severity 644108 important
thanks
On Mon, Oct 03, 2011 at 12:39:38PM +0200, Ansgar Burchardt wrote:
> there will be no DSA for this issue.
Okay, I assume this means that a severity downgrade is in order. I'm
not yet convined that the effort and risk of a squeeze and lenny release
of perl is justif
On Mon, Oct 03, 2011 at 04:01:50PM +0200, Moritz Mühlenhoff wrote:
> perl-modules from Squeeze also contains 1.16, just like libdigest-perl.
> What's the purpose of this package, then?
>
> Wouldn't it rather make sense to drop standalone packages for all
> modules present in perl-modules?
Where
On Sun, Oct 02, 2011 at 11:44:39PM +0200, Ansgar Burchardt wrote:
> Package: perl
> Version: 5.10.0-19
> Severity: grave
> Tags: security upstream
>
> Hi,
>
> the last upstream release of libdigest-perl (1.17) contains a fix for an
> unsafe use of eval: the argument to Digest->new($algo) was not
Hi,
there will be no DSA for this issue.
Regards,
Ansgar
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: perl
Version: 5.10.0-19
Severity: grave
Tags: security upstream
Hi,
the last upstream release of libdigest-perl (1.17) contains a fix for an
unsafe use of eval: the argument to Digest->new($algo) was not checked
properly allowing code injection (in case the value can be changed by
the at
5 matches
Mail list logo
