Your message dated Wed, 21 Dec 2011 07:55:45 +0000
with message-id <[email protected]>
and subject line Bug#637376: fixed in perl 5.10.1-17squeeze3
has caused the Debian Bug report #637376,
regarding perl: [CVE-2011-2939] Encode security: Unicode.xs!decode_xs n-byte
heap-overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
637376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637376
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: perl
Version: 5.12.4-3
Severity: grave
Tags: security
Justification: user security hole
Encode 2.44 has been released with the following change:
! Unicode/Unicode.xs
Addressed the following:
Date: Fri, 22 Jul 2011 13:58:43 +0200
From: Robert Zacek <[email protected]>
To: [email protected]
Subject: Unicode.xs!decode_xs n-byte heap-overflow
This has been fixed in libencode-perl 2.44-1; it probably also needs
fixing in perl.
The relevant patch appears to be
<http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5>
I haven't seen any further details about this one, but setting severity
to grave for now.
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.10.1-17squeeze3
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:
libcgi-fast-perl_5.10.1-17squeeze3_all.deb
to main/p/perl/libcgi-fast-perl_5.10.1-17squeeze3_all.deb
libperl-dev_5.10.1-17squeeze3_i386.deb
to main/p/perl/libperl-dev_5.10.1-17squeeze3_i386.deb
libperl5.10_5.10.1-17squeeze3_i386.deb
to main/p/perl/libperl5.10_5.10.1-17squeeze3_i386.deb
perl-base_5.10.1-17squeeze3_i386.deb
to main/p/perl/perl-base_5.10.1-17squeeze3_i386.deb
perl-debug_5.10.1-17squeeze3_i386.deb
to main/p/perl/perl-debug_5.10.1-17squeeze3_i386.deb
perl-doc_5.10.1-17squeeze3_all.deb
to main/p/perl/perl-doc_5.10.1-17squeeze3_all.deb
perl-modules_5.10.1-17squeeze3_all.deb
to main/p/perl/perl-modules_5.10.1-17squeeze3_all.deb
perl-suid_5.10.1-17squeeze3_i386.deb
to main/p/perl/perl-suid_5.10.1-17squeeze3_i386.deb
perl_5.10.1-17squeeze3.debian.tar.gz
to main/p/perl/perl_5.10.1-17squeeze3.debian.tar.gz
perl_5.10.1-17squeeze3.dsc
to main/p/perl/perl_5.10.1-17squeeze3.dsc
perl_5.10.1-17squeeze3_i386.deb
to main/p/perl/perl_5.10.1-17squeeze3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <[email protected]> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 20 Dec 2011 20:01:23 +0000
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid
libperl5.10 libperl-dev perl
Architecture: source all i386
Version: 5.10.1-17squeeze3
Distribution: stable
Urgency: low
Maintainer: Niko Tyni <[email protected]>
Changed-By: Dominic Hargreaves <[email protected]>
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl-dev - Perl library: development files
libperl5.10 - shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules - Core Perl modules
perl-suid - runs setuid Perl scripts
Closes: 604902 637376 644108
Changes:
perl (5.10.1-17squeeze3) stable; urgency=low
.
