Your message dated Thu, 11 Aug 2011 19:03:47 +0000 with message-id <e1qraxj-0002dq...@franck.debian.org> and subject line Bug#637376: fixed in perl 5.14.1-2 has caused the Debian Bug report #637376, regarding perl: Encode security: Unicode.xs!decode_xs n-byte heap-overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 637376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637376 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: perl Version: 5.12.4-3 Severity: grave Tags: security Justification: user security hole Encode 2.44 has been released with the following change: ! Unicode/Unicode.xs Addressed the following: Date: Fri, 22 Jul 2011 13:58:43 +0200 From: Robert Zacek <za...@avast.com> To: perl5-security-rep...@perl.org Subject: Unicode.xs!decode_xs n-byte heap-overflow This has been fixed in libencode-perl 2.44-1; it probably also needs fixing in perl. The relevant patch appears to be <http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5> I haven't seen any further details about this one, but setting severity to grave for now.
--- End Message ---
--- Begin Message ---Source: perl Source-Version: 5.14.1-2 We believe that the bug you reported is fixed in the latest version of perl, which is due to be installed in the Debian FTP archive: libcgi-fast-perl_5.14.1-2_all.deb to main/p/perl/libcgi-fast-perl_5.14.1-2_all.deb libperl-dev_5.14.1-2_i386.deb to main/p/perl/libperl-dev_5.14.1-2_i386.deb libperl5.14_5.14.1-2_i386.deb to main/p/perl/libperl5.14_5.14.1-2_i386.deb perl-base_5.14.1-2_i386.deb to main/p/perl/perl-base_5.14.1-2_i386.deb perl-debug_5.14.1-2_i386.deb to main/p/perl/perl-debug_5.14.1-2_i386.deb perl-doc_5.14.1-2_all.deb to main/p/perl/perl-doc_5.14.1-2_all.deb perl-modules_5.14.1-2_all.deb to main/p/perl/perl-modules_5.14.1-2_all.deb perl_5.14.1-2.debian.tar.gz to main/p/perl/perl_5.14.1-2.debian.tar.gz perl_5.14.1-2.dsc to main/p/perl/perl_5.14.1-2.dsc perl_5.14.1-2_i386.deb to main/p/perl/perl_5.14.1-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 637...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dominic Hargreaves <d...@earth.li> (supplier of updated perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 11 Aug 2011 18:28:44 +0100 Source: perl Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.14 libperl-dev perl Architecture: source all i386 Version: 5.14.1-2 Distribution: experimental Urgency: low Maintainer: Niko Tyni <nt...@debian.org> Changed-By: Dominic Hargreaves <d...@earth.li> Description: libcgi-fast-perl - CGI::Fast Perl module libperl-dev - Perl library: development files libperl5.14 - shared Perl library perl - Larry Wall's Practical Extraction and Report Language perl-base - minimal Perl system perl-debug - debug-enabled Perl interpreter perl-doc - Perl documentation perl-modules - Core Perl modules Closes: 627821 635647 636609 637376 Changes: perl (5.14.1-2) experimental; urgency=low . * Promote libclass-isa-perl and libswitch-perl from Recommends to Depends, to improve partial upgrades from squeeze to wheezy (see: #629472) * Demote libpod-plainer-perl from Recommends to Suggests, based on analysis of its usage in Debian (see: #629472) * Skip a crashing test case in t/op/threads.t on GNU/kFreeBSD (see: #628493, thanks Niko) * Apply patch from Niko documenting the correct use of CCFLAGS in