Your message dated Tue, 04 Jun 2013 21:49:09 +0000
with message-id <[email protected]>
and subject line Bug#694279: fixed in libdancer-perl 1.3114+dfsg-1
has caused the Debian Bug report #694279,
regarding libdancer-perl: CVE-2012-5572: Cookie name CRLF injection
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
694279: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694279
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libdancer-perl
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
Similar to #693421, CVE-2012-5526 it was reported[1] that
libdancer-perl's Dancer::Cookie also do not validate cookie name for
CRLF and other invalid symbols in headers. A patch however does not
seem to be present so far.
[1]: https://github.com/sukria/Dancer/issues/859
Regards,
Salvatore
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQsV0BAAoJEHidbwV/2GP+L5gP/2B+f7DmIh7GZM7b/vJAVX1r
HKNqthkRkskiqILOOZpW/PyOA/f/sJfDICtXLmwU2Vg+wAeX6LbLTMpE09pkIyyJ
+5lfOffPT1fMxqcCI1miTuzDTrztBQrQtWVA0SU4XYw8qWTS8Eqg0lYoP7Y87n4I
Dbrg5HpVcgz7fgj0Cup0iD1Q0QOhrcSS3iSVN/T4T8MYSRfm8BJHr2ihPrq2N/Bk
qY+rsz49OuTgvZ9H7a53bFQLbaT9whnpEwtF2JvQLHicYWLl71iL4XwLFYIc/KzQ
shmlm2vHbUQV+vYaB6i0O9Pg1Ks5BnprOe0KT9cmxLREORZpRxdvi5+ivNFbcpTZ
l8xrF1Hr5RssLheh8rsX+EFx2Wfg3xCpAsDPtEK04//LEm6LtJbpE+QKxDq5Qn64
4zKPPAnBf7ebnbaPerj/PvhFdvAfjEs2I048OqAQJozlHDLtirC6MtynY0DP1O0N
4bYZfwGl5uu7WcnySMxizn4ydzE0FdR9OU+fMNUzsyT9STiCCPJQVqR3mNVixJI3
rCCRYWnSJVTwbiYz2BolS+NtVgtzqHYbk/hDvIbbzrVdJvhkQGToz5C8bdlplSrJ
9sNQrnYoMsqkRIT4VABqK/amBC2X+/B08NyH4p37ykQN1PNOtU0PU5QkgDLY2tVs
1k6Oa+K0b99BL0nOJfwW
=Fxk0
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: libdancer-perl
Source-Version: 1.3114+dfsg-1
We believe that the bug you reported is fixed in the latest version of
libdancer-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libdancer-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 04 Jun 2013 23:26:56 +0200
Source: libdancer-perl
Binary: libdancer-perl
Architecture: source all
Version: 1.3114+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Description:
libdancer-perl - effortless web application framework
Closes: 694279
Changes:
libdancer-perl (1.3114+dfsg-1) unstable; urgency=low
.
[ Salvatore Bonaccorso ]
* Change Vcs-Git to canonical URI (git://anonscm.debian.org)
* Change search.cpan.org based URIs to metacpan.org based URIs
* Add copyright stanza for debian/repack.stub file
.
[ gregor herrmann ]
* Update debian/repack.stub.
* New upstream release.
Fixes "CVE-2012-5572: Cookie name CRLF injection"
(Closes: #694279)
* Add (build) dependency on libmodule-runtime-perl.
* Update years of packaging copyright.
* Add libclone-perl and libdancer-session-cookie-perl to B-D-I (tests)
and add some optional packages to Suggests.
Checksums-Sha1:
e27bfec9ecb07454c880bfcb81a45b0ef0c622f8 2732 libdancer-perl_1.3114+dfsg-1.dsc
fefdae4f7830b68db696e5b80bc2bb701ef1b7c8 285965
libdancer-perl_1.3114+dfsg.orig.tar.gz
4f87f5ac01afb7e754c7d4fe6f52401b7d24c59f 10090
libdancer-perl_1.3114+dfsg-1.debian.tar.gz
924d6b2d243706a15668f345c228c6940da82cba 428066
libdancer-perl_1.3114+dfsg-1_all.deb
Checksums-Sha256:
6c6b0526c796aafa229de2a3cc4a2846edf6e116abc3a6ce2941daaee952bf40 2732
libdancer-perl_1.3114+dfsg-1.dsc
d7a2fa04a9d9a6dc9978eead594465b9ebf03f752c9483a493709da358f04695 285965
libdancer-perl_1.3114+dfsg.orig.tar.gz
de79e0ba460bff9a56eec456927ee98c467120b76f62f2d25aafe18acb31aeaa 10090
libdancer-perl_1.3114+dfsg-1.debian.tar.gz
b105249c9df0262264d258c5db751c38944f81c48cea2f43ddf1b2bcddbf47b9 428066
libdancer-perl_1.3114+dfsg-1_all.deb
Files:
9ca00c77ebea5cdbbf1b9c82eafee25e 2732 perl optional
libdancer-perl_1.3114+dfsg-1.dsc
da9e481633e5c1f7bf75468143a45fd1 285965 perl optional
libdancer-perl_1.3114+dfsg.orig.tar.gz
e3820bce854d62893c6b097dfef2c219 10090 perl optional
libdancer-perl_1.3114+dfsg-1.debian.tar.gz
79e37e006e70820dedbda2db07e695e0 428066 perl optional
libdancer-perl_1.3114+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRrlwiAAoJELs6aAGGSaoGfXMP/1SA2dWW+A/PEDi+ldq79/Px
PLKcF4crAOvqvdUkRSc3PI+E9H71KnHDxuSXwiSxk+oDtdzAyDN/uS2DqjWcFk+N
Zl1RjNnWX510gFTir+wWLrhKMq3ZiYPusB+AN57NiXjUvO+pUg5Tda0VdXE7UVri
PlpEMb8MDCsDR7uR9OtAwy66hLZI1hGV3ABn3E6H6cKiJjOIPpsBWxKst/vJ0pFV
VydYYPghQR2oN74Ae1Ah5DYWBIZ1E+4nk8tWaV4/p8RCd4mtuU01AkkO2oHwDbCx
zcaIuVJBahtugv1gp6t7kC1pjXG/EoS05jJKCkADMK5r+3klJoZoZSWBUb1Z628I
2nlkmv0xGMKQTLW/scirg0SgJ+iyUiUcHOW9VAST24ZnS6o1Ff3mgO3wF97xR21S
8SCiuluAdceBfDBTF7OqE9R+Dp9xbqD/XQHm3+OR4Xb8M5MoRzQssnC24tsnoMLK
ljMkUM35Y+jtf5sUVbIcbxoEafiUeZD/RWfy8+T98X6enNZ/1uMizPtGoQfw3+B8
Kwtv/CT1OUS6eqDMtNFxJ4C8JG3MUoeeDf5pfKIvKgw3h0pE7f4eQrQaoVSy3DRP
0pdvhNr7cvYsf14I5g/P3RZKa0F1psLGPjxqcBrKPP+bypR/s5u47RiUMyQp1JTz
FbJZIsJ+4/k2HUTs7qvY
=DNaF
-----END PGP SIGNATURE-----
--- End Message ---
