Your message dated Sun, 30 May 2010 22:02:07 +0000
with message-id <e1oiqa7-0002pe...@ries.debian.org>
and subject line Bug#582978: fixed in perl 5.10.1-13
has caused the Debian Bug report #582978,
regarding perl: safe.pm code injection vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
582978: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582978
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: perl
Version: 5.10.1-12
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for perl.
CVE-2010-1974[0]:
| Multiple unspecified vulnerabilities in the Safe (aka Safe.pm) module
| before 2.25 for Perl allow context-dependent attackers to inject and
| execute arbitrary code via vectors related to "automagic methods."
| NOTE: this might overlap CVE-2010-1169 or CVE-2010-1447.
The current version of perl in unstable has safe.pm 2.18, so that just
needs to be updated to version 2.25.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1974
http://security-tracker.debian.org/tracker/CVE-2010-1974
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.10.1-13
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:
libcgi-fast-perl_5.10.1-13_all.deb
to main/p/perl/libcgi-fast-perl_5.10.1-13_all.deb
libperl-dev_5.10.1-13_amd64.deb
to main/p/perl/libperl-dev_5.10.1-13_amd64.deb
libperl5.10_5.10.1-13_amd64.deb
to main/p/perl/libperl5.10_5.10.1-13_amd64.deb
perl-base_5.10.1-13_amd64.deb
to main/p/perl/perl-base_5.10.1-13_amd64.deb
perl-debug_5.10.1-13_amd64.deb
to main/p/perl/perl-debug_5.10.1-13_amd64.deb
perl-doc_5.10.1-13_all.deb
to main/p/perl/perl-doc_5.10.1-13_all.deb
perl-modules_5.10.1-13_all.deb
to main/p/perl/perl-modules_5.10.1-13_all.deb
perl-suid_5.10.1-13_amd64.deb
to main/p/perl/perl-suid_5.10.1-13_amd64.deb
perl_5.10.1-13.debian.tar.gz
to main/p/perl/perl_5.10.1-13.debian.tar.gz
perl_5.10.1-13.dsc
to main/p/perl/perl_5.10.1-13.dsc
perl_5.10.1-13_amd64.deb
to main/p/perl/perl_5.10.1-13_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 582...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 30 May 2010 11:09:48 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid
libperl5.10 libperl-dev perl
Architecture: source all amd64
Version: 5.10.1-13
Distribution: unstable
Urgency: low
Maintainer: Niko Tyni <nt...@debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl-dev - Perl library: development files
libperl5.10 - shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules - Core Perl modules
perl-suid - runs setuid Perl scripts
Closes: 289884 578577 579537 582978
Changes:
perl (5.10.1-13) unstable; urgency=low
.
* [SECURITY] CVE-2010-1974: Update to Safe-2.25, fixing code injection
and execution vulnerabilities. (Closes: #582978)
* Add conflicts/replaces/provides for the new libswitch-perl,
libclass-isa-perl, and libpod-plainer-perl packages. (See #580034)
* Fix a tell() crash on bad arguments. (Closes: #578577)
* Fix a format/write crash. (Closes: #579537)
* Prevent gcc from optimizing the u32align check away, finally fixing
MD5 on armel. Thanks to Marc Pignat. (Closes: #289884)
* Fix a test failure in CGI/t/fast.t when FCGI is available.
