71ab278da987613bc8cd6c 14038 perl optional
libnet-cidr-set-perl_0.15.orig.tar.gz
a2f0a3a4060bb5f6744906a82669d205 3048 perl optional
libnet-cidr-set-perl_0.15-1.debian.tar.xz
aa3d561e102c762698ea22650d3254d5 6444 perl optional
libnet-cidr-set-perl_0.15-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAmg23NsACgkQAnE7z8pU
ELKmBA//SEjNn6y3f1cWBqGDmJVkrgvNfmKgKo78Q8pgQd9RHbGfPpGWsSpdPgNy
+YH3ndLGwJK21K85gtNz/LoS2zRbjuL+PbVDPBBt3t+1l7h3hLpPw0HFHrJ4sUde
3bHqeqmS+/giTWjym/PNp324piuVR+i6+WWx5AowIHzEUYqQV5kojg/ht8O4QZXX
50NpfvX3PZbIlq59V7UMPryWNIS84vUZF8ovIuZGdkT0PmEhXtJjPeLaii4wlgjJ
6ymyfjGG7zzUxHspicOJyYPzCKXOUZOEERgUgxV4waHup/rKAQZ7ntsAkIPjMtAO
jQcIC+qk43JU7fDwc4cTKk2Z+cYuy5iZuEhqtxsMu150BFBXtT/mcsmkGKrlS4gj
LqBUCT0a06W/4aovPHR9zx2V9oOG86mlkvk53mPMR7xME0el4BlXZbCer4XsJpkj
tWu/HX5E/cWYcAuv+m6rJZ6dDpi1qzSm0ESG9AzCmg+R1fHvWpv4f0Y8pfY1OSIz
z1dez+cTF4y0KeHq5pGQ57GXID1WdSkK01+LYpaHEUnCSg+UN6Sf2M2WTRdrUfzJ
O8b5Mv5DxpeD+tGp74Olu0utSKgTtT51dQvaUUFelte/dVNrWFjdC79P7mk2V/VC
QJm9/S1waD+hIusGHgfLaXk1u5z9mEWIgnxXVoZrrSJn5WKrJP4=
=9S1Z
-----END PGP SIGNATURE-----
pgp3kRBDjMpj6.pgp
Description: PGP signature
--- End Message ---
