Your message dated Mon, 17 Jan 2011 13:57:12 +0000
with message-id <e1pepa4-0005bh...@franck.debian.org>
and subject line Bug#606995: fixed in perl 5.10.0-19lenny3
has caused the Debian Bug report #606995,
regarding CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
606995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606995
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libcgi-pm-perl
Version: 3.49-1
Severity: grave
Tags: security
Three security issues have been reported in libcgi-pm-perl:
http://security-tracker.debian.org/tracker/CVE-2010-2761
http://security-tracker.debian.org/tracker/CVE-2010-4410
http://security-tracker.debian.org/tracker/CVE-2010-4411
The first two issues are fixed in 3.50 (already in sid), but
the second is still pending a final fix (see the referenced
link). Please get in touch with the release team to check,
whether migrating 3.50 plus the fix for CVE-2010-4411 or
uploading a tpu fix with 3.49 plus the security fixes is the
best way to resolve this.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.10.0-19lenny3
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:
libcgi-fast-perl_5.10.0-19lenny3_all.deb
to main/p/perl/libcgi-fast-perl_5.10.0-19lenny3_all.deb
libperl-dev_5.10.0-19lenny3_amd64.deb
to main/p/perl/libperl-dev_5.10.0-19lenny3_amd64.deb
libperl5.10_5.10.0-19lenny3_amd64.deb
to main/p/perl/libperl5.10_5.10.0-19lenny3_amd64.deb
perl-base_5.10.0-19lenny3_amd64.deb
to main/p/perl/perl-base_5.10.0-19lenny3_amd64.deb
perl-debug_5.10.0-19lenny3_amd64.deb
to main/p/perl/perl-debug_5.10.0-19lenny3_amd64.deb
perl-doc_5.10.0-19lenny3_all.deb
to main/p/perl/perl-doc_5.10.0-19lenny3_all.deb
perl-modules_5.10.0-19lenny3_all.deb
to main/p/perl/perl-modules_5.10.0-19lenny3_all.deb
perl-suid_5.10.0-19lenny3_amd64.deb
to main/p/perl/perl-suid_5.10.0-19lenny3_amd64.deb
perl_5.10.0-19lenny3.diff.gz
to main/p/perl/perl_5.10.0-19lenny3.diff.gz
perl_5.10.0-19lenny3.dsc
to main/p/perl/perl_5.10.0-19lenny3.dsc
perl_5.10.0-19lenny3_amd64.deb
to main/p/perl/perl_5.10.0-19lenny3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 15 Jan 2011 08:13:26 +0200
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid
libperl5.10 libperl-dev perl
Architecture: source all amd64
Version: 5.10.0-19lenny3
Distribution: stable
Urgency: low
Maintainer: Brendan O'Dea <b...@debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl-dev - Perl library: development files
libperl5.10 - Shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - Debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules - Core Perl modules
perl-suid - Runs setuid Perl scripts
Closes: 582978 606995
Changes:
perl (5.10.0-19lenny3) stable; urgency=low
.
* [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411:
fix CGI.pm MIME boundary and multiline header vulnerabilities.