Checksums-Sha1:
af6ee28791c7d35fcd158bc95d0672df80622323 1388 perl_5.10.1-13.dsc
df50c8f7c39a36d0878b894ddbc5dd6f319e6cd5 106766 perl_5.10.1-13.debian.tar.gz
e152312561afddeda98df8a6416c40a9f9ddee9f 52400
libcgi-fast-perl_5.10.1-13_all.deb
7eb07d95da60f1e4a1fc5f4ff37cccfb30f1fb91 7187676 perl-doc_5.10.1-13_all.deb
2c5788cab2bd1913e14f08fc9f3910d77b44ec53 3480936 perl-modules_5.10.1-13_all.deb
8d9994652ae3f1b384bf4aaed4d1fd2d931ff1c1 1064366 perl-base_5.10.1-13_amd64.deb
f11bf8a4ccdaf1340fe2ff7bfc75d139ed6ce8f4 5834888 perl-debug_5.10.1-13_amd64.deb
146eba17e3b3cd4f1061b33b77916d30df1134f0 34644 perl-suid_5.10.1-13_amd64.deb
5286364f4a7a58216f90f64ca134f03e946d809f 1152 libperl5.10_5.10.1-13_amd64.deb
dd854fe3c02d0d6cd5872f3eafbf255e9882f09e 2560924
libperl-dev_5.10.1-13_amd64.deb
cd57eb123069f4c22f2b0505d9935961d55a4366 4460768 perl_5.10.1-13_amd64.deb
Checksums-Sha256:
de2e030eaba12e235b7f748d638d592af3d90c887b1e1b63241312986fa3091f 1388
perl_5.10.1-13.dsc
c931b48f4f59db60941789d8e1867e43215aa6a7b5d3b74244536ad3b3e796f5 106766
perl_5.10.1-13.debian.tar.gz
c56e1f0b6398066ea0ed83da3d0070cde463d18e35fd58cefa9865fd3b0b3282 52400
libcgi-fast-perl_5.10.1-13_all.deb
7fd774e6df3ec0fff4ebcb4c41d6f087b6405d4393228204c6c99481b7b9a2b7 7187676
perl-doc_5.10.1-13_all.deb
dd5c0062836a53acaad3556f60a00c209157803d10fe5857073d8bb946c48bd0 3480936
perl-modules_5.10.1-13_all.deb
14cd03d68489b28c73f0256908ddf55d254912ab1774c5ccf388727f345a905c 1064366
perl-base_5.10.1-13_amd64.deb
a2aae4a8d663ec7cd6ae0454400237c8bdb92ae75827bd40925f9be3d317cfa4 5834888
perl-debug_5.10.1-13_amd64.deb
c5f6883c0673fe85465fe36f02eea589aee6759ae3db1de42b42492f85bd36a5 34644
perl-suid_5.10.1-13_amd64.deb
54b30c9016a23150115b6cc49a06f014b1dcdd680bd09a76b9b234d4aa2d2301 1152
libperl5.10_5.10.1-13_amd64.deb
e9a761b602cb309745bd6986d32d64443cd96941b76f044d50c299e334ac7867 2560924
libperl-dev_5.10.1-13_amd64.deb
848488507bf3ddbfba934be314b54f5dac4b2c9b7503c84c31aaa6c42df0563e 4460768
perl_5.10.1-13_amd64.deb
Files:
ba4a4f7fd8546f581135dd705dc2812a 1388 perl standard perl_5.10.1-13.dsc
c600f2eb3701213fc7139daa9f4c8444 106766 perl standard
perl_5.10.1-13.debian.tar.gz
a966835e21a92568b16c63027e8d29b9 52400 perl optional
libcgi-fast-perl_5.10.1-13_all.deb
6e4eeaddc89a01f37541d7c82071a211 7187676 doc optional
perl-doc_5.10.1-13_all.deb
3ea37b5cbacf1b6409cd96140c85d530 3480936 perl standard
perl-modules_5.10.1-13_all.deb
98056788e2a3cc4a7d4e0ebcf6d786b1 1064366 perl required
perl-base_5.10.1-13_amd64.deb
22634c4139eb93c235f696783c153f8a 5834888 debug extra
perl-debug_5.10.1-13_amd64.deb
efd1fa0368f796cf74829b129b38da40 34644 perl optional
perl-suid_5.10.1-13_amd64.deb
9c0ac214caedf6e262209367454ec26c 1152 libs optional
libperl5.10_5.10.1-13_amd64.deb
126d61c96d443cf7f92040f14fed3a74 2560924 libdevel optional
libperl-dev_5.10.1-13_amd64.deb
073554354b585544168302ece7598a6f 4460768 perl standard perl_5.10.1-13_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwC04gACgkQiyizGWoHLTmtpACgjeKg81KuNiP3vfE6+Eccw0eL
4j8An1of7azrWWS6F5vFnGzvLnr+zQC/
=M9ul
-----END PGP SIGNATURE-----
--- End Message ---
