Your message dated Sun, 06 Feb 2011 11:23:29 +0000
with message-id <e1pm2ih-00016p...@franck.debian.org>
and subject line Bug#606995: fixed in perl 5.12.3-1
has caused the Debian Bug report #606995,
regarding CVE-2010-2761 CVE-2010-4410 CVE-2010-4411
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
606995: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606995
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libcgi-pm-perl
Version: 3.49-1
Severity: grave
Tags: security
Three security issues have been reported in libcgi-pm-perl:
http://security-tracker.debian.org/tracker/CVE-2010-2761
http://security-tracker.debian.org/tracker/CVE-2010-4410
http://security-tracker.debian.org/tracker/CVE-2010-4411
The first two issues are fixed in 3.50 (already in sid), but
the second is still pending a final fix (see the referenced
link). Please get in touch with the release team to check,
whether migrating 3.50 plus the fix for CVE-2010-4411 or
uploading a tpu fix with 3.49 plus the security fixes is the
best way to resolve this.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.12.3-1
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:
libcgi-fast-perl_5.12.3-1_all.deb
to main/p/perl/libcgi-fast-perl_5.12.3-1_all.deb
libperl-dev_5.12.3-1_amd64.deb
to main/p/perl/libperl-dev_5.12.3-1_amd64.deb
libperl5.12_5.12.3-1_amd64.deb
to main/p/perl/libperl5.12_5.12.3-1_amd64.deb
perl-base_5.12.3-1_amd64.deb
to main/p/perl/perl-base_5.12.3-1_amd64.deb
perl-debug_5.12.3-1_amd64.deb
to main/p/perl/perl-debug_5.12.3-1_amd64.deb
perl-doc_5.12.3-1_all.deb
to main/p/perl/perl-doc_5.12.3-1_all.deb
perl-modules_5.12.3-1_all.deb
to main/p/perl/perl-modules_5.12.3-1_all.deb
perl_5.12.3-1.debian.tar.gz
to main/p/perl/perl_5.12.3-1.debian.tar.gz
perl_5.12.3-1.dsc
to main/p/perl/perl_5.12.3-1.dsc
perl_5.12.3-1_amd64.deb
to main/p/perl/perl_5.12.3-1_amd64.deb
perl_5.12.3.orig.tar.bz2
to main/p/perl/perl_5.12.3.orig.tar.bz2
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 06 Feb 2011 11:31:38 +0200
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.12
libperl-dev perl
Architecture: source all amd64
Version: 5.12.3-1
Distribution: experimental
Urgency: low
Maintainer: Niko Tyni <nt...@debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl-dev - Perl library: development files
libperl5.12 - shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules - Core Perl modules
Closes: 603686 606995 608385
Changes:
perl (5.12.3-1) experimental; urgency=low
.
[ Dominic Hargreaves ]
* Add Conflicts, Replaces, Provides for libencode-perl which is
being packaged separately. (Closes: #608385)
.
[ Niko Tyni ]
* New upstream release.
+ [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411:
fixes CGI.pm MIME boundary and multiline header vulnerabilities.
(Closes: #606995)
+ Update the conflict versions for libmodule-corelist-perl,
libmodule-build-perl, and libcgi-pm-perl.
* Don't traverse the current directory with "enc2xs -C". (Closes: #603686)
* Use versioned breaks instead of versioned conflicts, as suggested by
lintian. The sole exception is safe-rm, whose older versions we never
want unpacked at the same time because they break maintainer scripts.
