Bug#718949: marked as done (libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability)

Sat, 27 Apr 2024 08:15:21 -0700 

Your message dated Sat, 27 Apr 2024 15:10:34 +0000
with message-id <e1s0jhc-00csvb...@fasolo.debian.org>
and subject line Bug#718949: fixed in libdata-uuid-perl 1.227-1
has caused the Debian Bug report #718949,
regarding libdata-uuid-perl: CVE-2013-4184: symlink attacks vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
718949: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718949
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libdata-uuid-perl
Version: 1.219-1
Severity: important
Tags: security upstream

Hi

CVE-2013-4184 was assigned to a symlink attack vulnerability for
Data::UUID. See 

 http://marc.info/?l=oss-security&m=137525838315067&w=2

and

 https://github.com/rjbs/Data-UUID/issues/5

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libdata-uuid-perl
Source-Version: 1.227-1
Done: gregor herrmann <gre...@debian.org>

We believe that the bug you reported is fixed in the latest version of
libdata-uuid-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 718...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <gre...@debian.org> (supplier of updated libdata-uuid-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 27 Apr 2024 15:43:19 +0200
Source: libdata-uuid-perl
Architecture: source
Version: 1.227-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: gregor herrmann <gre...@debian.org>
Closes: 718949
Changes:
 libdata-uuid-perl (1.227-1) unstable; urgency=medium
 .
   * Team upload.
   * debian/watch: keep only one URL.
   * Import upstream version 1.227.
     - eliminated use of state/node files in temp directory,
       addressing CVE-2013-4184
       Closes: #718949
   * Update debian/upstream/metadata.
   * Declare compliance with Debian Policy 4.7.0.
Checksums-Sha1:
 834ae863b31aa884d0dc289baadc261ab7fc9afc 2384 libdata-uuid-perl_1.227-1.dsc
 d378507a46b381e8c384b18798a86bd7fe9047fd 16705 
libdata-uuid-perl_1.227.orig.tar.gz
 d39630c20d64d092b261fcf4f71c52e644b8193d 3848 
libdata-uuid-perl_1.227-1.debian.tar.xz
Checksums-Sha256:
 37978201bc2a60a1fdd06d5fb0dd4728fb068a3233191a13cd68ef2507fc5ba6 2384 
libdata-uuid-perl_1.227-1.dsc
 95bda7276265f57bc48ffdeddec5ef28cd6f765e3a183757fa5f09f0ce6b98ac 16705 
libdata-uuid-perl_1.227.orig.tar.gz
 b75181410ade4906979f8aa57f2b2260ecdeae27e1d63334acbb071cbe1e41e7 3848 
libdata-uuid-perl_1.227-1.debian.tar.xz
Files:
 70900eb35508f3907fa285e01b83f5ce 2384 perl optional 
libdata-uuid-perl_1.227-1.dsc
 6463f46996e5f00beb57317e49e238b5 16705 perl optional 
libdata-uuid-perl_1.227.orig.tar.gz
 ec26813f8bccb8f29310d05cf35a49ba 3848 perl optional 
libdata-uuid-perl_1.227-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmYtAcBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgbmTBAAjzDuf21JrHNd2ZMsBSPPbIppUcky5s5l1Rf/J4gu6wTsdaIqqfDbiToN
VQFdBRNNJsfroYXWWmt9lWI02OyOi9ykcPUGvhQCBL85qbZROqubcNCg10ZkSyRF
+6QzlTnvSkj/CL913qFI7K4DdGXcWWPPuuPm2jA7iSQM7rvFoX+V1MbFOcZQFjWu
mi+gVVqZZACROpXh3wXSH3evaHDN0EOafwV2wZtUEAHwi6Rw+2gykuqpPCXGXq87
GLrd1b7me/C/C64cNv5SvAfO+zZr2h/ZYTvjmjk/90AJNR5NHPuDk8Eba8vGFnjU
EztydN0XuD+V8vQxmXf0lT7W93PAhogDdfsrT2r5hdkSi2M9LdYAxQ6hpmVxblqc
73deJqau/jeDfZt6l1S9dVcVEsb/VkxSRfjnMnOI9o6LIbjLn8fYrSNX1i+Mdnvv
DnIuIsqAeXnKy/F914TVQh3Ca9GammjwYN1VPprbLO8net+Gqn/oOkCCmgFGPjJ0
QE4EuMuiSz0166le6HT5jBsCT+/IaQ4Lzljt739/7GPp2FtX9IEx3OFXoiVDPCRd
s4zl5Il2F8FqIAyyYEWkbcfSiR2OE+oj5guYcFAzqRsGpW/S/rt+wbVIFnCsKd0e
capqUgZARDL+WkG+WgmKmJGjiGeDLM2NKSWYag3BGNYcO9gN+hU=
=SWTv
-----END PGP SIGNATURE-----

Attachment: pgpNK8JCOyJDD.pgp
Description: PGP signature


--- End Message ---

Reply via email to