Your message dated Sun, 13 Jan 2013 19:18:08 +0000 with message-id <e1tut4k-0007ot...@franck.debian.org> and subject line Bug#693420: fixed in perl 5.16.2-2 has caused the Debian Bug report #693420, regarding CVE-2012-5526 CGI.pm: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 693420: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693420 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: perl-modules Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, the following vulnerability was published for CGI.pm: CVE-2012-5526[0]: libcgi-pm-perl: newline injection If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526 http://security-tracker.debian.org/tracker/CVE-2012-5526 [1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes [2] https://github.com/markstos/CGI.pm/pull/23 [3] https://bugzilla.redhat.com/show_bug.cgi?id=877015 Please adjust the affected versions in the BTS as needed. Regards, Salvatore - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages perl-modules depends on: ii libclass-isa-perl 0.36-5 ii libswitch-perl 2.16-2 ii perl 5.14.2-15 perl-modules recommends no packages. Versions of packages perl-modules suggests: ii libpod-plainer-perl 1.03-1 - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQpg2OAAoJEHidbwV/2GP+fYMP/2mddx22RGDz7XVgwcm0q19i WC8De0NRSSxso0CMLg0/zuDYwrUPPa6y5pan5Yh8V2Ia0yfHqkbIsRWjZWX8wkN9 woO6EpeKo9pVVB0Va+66xkhhU2fKl41AirixQdsP1KRnBr+T9T+PVtZ2x8qHdxNs yBZlGhHFcNlxy2alWInS30vqzMBXPpmrfofCLWcleReNO09ESScbR5T68SXC39Pp T1VhQMZujiB8AkznOAMMf+CeNlQUF6DGL30ScyF/+SirFhoEu5WHfLyYteOAdrnG Zx4Vjz+pCBAhlupSRBH3ld8ssix5I4o9Fq4I4ZESCeC8MWrVntZatRrnK3myusUW 96p3BTtBfuOFJEE/mdx9S5dP5dtnffIqm99OAYyWmy5175brkUahmGl0fNJTbrzB fDqFrJrv+y1TakdLbfzLkBhr0GBXTgP/JX+NEYdRgiJwPXuSGMIwPa+CG4TYTDBw 294Iq2fr3L33SVrvaVMGozy5xqaJgzVROtn5jI1PfI2Swk+JZ0uiSL1k704qQDTq GHLUFLzqfBdoUCiUKv8T1iGQSKswZOPfEx1mAz3gqrGs1TGCi9wEtV/29oDOqLXK j5Vb7ioGw0ZKNb9tj2Ht1NiZBc1EFxLC/n0OykOUcEF9r9bY4rDo4lVZDzgNcRq0 kvG9UAUALSLns4MB84zr =bgDd -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: perl Source-Version: 5.16.2-2 We believe that the bug you reported is fixed in the latest version of perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 693...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dominic Hargreaves <d...@earth.li> (supplier of updated perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 13 Jan 2013 17:54:46 +0000 Source: perl Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.16 libperl-dev perl Architecture: source all i386 Version: 5.16.2-2 Distribution: experimental Urgency: low Maintainer: Niko Tyni <nt...@debian.org> Changed-By: Dominic Hargreaves <d...@earth.li> Description: libcgi-fast-perl - CGI::Fast Perl module libperl-dev - Perl library: development files libperl5.16 - shared Perl library perl - Larry Wall's Practical Extraction and Report Language perl-base - minimal Perl system perl-debug - debug-enabled Perl interpreter perl-doc - Perl documentation perl-modules - Core Perl modules Closes: 688842 689713 693420 695223 695224 Changes: perl (5.16.2-2) experimental; urgency=low . [ Dominic Hargreaves ] * Merge 5.14.2-15 and 5.14.2-16 from unstable + [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p CRLF escaping (Closes: #693420) + [SECURITY] Fix misparsing of maketext strings which could allow arbitrary code execution from untrusted maketext templates (Closes: #695224) + [SECURITY] add