Checksums-Sha1:
a1f5e7b5570ff79e852d1b70653130b2d96787e8 1458 perl_5.12.3-1.dsc
86d77c6cbc7a60068dc14c88ffd0729324d1174f 12041247 perl_5.12.3.orig.tar.bz2
78950a457f77ccf525b9f17adc1b94667f0c95f3 88242 perl_5.12.3-1.debian.tar.gz
02742c7272741a6ec709d277ccb53a39858713ee 54514
libcgi-fast-perl_5.12.3-1_all.deb
267c4cfdaad150c9e5785b7f49831e79b49eef7b 7512604 perl-doc_5.12.3-1_all.deb
6fc3d6a6de9785a6e692a1e770758bb6f5c05a13 4760054 perl-modules_5.12.3-1_all.deb
2f43310a4391f2dc5138d15b0361d6b12ca81d60 1482424 perl-base_5.12.3-1_amd64.deb
35f9728bde9cedecb3566b62a4979ffac7ee7bf6 5892838 perl-debug_5.12.3-1_amd64.deb
3db7e0654fe42cfe5a5e70ae1b2e48abe2e4bb8e 1150 libperl5.12_5.12.3-1_amd64.deb
2266dccc3900affcc1c3ef091832fb2784106846 2573650 libperl-dev_5.12.3-1_amd64.deb
f80e0c51ed3b6cb60699159c182a1d5f6aff1154 4221320 perl_5.12.3-1_amd64.deb
Checksums-Sha256:
bd336c273c01b8aa3ffa6cd47ca3543ef267871b8850a82efa292f56b738fe36 1458
perl_5.12.3-1.dsc
7e3ce3f19f2290c2a2a43a98bcf8cb0ccb69b652d67ddc629544339edc6c7343 12041247
perl_5.12.3.orig.tar.bz2
0131d2f8ca5c895f949ad30a27fafc88edd0d899719e0767660cdec980412677 88242
perl_5.12.3-1.debian.tar.gz
17896f0ed4b4f9521de544ef8d318ffe79999508f3b425b9a3593c16e3d645a3 54514
libcgi-fast-perl_5.12.3-1_all.deb
8bd96462a12aa59c329260270255f4d4ddfb8adc71785d1b9234b81fadde0228 7512604
perl-doc_5.12.3-1_all.deb
48bf34a40dfc76e1c0aec72203c50efb0bed8a0ff0bd7a6520737145425d59b5 4760054
perl-modules_5.12.3-1_all.deb
476005416f764f49b55493dcd3eff11fccc6e3b77f1daeae00f626f1be285473 1482424
perl-base_5.12.3-1_amd64.deb
1abf716375fb8dbb89dc665f8f83294ea2dc8938ad1d11f9fc6d5a93e34bb2ca 5892838
perl-debug_5.12.3-1_amd64.deb
6ebd028e1a074ea81a94509686258b5be43984d25a3409c109e6cd1bb79b4a47 1150
libperl5.12_5.12.3-1_amd64.deb
b0c8fc0aa266dfc4a04ddd1c52b3683a3f33cb30b9bc81ecd1a94a8a9feb9ac5 2573650
libperl-dev_5.12.3-1_amd64.deb
559e1017c138e364b7e8c16cafc5c85bedacb1b8acfeb19d0ec4b0335ac6ee3d 4221320
perl_5.12.3-1_amd64.deb
Files:
497a44070af30c464e43070d17a8a159 1458 perl standard perl_5.12.3-1.dsc
72f3f7e1c700e79bbf9d9279ca5b42d9 12041247 perl standard
perl_5.12.3.orig.tar.bz2
1f60d3dba7b27eddf69fb444129b4dad 88242 perl standard
perl_5.12.3-1.debian.tar.gz
8fb981f3ca76cb0ce6cb908ed7def649 54514 perl optional
libcgi-fast-perl_5.12.3-1_all.deb
bfd96f7e90f4535e4a226ff1da5ee28c 7512604 doc optional perl-doc_5.12.3-1_all.deb
5e79c44e93d2f43f1bca246bbcbf3d19 4760054 perl standard
perl-modules_5.12.3-1_all.deb
18c58cd2efee44aecfe94d7464ccb0f9 1482424 perl required
perl-base_5.12.3-1_amd64.deb
2a044ec33d6111a48bc4a640ff531405 5892838 debug extra
perl-debug_5.12.3-1_amd64.deb
c5a7963cabd69131803974b83501fb1d 1150 libs optional
libperl5.12_5.12.3-1_amd64.deb
5150457dc2d8c06fab6e1815b42dd88a 2573650 libdevel optional
libperl-dev_5.12.3-1_amd64.deb
715153b9200f327fd1804f7dbffa7cdc 4221320 perl standard perl_5.12.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1Oc7kACgkQiyizGWoHLTnWUQCgitQ4kdC0pMDihwKdJ+JeFkyT
t74An2GeHft9jRW+i6poe1xLh3Obh96C
=Zim8
-----END PGP SIGNATURE-----
--- End Message ---