* [SECURITY] CVE-2011-2939: Fix decode_xs n-byte heap-overflow security
bug in Unicode.xs (Closes: #637376)
* [SECURITY] CVE-2011-3597: Fix unsafe use of eval in Digest->new();
thanks to Ansgar Burchardt for the notification (Closes: #644108)
* Unregister signal handler before destroying my_perl; fixes segfault
(Closes: #604902)
Checksums-Sha1:
8843091f6e603972d5b4d4a11089dba53824b0de 1422 perl_5.10.1-17squeeze3.dsc
bb8db3889b23751f00683d8e5b11773a4b6c4c45 118221
perl_5.10.1-17squeeze3.debian.tar.gz
0cefaca80ba0a7d0c9e4f0462c07031e862aad30 52942
libcgi-fast-perl_5.10.1-17squeeze3_all.deb
b116d4697abb77b6e297dde3ed3b256c7ffbb82a 7188506
perl-doc_5.10.1-17squeeze3_all.deb
19b3dcfa05823ade81293ebe225a84731185f1c0 3490542
perl-modules_5.10.1-17squeeze3_all.deb
45fc31cb973d06659d35e8dcd2fd65da8bfb3826 980444
perl-base_5.10.1-17squeeze3_i386.deb
60459dec649a72fbe2a183d2aa9198828534aa89 6631472
perl-debug_5.10.1-17squeeze3_i386.deb
6fb5ce9309fa5e4496770d09403166ba7996c335 33082
perl-suid_5.10.1-17squeeze3_i386.deb
1976197275655e04e32bc9ef562dfe16f6df1806 632980
libperl5.10_5.10.1-17squeeze3_i386.deb
9a90a138eedad64670f5ab8b427bed1d3931a248 2344660
libperl-dev_5.10.1-17squeeze3_i386.deb
8ec8f63de8cc549a5ce12d6e48a0863468fc50d3 3779972
perl_5.10.1-17squeeze3_i386.deb
Checksums-Sha256:
7f65a968e8055330dd39ea8b338a9988a0d5efadc71d37bdd539176537fe1410 1422
perl_5.10.1-17squeeze3.dsc
7fe9f8d789020722fdc68bdee57943fd8cc934233887b40d4c540f764c17dc61 118221
perl_5.10.1-17squeeze3.debian.tar.gz
5e59422232d568b1bca7436f4058ecdc8fb3320b274a7af5c74f5189d54f982d 52942
libcgi-fast-perl_5.10.1-17squeeze3_all.deb
d60be500a411aa9aa47d2e956eaf733d98658141d9e8883d3000da47704a322a 7188506
perl-doc_5.10.1-17squeeze3_all.deb
87d0138eff66a0f0e7f585dae5e2b512703ebf49ec6547d79662b859ed18bf8f 3490542
perl-modules_5.10.1-17squeeze3_all.deb
80a91d13da776b2a0a1fbce39aaae8d2927de90994cdc64c7bafce5eefaaa447 980444
perl-base_5.10.1-17squeeze3_i386.deb
16cb303beb593fe49b5fc7a16e2bd31c73c35466f3d24527c91f77a660c5cde5 6631472
perl-debug_5.10.1-17squeeze3_i386.deb
d8ba102fb43869cd9b0e12cc3bac4d5960f534a222eb5d0ea0e0bc0faf20ee77 33082
perl-suid_5.10.1-17squeeze3_i386.deb
3021f5a310aa0c6ab902edaa96a141ab7350df6e71ef7a5356bf67baf28caca9 632980
libperl5.10_5.10.1-17squeeze3_i386.deb
b172480c65818cbd5a9dc20abc7b145e77e57c27149c65ae2b3b55870e8fa1b0 2344660
libperl-dev_5.10.1-17squeeze3_i386.deb
43d3094c4be1da418e5c99e7b495f86ab0b7a88b3e1bb9a919b5e43c723bf48f 3779972
perl_5.10.1-17squeeze3_i386.deb
Files:
d9eab87849364e3327920e382f3a5887 1422 perl standard perl_5.10.1-17squeeze3.dsc
e1efd83cf80e965a40d8aa4fd745f0f0 118221 perl standard
perl_5.10.1-17squeeze3.debian.tar.gz
40633b98fae67084c284494c961f4f75 52942 perl optional
libcgi-fast-perl_5.10.1-17squeeze3_all.deb
3932fb00d1af19a23af4f55902323cc6 7188506 doc optional
perl-doc_5.10.1-17squeeze3_all.deb
bf3aed2150a5e97f90e9fc136a197a9e 3490542 perl standard
perl-modules_5.10.1-17squeeze3_all.deb
20ced901f6f8c21fb31c546a7177c4ed 980444 perl required
perl-base_5.10.1-17squeeze3_i386.deb
24a219d7133aeb15cf7f08524eb1399f 6631472 debug extra
perl-debug_5.10.1-17squeeze3_i386.deb
e6543333ebbc2da71eede37bec255267 33082 perl optional
perl-suid_5.10.1-17squeeze3_i386.deb
a2ee1211165807ea8766247e5e4cce57 632980 libs optional
libperl5.10_5.10.1-17squeeze3_i386.deb
8de6fcb74ba725c85a2bc23b495645aa 2344660 libdevel optional
libperl-dev_5.10.1-17squeeze3_i386.deb
452c1287272b46e62a2ffdf45b200104 3779972 perl standard
perl_5.10.1-17squeeze3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFO8PpwYzuFKFF44qURAngvAKCbHo99M3keZB76Xq40Vk99ZzQzwgCeICdt
fnvwvuEAY+K9zsBNIHdkezE=
=OItN
-----END PGP SIGNATURE-----
--- End Message ---
