Bug#606370: marked as done (CVE-2010-2761 CVE-2010-4410 CVE-2010-4411)

[Debian Bug Tracking System]

Your message dated Fri, 14 Jan 2011 01:54:42 +0000
with message-id <e1pdyse-0006in...@franck.debian.org>
and subject line Bug#606370: fixed in libcgi-pm-perl 3.38-2lenny2
has caused the Debian Bug report #606370,
regarding CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
606370: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606370
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libcgi-pm-perl
Version: 3.49-1
Severity: grave
Tags: security

Three security issues have been reported in libcgi-pm-perl:

http://security-tracker.debian.org/tracker/CVE-2010-2761 
http://security-tracker.debian.org/tracker/CVE-2010-4410
http://security-tracker.debian.org/tracker/CVE-2010-4411

The first two issues are fixed in 3.50 (already in sid), but
the second is still pending a final fix (see the referenced
link). Please get in touch with the release team to check,
whether migrating 3.50 plus the fix for CVE-2010-4411 or
uploading a tpu fix with 3.49 plus the security fixes is the
best way to resolve this.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

--- End Message ---

--- Begin Message ---

Source: libcgi-pm-perl
Source-Version: 3.38-2lenny2

We believe that the bug you reported is fixed in the latest version of
libcgi-pm-perl, which is due to be installed in the Debian FTP archive:

libcgi-pm-perl_3.38-2lenny2.diff.gz
  to main/libc/libcgi-pm-perl/libcgi-pm-perl_3.38-2lenny2.diff.gz
libcgi-pm-perl_3.38-2lenny2.dsc
  to main/libc/libcgi-pm-perl/libcgi-pm-perl_3.38-2lenny2.dsc
libcgi-pm-perl_3.38-2lenny2_all.deb
  to main/libc/libcgi-pm-perl/libcgi-pm-perl_3.38-2lenny2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <gre...@debian.org> (supplier of updated libcgi-pm-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 13 Jan 2011 22:49:36 +0100
Source: libcgi-pm-perl
Binary: libcgi-pm-perl
Architecture: source all
Version: 3.38-2lenny2
Distribution: stable
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: gregor herrmann <gre...@debian.org>
Description: 
 libcgi-pm-perl - Simple Common Gateway Interface Class
Closes: 606370
Changes: 
 libcgi-pm-perl (3.38-2lenny2) stable; urgency=low
 .
   * [SECURITY] Add a patch with the backported fixes for CVE-2010-2761,
     CVE-2010-4410, and CVE-2010-4411; thanks to Niko Tyni for preparing the
     patch (closes: #606370).
Checksums-Sha1: 
 9e493b2d93faf7df0e87fb3a8e4063a0bf54f3c2 2003 libcgi-pm-perl_3.38-2lenny2.dsc
 3c9d7c995b5674f9d4b22602bf1a69fb3273b7e3 6548 
libcgi-pm-perl_3.38-2lenny2.diff.gz
 aa6e0bfb7b46915d42799768e48d467dcf5388ea 196116 
libcgi-pm-perl_3.38-2lenny2_all.deb
Checksums-Sha256: 
 86da4f977329d33891ddd8f2061101c485261eab6fcf531ccab44319b062accf 2003 
libcgi-pm-perl_3.38-2lenny2.dsc
 42618966e5037879ad089c1b883472e34379753aeca0cc49202c74d80c076f88 6548 
libcgi-pm-perl_3.38-2lenny2.diff.gz
 8096e7239dc243ee5e45984b74b6b9b7cb6e8939bfa3095a77cadbdfc35b6d28 196116 
libcgi-pm-perl_3.38-2lenny2_all.deb
Files: 
 779a7908bf6c27447ced84b79b922416 2003 perl optional 
libcgi-pm-perl_3.38-2lenny2.dsc
 6ffb2eedf0ade187743cda90b8e12eae 6548 perl optional 
libcgi-pm-perl_3.38-2lenny2.diff.gz
 52ed267dfc4cc56954ca4e84a604e14c 196116 perl optional 
libcgi-pm-perl_3.38-2lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJNL3PXAAoJELs6aAGGSaoGwdsP/j23lQ9icHR8R9vmVW9hwmdH
XGG0YowA4bMRqaezXrBI5y5dUuMmuHp2bh3MrBxYwGle+lHnPrO+/wKiCUrCEVpk
C35bGsLkNKGDxmtOiMLqSCGiECkM/oDpdgmmn/PGb11IwIw+bPKotCKFnE0r4l3u
QW8SxCbzCIpZ7Kt76N2Nhj2UDIcGmmO47fY4voizKyUtDxJcyXoCOI+cT3ZfcrAC
f9Ob6wfI0/JEw7KX/yB5O+xlf1wuHLMnOTQZzDYksMche9Q5KjTjJ6Ql7fZI+5pr
g0WwS+TaoYxzdL0lYVXcoBqMuvKfhk01J5WP/T5L2cThIIXargsMi4Fnxt52QNZV
BajNFmdhk44i7T0KFZ/WM/21giD8jFQQhi4+yAcoMx7MeEazvGTm2xGjQwZUxFGf
23YOiypUAN3ervBwnCFKDqLjpk51vHvnQcV0lvy8EOJgH+dIHva548P9IvyMacs5
Wm23zzGctnn/Yaasn0yc0yPryfYkObLYZtpbRBHhTNZZ9QW91mmR4mtITocPiTFv
TOqrvPf3hfUHqxCsrYYQhsGzF5kxjjgiBzmCs3S3U3oDxrEAPwwIIbNiDQi1pdXV
x1cZ93+dx/icsv7YjEcq8yA8apaNKVVxSFrRz+CepRK6aZscggS4PFvF7eEV+M5B
1gl2K7QaN2BZQh35F7PZ
=VXGV
-----END PGP SIGNATURE-----

--- End Message ---