ExtUtils::MakeMaker (see: #628522) * Use a socket timeout on GNU/kFreeBSD to catch ICMP port unreachable messages (thanks, Niko) (Closes: #627821) * Fix decode_xs n-byte heap-overflow security bug in Unicode.xs (Closes: #637376) * Improve general GNU hints, fixing build failures on GNU/Hurd. Patch by Pino Toscano. (Closes: #636609) * Merge 5.12.4-3 and 5.12.4-4 from unstable * Fix lintian error by build-depending on procps [!hurd-any] rather than procps | hurd (and adjust existing [!hurd-i386] to [!hurd-any]) (Closes: #635647) Checksums-Sha1: b5994cbb4ec01e2f2bfe8270902ea43079c27699 1419 perl_5.14.1-2.dsc 23ee15c1502aa6324a1ee6ca69068d0b0ce62808 117035 perl_5.14.1-2.debian.tar.gz 8742d9b38c485ac92082dc9b713d939730bd06fe 71658 libcgi-fast-perl_5.14.1-2_all.deb 3ce67dc300f1c5e6b0df12c8df0ce9b0547dd40c 8154512 perl-doc_5.14.1-2_all.deb f7725d0c506ffb948e013f03c920da76c68d4fbb 3437340 perl-modules_5.14.1-2_all.deb cc8daa659839dd92cdcdb79683089be0fde250ae 1481378 perl-base_5.14.1-2_i386.deb 6138f9efb830278e837a39cfcab92f2136f0a014 7755696 perl-debug_5.14.1-2_i386.deb 92dc2f4caa73c633e75e1b2d8744c143dd85d3ca 724676 libperl5.14_5.14.1-2_i386.deb 260240275ca132ce2be8e6f3bc963e71f74f178f 2678000 libperl-dev_5.14.1-2_i386.deb b27f6ca2a53fd9d4886b5edd2c97e698a32018fc 3696886 perl_5.14.1-2_i386.deb Checksums-Sha256: 066d08d81dae467791f34a0aaca86fee16b567dd914ea9be6236b04fc1792986 1419 perl_5.14.1-2.dsc 53f801c6e110687673f4a84d633f1705044800df7e008a00904f65e13588e602 117035 perl_5.14.1-2.debian.tar.gz 3536157dc9bf85ac59152d21f8bda05ba792325fda9afe2f73c3f41532ce2730 71658 libcgi-fast-perl_5.14.1-2_all.deb e41993d38f0cd747503aa97ea1a7a3a5eb7c8d8dc0405ea03de9d7432bb5c8d8 8154512 perl-doc_5.14.1-2_all.deb 91d5f9f8191ad3993e02bae70aadfefb7acfee4ed4ba772a225ae188b517a6fc 3437340 perl-modules_5.14.1-2_all.deb ff3dcaf044030b2d4b2eda1b43958fcf05000bd85afd415c24253b6e80299fc2 1481378 perl-base_5.14.1-2_i386.deb 8e648a76ef20f1ec6ff6ba6fe6966fbb3386883eccc2ebc113173a694b056850 7755696 perl-debug_5.14.1-2_i386.deb eb65926365d24e7060ad810b5dae04bd0aaa8d414f2e99ac307563771f6d33ab 724676 libperl5.14_5.14.1-2_i386.deb 630d794ff7a8abd0a9edfc9482bc8ad8e3a8f704253e21cf18cda44dc1db8f8b 2678000 libperl-dev_5.14.1-2_i386.deb 44770a0fd600feb16aff04cb1f255bff793a8f4820679f846d02cb599f288d92 3696886 perl_5.14.1-2_i386.deb Files: 7fd590ae59dc6d1f9445408ee0408687 1419 perl standard perl_5.14.1-2.dsc 97f74e154808deba8722696ebf44192a 117035 perl standard perl_5.14.1-2.debian.tar.gz b60b86f3f9e7eacab112fa19775753db 71658 perl optional libcgi-fast-perl_5.14.1-2_all.deb f2e66fff83a0c6f524e166eb62bfec08 8154512 doc optional perl-doc_5.14.1-2_all.deb 1a4d48f26cc359f75fff6157e671e1db 3437340 perl standard perl-modules_5.14.1-2_all.deb fca1ece69a8e0617e40716dee63da131 1481378 perl required perl-base_5.14.1-2_i386.deb 8d990e80135e76eb32d788c94094cda1 7755696 debug extra perl-debug_5.14.1-2_i386.deb 2c61360619b07a07d221de1bddc216c4 724676 libs optional libperl5.14_5.14.1-2_i386.deb 0f613dd41d7f613d48a00fcced4eee47 2678000 libdevel optional libperl-dev_5.14.1-2_i386.deb ad58070e9e793a2180a8df866839c645 3696886 perl standard perl_5.14.1-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFORCFMYzuFKFF44qURAo0lAJ9n+ZmoK3hjHiSsq5RG30bu/G1RdwCdHMTV KjQYVYcU30XRwVPcDvTIjpI= =Yhja -----END PGP SIGNATURE-----
--- End Message ---
