Your message dated Wed, 06 Mar 2013 16:48:12 +0000 with message-id <e1udhvk-0000ce...@franck.debian.org> and subject line Bug#702296: fixed in perl 5.14.2-19 has caused the Debian Bug report #702296, regarding perl: CVE-2013-1667: rehashing flaw to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 702296: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: perl Version: 5.10.1-17squeeze4 Severity: grave Tags: security patch Control: found -1 5.16.2-1 Hi Niko and Dominic A a hash-related flaw was announced today and CVE-2013-1667 assigned to it. For further reference see [1,2]. [1]: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html [2]: https://security-tracker.debian.org/tracker/CVE-2013-1667 Could you please include the CVE identifier when fixing the issue? I assume this should get a DSA. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: perl Source-Version: 5.14.2-19 We believe that the bug you reported is fixed in the latest version of perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 702...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niko Tyni <nt...@debian.org> (supplier of updated perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 05 Mar 2013 21:38:26 +0200 Source: perl Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.14 libperl-dev perl Architecture: source all amd64 Version: 5.14.2-19 Distribution: unstable Urgency: high Maintainer: Niko Tyni <nt...@debian.org> Changed-By: Niko Tyni <nt...@debian.org> Description: libcgi-fast-perl - CGI::Fast Perl module libperl-dev - Perl library: development files libperl5.14 - shared Perl library perl - Larry Wall's Practical Extraction and Report Language perl-base - minimal Perl system perl-debug - debug-enabled Perl interpreter perl-doc - Perl documentation perl-modules - Core Perl modules Closes: 702296 Changes: perl (5.14.2-19) unstable; urgency=high . * [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity against code that uses arbitrary user input as hash keys. (Closes: #702296) Checksums-Sha1: fb316d9d58ff4fd69356327a50c18373e7d2f08a 1729 perl_5.14.2-19.dsc 77d6413ce30f7daa6afc6c3627ebed9bf632811c 159828 perl_5.14.2-19.debian.tar.gz d483546f7450184b70cd2ffc95aa3e137bcbf5c7 76310 libcgi-fast-perl_5.14.2-19_all.deb 2420ff48e4cee63b69c3f2f42ba47a6d49c7e04f 8169446 perl-doc_5.14.2-19_all.deb 5692728f36bf5744bcd3969c31cff24aa80998e7 3442406 perl-modules_5.14.2-19_all.deb dbd70548a0781dec255a3ca7d270328e778437db 1536792 perl-base_5.14.2-19_amd64.deb c1dd31c73200902cadabb88cecbef98213ae6e93 8006914 perl-debug_5.14.2-19_amd64.deb a1310fae9473e8a98a81001bef49e9ef5adfe43e 1176 libperl5.14_5.14.2-19_amd64.deb 88f34c94f3861425efa31479d4c43297d19de76e 3321392 libperl-dev_5.14.2-19_amd64.deb e28b29034b0b0f59a614dcd4fcb1ac108a3fae29 4426220 perl_5.14.2-19_amd64.deb Checksums-Sha256: 8eb1318dcec244350033abe4193a1032cd679686f0c4a2cbf678b278e5b3e07e 1729 perl_5.14.2-19.dsc 42fbdca35c0e19a8ae80e1b3aaae78aad44886378ecded062de93c050e76868e 159828 perl_5.14.2-19.debian.tar.gz 8c14daabc25bb76bbb448c5ecd6eb2f4fa9102a8b3efec2fb2378e9a366537f8 76310 libcgi-fast-perl_5.14.2-19_all.deb ffbec9376ce8b8b29a232d59c2fa94f2df5b703c217e01b28f255335bb32221d 8169446 perl-doc_5.14.2-19_all.deb b40b0ca5f7a933c3efd101b22170af6419c75996f02762730a809bb7684b7919 3442406 perl-modules_5.14.2-19_all.deb 473f4f8488764e37cb47f63e23e0146949fdfe30827537eb7d647943c78a26d3 1536792 perl-base_5.14.2-19_amd64.deb 8898717660c245b535bf696b6d3f789c150053fd1e6354e14d7b0f1863c42e7b 8006914 perl-debug_5.14.2-19_amd64.deb b328239cff9422c1e6a5d95012459f00689080b8f62efb3bedf19b8dbe947458 1176 libperl5.14_5.14.2-19_amd64.deb aa8b393e381f955be54f885e870de32efb8f22786e34880e6dee5edec9b1c412 3321392 libperl-dev_5.14.2-19_amd64.deb b4d3a83b12e6751473c6955e997cbef80b8f66a942bbe86513f2d7d2a87b17f0 4426220 perl_5.14.2-19_amd64.deb Files: 96533842a0d8a399c48efbcb292320c6 1729 perl standard perl_5.14.2-19.dsc 94936f2a96bbf7472ad51f841408bef8 159828 perl standard perl_5.14.2-19.debian.tar.gz 588f843ab24a876b61dea8937ec04b3f 76310 perl optional libcgi-fast-perl_5.14.2-19_all.deb d93a76c270ea1ea27a5edbe7d518590d 8169446 doc optional perl-doc_5.14.2-19_all.deb d6d39f80db3c816747fc7b53244a357f 3442406 perl standard perl-modules_5.14.2-19_all.deb 70c02da46c3fb6242593a982b5832b30 1536792 perl required perl-base_5.14.2-19_amd64.deb fce56f9b527abf094407363011a22404 8006914 debug extra perl-debug_5.14.2-19_amd64.deb 5451e89c189452d1cd36e5814efb597d 1176 libs optional libperl5.14_5.14.2-19_amd64.deb 08de15f72da2326aae3dcaa5ca4cfbc6 3321392 libdevel optional libperl-dev_5.14.2-19_amd64.deb 2ae840a004a0a8d6f1c6fa813eaeda9c 4426220 perl standard perl_5.14.2-19_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlE2X7oACgkQiyizGWoHLTl6wACcD7UtfBCGzptdavkOLFuHzX2E zsYAoMK8WIWF/koIczeegd9sKWeIHKUj =BUT1 -----END PGP SIGNATURE-----
--- End Message ---
