Your message dated Thu, 20 Jun 2013 22:18:48 +0000 with message-id <e1upnbo-0004zt...@franck.debian.org> and subject line Bug#711239: fixed in libmodule-signature-perl 0.63-1+squeeze1 has caused the Debian Bug report #711239, regarding libmodule-signature-perl: CVE-2013-2145: arbitrary code execution when verifying SIGNATURE to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 711239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711239 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libmodule-signature-perl Version: 0.63-1 Severity: grave Tags: security patch upstream fixed-upstream Justification: user security hole Hi, the following vulnerability was published for libmodule-signature-perl. CVE-2013-2145[0]: arbitrary code execution when verifying SIGNATURE Upstream patches are at [1] and further corrected at [2], and fixed upstream 0.72[3]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2145 http://security-tracker.debian.org/tracker/CVE-2013-2145 [1] https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2 [2] https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896 [3] https://metacpan.org/source/AUDREYT/Module-Signature-0.72/Changes Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libmodule-signature-perl Source-Version: 0.63-1+squeeze1 We believe that the bug you reported is fixed in the latest version of libmodule-signature-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 711...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libmodule-signature-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Jun 2013 23:25:09 +0200 Source: libmodule-signature-perl Binary: libmodule-signature-perl Architecture: source all Version: 0.63-1+squeeze1 Distribution: squeeze Urgency: low Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libmodule-signature-perl - module to manipulate CPAN SIGNATURE files Closes: 711239 Changes: libmodule-signature-perl (0.63-1+squeeze1) squeeze; urgency=low . * Team upload. * Add CVE-2013-2145.patch. CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE. (Closes: #711239) Checksums-Sha1: 1f92b6207cc8e583446f123c7271e0d569057f9b 2231 libmodule-signature-perl_0.63-1+squeeze1.dsc 01b0e3033928f9697b5ded5f01dbe4bffd4fd04a 6734 libmodule-signature-perl_0.63-1+squeeze1.debian.tar.gz 2535c426df4a166ef659f5b09c7eae6ab04b8f2a 29108 libmodule-signature-perl_0.63-1+squeeze1_all.deb Checksums-Sha256: 9583a6c7e1f391f407292d7fcc1a85b2dccda6f24d4ab7065fec30c3989a13bd 2231 libmodule-signature-perl_0.63-1+squeeze1.dsc cf604a0d00ea5a37c16b16ffd9864ebff5f6fae9394f30d19625407d5fcb6044 6734 libmodule-signature-perl_0.63-1+squeeze1.debian.tar.gz 3dbe05f2e3ecce02725c21a8fa5863dc233ee4826727ca60be2b1112bdaafa79 29108 libmodule-signature-perl_0.63-1+squeeze1_all.deb Files: 02acb9b2ffdc0c654a3220d69d49bfb0 2231 perl optional libmodule-signature-perl_0.63-1+squeeze1.dsc 53a66d76b5abd66f2b883db5f47101d0 6734 perl optional libmodule-signature-perl_0.63-1+squeeze1.debian.tar.gz df6fa4fcd6497d402a80a2a1b06008b6 29108 perl optional libmodule-signature-perl_0.63-1+squeeze1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRwhP4AAoJEHidbwV/2GP+rJwP/1pCxABf1UfUPJijBGh9Q1p5 5eC7te49q0lXh+CVaWImST6EseZiBHUHAwZ0arVrnmeYTepxc9ncFZPiBMS0+I8/ oU3GJI53ucc8mG06Njr/dnDlapYwfI2WHIQHfIiRAJK4b/kkt1QHvDN6vUupkVxM uL/RLekEjHiQiAkdN6tLe93/wmtQwazzbRImobp0+ZbIoYTfU9/55sue6JZMmBwR ckX6Xd9TTjEWRxwrlHRBjNUZ21Gkl0J6Y4DlydpDTNn6qUK4gPaXNA7xte93MLw3 10GjDe5WnHcWGaSDNVbQETVtjxDO+QPTVICKNnaG/+MDXLY41TcBqfxH8sE7UPjE 7PFQj9WeAi1GelPVCw55UT7+5b8+lGNYJjCbNUsr/r5qwSPXWR70NV0w/hUgHGlg qK9ZQ8Xjac1JwNkDxZHx4ATqUCB6dqWopzooGAnwc/IAeoF8oLGAalpg922nK+QM HVbo0jBk5XRD2S45uRfyePAua3G4SyjMQWsQ7yaiq9F3hWRZH2R53e6+EFChZUZS SbxlcIC8vwuZSkqKDW0fdlWBc2zLfqgn9hT4go+RYwqXUt7j/9Y9R1PoASOu9g8b 2bqIwTZor5Zgv2iOEENSNy+/2HWscDkdXr33V02HNpBpsprpMdz+xQ+Jsj3S0lNC AxDS0rXowuWop1lRLlW9 =+xUB -----END PGP SIGNATURE-----
--- End Message ---
