Bug#606995: marked as done (CVE-2010-2761 CVE-2010-4410 CVE-2010-4411)

Fri, 07 Jan 2011 04:51:38 -0800 

Your message dated Fri, 07 Jan 2011 12:47:37 +0000
with message-id <e1pbbjf-0004bw...@franck.debian.org>
and subject line Bug#606995: fixed in perl 5.10.1-17
has caused the Debian Bug report #606995,
regarding CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
606995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606995
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libcgi-pm-perl
Version: 3.49-1
Severity: grave
Tags: security

Three security issues have been reported in libcgi-pm-perl:

http://security-tracker.debian.org/tracker/CVE-2010-2761 
http://security-tracker.debian.org/tracker/CVE-2010-4410
http://security-tracker.debian.org/tracker/CVE-2010-4411

The first two issues are fixed in 3.50 (already in sid), but
the second is still pending a final fix (see the referenced
link). Please get in touch with the release team to check,
whether migrating 3.50 plus the fix for CVE-2010-4411 or
uploading a tpu fix with 3.49 plus the security fixes is the
best way to resolve this.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

--- End Message ---
--- Begin Message --- 
Source: perl
Source-Version: 5.10.1-17

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.10.1-17_all.deb
  to main/p/perl/libcgi-fast-perl_5.10.1-17_all.deb
libperl-dev_5.10.1-17_amd64.deb
  to main/p/perl/libperl-dev_5.10.1-17_amd64.deb
libperl5.10_5.10.1-17_amd64.deb
  to main/p/perl/libperl5.10_5.10.1-17_amd64.deb
perl-base_5.10.1-17_amd64.deb
  to main/p/perl/perl-base_5.10.1-17_amd64.deb
perl-debug_5.10.1-17_amd64.deb
  to main/p/perl/perl-debug_5.10.1-17_amd64.deb
perl-doc_5.10.1-17_all.deb
  to main/p/perl/perl-doc_5.10.1-17_all.deb
perl-modules_5.10.1-17_all.deb
  to main/p/perl/perl-modules_5.10.1-17_all.deb
perl-suid_5.10.1-17_amd64.deb
  to main/p/perl/perl-suid_5.10.1-17_amd64.deb
perl_5.10.1-17.debian.tar.gz
  to main/p/perl/perl_5.10.1-17.debian.tar.gz
perl_5.10.1-17.dsc
  to main/p/perl/perl_5.10.1-17.dsc
perl_5.10.1-17_amd64.deb
  to main/p/perl/perl_5.10.1-17_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 07 Jan 2011 13:57:42 +0200
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid 
libperl5.10 libperl-dev perl
Architecture: source all amd64
Version: 5.10.1-17
Distribution: unstable
Urgency: medium
Maintainer: Niko Tyni <nt...@debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.10 - shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
 perl-suid  - runs setuid Perl scripts
Closes: 606995
Changes: 
 perl (5.10.1-17) unstable; urgency=medium
 .
   * [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411:
     fix CGI.pm MIME boundary and multiline header vulnerabilities.
     (Closes: #606995)
Checksums-Sha1: 
 4daa77219e7fd793f5d57f30d594fec341489e2b 1388 perl_5.10.1-17.dsc
 77a0cba1771854e86b8d0bd3f90b296b2b5306b5 115432 perl_5.10.1-17.debian.tar.gz
 aadc33c4d040e9bacdb731f1401750ce71a0eafe 53128 