warning to Storable documentation that Storable documents should not be accepted from untrusted sources (Closes: #695223) + Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent is writable. (Closes: #688842) + Don't overwrite $Config{lddlflags} or ccdlflags on GNU/kFreeBSD. (Closes: #689713) . [ Niko Tyni ] * Minor packaging improvements: + present Debian bugs consistently in patchlevel.h. + use gzip -n for reproducible results + support comments in file lists + fix a syntax error in debian/copyright + support the '**' notation in file lists for matching subdirectories Checksums-Sha1: e4b3e06d1e64437fb251538373ce56d7bff93194 1717 perl_5.16.2-2.dsc 45f4a41b579794e8b80a1e94c04c3090ee78acfd 126313 perl_5.16.2-2.debian.tar.gz f35a52639ed1641b92a5ba705aa4600d76d49645 75194 libcgi-fast-perl_5.16.2-2_all.deb 7ba4b0b01b1a73ac34a6b377426cd2d47513350d 7898372 perl-doc_5.16.2-2_all.deb 2c77b400b64b97cf66ccde1d45e7766e871221d6 3835664 perl-modules_5.16.2-2_all.deb d7103219422b1fd00fe5e9bb1a116fa0fe400944 1528168 perl-base_5.16.2-2_i386.deb 58c306ced8704bca475d42b883b50b3dcb785ec0 9258256 perl-debug_5.16.2-2_i386.deb 563b5d8be96f2d20299bef88a3a4bc4eabd9e59c 763060 libperl5.16_5.16.2-2_i386.deb 113248711a8e9620b5f25100c28d77ef0b480059 3161862 libperl-dev_5.16.2-2_i386.deb 8b970007af831d53a2aa77b1356ff4cc9b60cb9e 3706428 perl_5.16.2-2_i386.deb Checksums-Sha256: 55afde9c3091207071421a53744b81c066a2287db98deddd25514b4a73cca02a 1717 perl_5.16.2-2.dsc b7052be9875eb7180e4935ec478f9b34b3043211f9842ed594bd4a7996a13b6f 126313 perl_5.16.2-2.debian.tar.gz b8ee8db139ec16c4fcc67cdbe2d3931225224c2acebade4ba89f5ce23a32feca 75194 libcgi-fast-perl_5.16.2-2_all.deb 71b36fe06badd80707b3623904b179aed752d08a914eac05c8c73ee88e18de86 7898372 perl-doc_5.16.2-2_all.deb 495497985add85a5f51f924c6eb5d0bbc4b4352218c0814a70d89f6b1b3cbc55 3835664 perl-modules_5.16.2-2_all.deb ebc48a7dd8dd5a8dd4fe42b4f8f597c6a8ea939d9e7b15fad6c3a837dcbae8f3 1528168 perl-base_5.16.2-2_i386.deb a17741bcbb0cb6a586e22b74487b8d886aac5a0b9ef2aef6df9d9e63ceae8820 9258256 perl-debug_5.16.2-2_i386.deb 9966dc497dcdb3dc2c7e8aacf7f5b65548a909eafdcdde1fdeafd58809b74daf 763060 libperl5.16_5.16.2-2_i386.deb c263ab4261dd1f1514e328fc16abae37b7951f3bfef311b56ec417dfc91c4275 3161862 libperl-dev_5.16.2-2_i386.deb 8e25964f99ec08512c682f0f3f06401cb617b9d0a994f79bb20e5f693c6f0337 3706428 perl_5.16.2-2_i386.deb Files: 33b5ad74e6fab2c4a8048c821ba87de6 1717 perl standard perl_5.16.2-2.dsc 1bf8cb9d8cebb7302c330f750e7de87f 126313 perl standard perl_5.16.2-2.debian.tar.gz f83d7d77d4011929ae765f34fba0060c 75194 perl optional libcgi-fast-perl_5.16.2-2_all.deb 99bd3f331445798becb7d07981b50117 7898372 doc optional perl-doc_5.16.2-2_all.deb 52ef6739bd98877650e8c16267e845d1 3835664 perl standard perl-modules_5.16.2-2_all.deb 33b977277351659b21de478f7cf80800 1528168 perl required perl-base_5.16.2-2_i386.deb 26b38fd30eeaf7020a5117d7114576ff 9258256 debug extra perl-debug_5.16.2-2_i386.deb e889ff8cdf2a85328b36c510ea2b24af 763060 libs optional libperl5.16_5.16.2-2_i386.deb c9939918766edb19c3d45fc17bdbf0d3 3161862 libdevel optional libperl-dev_5.16.2-2_i386.deb 78742ae86a9ad452e98db4f6780fb215 3706428 perl standard perl_5.16.2-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFQ8wPAYzuFKFF44qURAu9iAKCo9QnWpOhrwPapXNfgxyK4O64FCACfcsSa wbHqMCIRl4SVYv6sDpSIo8k= =pe2l -----END PGP SIGNATURE-----
--- End Message ---