(Closes: #606995)
* [SECURITY] CVE-2010-1168: Update to Safe-2.25, fixing code injection
and execution vulnerabilities. (Closes: #582978)
Checksums-Sha1:
0b66329682ab539ab189ed6d2ad217a35319bd0a 1332 perl_5.10.0-19lenny3.dsc
b6d041f7d9085dfff15f13a576503905bdf16e3d 162036 perl_5.10.0-19lenny3.diff.gz
536e59a3e0039c9b52754d1d80c9590deb854afb 44828
libcgi-fast-perl_5.10.0-19lenny3_all.deb
35195b56035e8fffdc44ebad327a05207073dd67 8220292
perl-doc_5.10.0-19lenny3_all.deb
c695c3e844c2b8527da1ef30ae6273442ddf48eb 3190914
perl-modules_5.10.0-19lenny3_all.deb
2b53b277b9202f7104771bcd327cecefab75ba22 1044220
perl-base_5.10.0-19lenny3_amd64.deb
90b5ddad0f0828cf2b6f7dd2cdd006f451e88908 5537506
perl-debug_5.10.0-19lenny3_amd64.deb
7585737953d9054c594f2d8bfce1a32627d2ca11 31440
perl-suid_5.10.0-19lenny3_amd64.deb
3e8b16e93bb8a23f6659ae3eddcd575037efa69c 1014
libperl5.10_5.10.0-19lenny3_amd64.deb
9c3f94c995756573d868cb0642116311cd9196d5 2595602
libperl-dev_5.10.0-19lenny3_amd64.deb
a47615a859fccc0895993135cfe206e902db659c 5238826 perl_5.10.0-19lenny3_amd64.deb
Checksums-Sha256:
f6f482d470be3bd2e7b5bb1cad919474a587e2dd78bca6444f3188ee5cfcbf6f 1332
perl_5.10.0-19lenny3.dsc
347c0997d0ba0666e5bd607b10f9401d31902946a4064aa9dbd0f8813f50fc62 162036
perl_5.10.0-19lenny3.diff.gz
0b9e025343637dad09ad5166ed065e10c1d4dc6abcc05004d69ef0d8fa0a43a9 44828
libcgi-fast-perl_5.10.0-19lenny3_all.deb
ddf710f4b12681e493d64333be622c3f376cf6ca8c7c421d27304bf233a5030a 8220292
perl-doc_5.10.0-19lenny3_all.deb
13f1c2b8d338d9c1306cfb8f03368910c4597d0a24d849b37cf43719f9487f01 3190914
perl-modules_5.10.0-19lenny3_all.deb
8c33a70014cf70cbe6e6edeaac21d71ae0949dc1aa166f0523e1422703a1b274 1044220
perl-base_5.10.0-19lenny3_amd64.deb
8b20f80dcca5548c1fe9c0d4333c7e1fa78f85ca8f0d18d184790bfbb4356e06 5537506
perl-debug_5.10.0-19lenny3_amd64.deb
bedcd49c21a7295a4388e110dc03d6c53e55942d6ecfd63ddc4ba482fc263198 31440
perl-suid_5.10.0-19lenny3_amd64.deb
15ab2fd097707b76a3a9c695fd476a978be3da7ebb9670859065d409ec719785 1014
libperl5.10_5.10.0-19lenny3_amd64.deb
4ba06fc1754f37eefa4f475113c5559178523873775fc02c17f31931dc4539bb 2595602
libperl-dev_5.10.0-19lenny3_amd64.deb
b223a599801801c6e196d357000a59160f0bcbafd5344208824235e6cc06eb2a 5238826
perl_5.10.0-19lenny3_amd64.deb
Files:
097d9dd168a6596e4e30b9183bc1cd86 1332 perl standard perl_5.10.0-19lenny3.dsc
db83f9b02b847dfa4a5ce81c7d55ee81 162036 perl standard
perl_5.10.0-19lenny3.diff.gz
bd34a8bffabe3e0759c171c7322037c1 44828 perl optional
libcgi-fast-perl_5.10.0-19lenny3_all.deb
6778bfaf914849ce677852c35fbf21d3 8220292 doc optional
perl-doc_5.10.0-19lenny3_all.deb
4ec2b50e961a0e222af7dfd6b5714f48 3190914 perl standard
perl-modules_5.10.0-19lenny3_all.deb
c44d3514eb109f141033d6dea71a8fa3 1044220 perl required
perl-base_5.10.0-19lenny3_amd64.deb
424e6087343889afd1e92a2caed5d143 5537506 perl optional
perl-debug_5.10.0-19lenny3_amd64.deb
ab508ad51a5d146c2d952e4aadc858c5 31440 perl optional
perl-suid_5.10.0-19lenny3_amd64.deb
4cb204d4c1ec092ada8ca3ab8d154868 1014 libs optional
libperl5.10_5.10.0-19lenny3_amd64.deb
25c04c553574db905d8b535207df6562 2595602 libdevel optional
libperl-dev_5.10.0-19lenny3_amd64.deb
2d9a4b8a91f0223fd0827c718d050a21 5238826 perl standard
perl_5.10.0-19lenny3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk00BtMACgkQiyizGWoHLTnlwgCgvuXuciBklQt/D4QvaBkSBMim
5mgAmwTMF3SIPXHFxtrfJS/nfKwxyI8w
=93wt
-----END PGP SIGNATURE-----
--- End Message ---