libcgi-fast-perl_5.10.1-17_all.deb
 25d472cc2db59d6c0f41e985143a1a6c32d1b103 7188412 perl-doc_5.10.1-17_all.deb
 f7035d6bec5d2cc550d6850663eb12296b574c11 3481764 perl-modules_5.10.1-17_all.deb
 ef43aeb0b34e628e4ef7907e04b12430c1971da4 1066032 perl-base_5.10.1-17_amd64.deb
 fc26b8781ed2ec5d1a8d711e8f8d2d1b925f34b3 5836008 perl-debug_5.10.1-17_amd64.deb
 3e20035743dc2aece1995060cff93df96a8d950b 34980 perl-suid_5.10.1-17_amd64.deb
 bd69f5a5e9e29127b68d3538338bb05dd46d1553 1150 libperl5.10_5.10.1-17_amd64.deb
 ed5a41b9511cd01ebc167739a3e28adee21ddc78 2562480 
libperl-dev_5.10.1-17_amd64.deb
 3ab89612ed87cdb8226ee5fc54e93fa259942bfb 4461110 perl_5.10.1-17_amd64.deb
Checksums-Sha256: 
 761ce6d4650ae201502528af6c62fd7297a8a5f97bfb78cc78b2b65c3937fa2c 1388 
perl_5.10.1-17.dsc
 9905353ec97f0026e5120ef7b06e393451de5bf28ece322cd03113959f7238bb 115432 
perl_5.10.1-17.debian.tar.gz
 ba347c4c04a27ac585b54021cae9b6909543ec5c95bb5633f6007919e001f94f 53128 
libcgi-fast-perl_5.10.1-17_all.deb
 6c7d2a89ba8f2bd0130ee956f659882b03422efe94941c673ec5334aa3b36dbb 7188412 
perl-doc_5.10.1-17_all.deb
 a1d4c13a0ef99b659af8e359293f38ea0984342c749559bfa46c45f64a06821c 3481764 
perl-modules_5.10.1-17_all.deb
 e3aa5253670438223c5e58bfb797ab78ccc30d07ef46487985faef28903a049c 1066032 
perl-base_5.10.1-17_amd64.deb
 3605a802b30ba4c6d2269051dc293784fe293039668bad5314fafc303f15d771 5836008 
perl-debug_5.10.1-17_amd64.deb
 1ca36f02699354abbf31631379a82e30239d924497152d3a6dcb53d2b2b22d3f 34980 
perl-suid_5.10.1-17_amd64.deb
 7477ef0bf7087205fb7efce41f91de8c720daa2457533e62a489b9c75e5938b4 1150 
libperl5.10_5.10.1-17_amd64.deb
 b68a22d3a96d903f7409742cfdaa0022db4e840bcccdf559a002f82c5de85a94 2562480 
libperl-dev_5.10.1-17_amd64.deb
 a7dfb95d76f2d5615b26539814307e05b91e04080e4c0671dc9bb601d4e9d62a 4461110 
perl_5.10.1-17_amd64.deb
Files: 
 51fef53c9aa20aafa64dd458028a85fd 1388 perl standard perl_5.10.1-17.dsc
 996c968f3fc4af33a775b63621e814f1 115432 perl standard 
perl_5.10.1-17.debian.tar.gz
 947477ab1d611d9c8ef81642bdcd28cd 53128 perl optional 
libcgi-fast-perl_5.10.1-17_all.deb
 aba38e6261a7d2c76532945eb85347f5 7188412 doc optional 
perl-doc_5.10.1-17_all.deb
 17d45cb59f779082c993bca6061cfd6a 3481764 perl standard 
perl-modules_5.10.1-17_all.deb
 4b48e331891e5c2a158d17f84304af01 1066032 perl required 
perl-base_5.10.1-17_amd64.deb
 61245fad6a8ca0be9c2f30c7754fe09a 5836008 debug extra 
perl-debug_5.10.1-17_amd64.deb
 53d32cc70be49a7b2fd93d64f6e11ea3 34980 perl optional 
perl-suid_5.10.1-17_amd64.deb
 6153dc6b08477a8c08429b3e4c8d9344 1150 libs optional 
libperl5.10_5.10.1-17_amd64.deb
 527ca0443a3b6685f83bdff343ec363f 2562480 libdevel optional 
libperl-dev_5.10.1-17_amd64.deb
 389f7f157b46be11b98322d61d4ed2e7 4461110 perl standard perl_5.10.1-17_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0nB9UACgkQiyizGWoHLTnB7QCgrkSLylGo9ctfDinhqQfbWwV+
+AwAn1F+t5/GRDc3iyxb8ekq6OfXq99h
=Z8ev
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to