Your message dated Wed, 07 May 2025 19:50:12 +0000
with message-id <[email protected]>
and subject line Bug#1066969: fixed in libcrypt-openssl-rsa-perl 0.35-1
has caused the Debian Bug report #1066969,
regarding libcrypt-openssl-rsa-perl: CVE-2024-2467: vulnerable to the Marvin
Attack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1066969: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066969
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcrypt-openssl-rsa-perl
Version: 0.33-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 0.31-1
Hi,
The following vulnerability was published for libcrypt-openssl-rsa-perl.
CVE-2024-2467[0]:
| Crypt-OpenSSL-RSA vulnerable to the Marvin Attack
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-2467
https://www.cve.org/CVERecord?id=CVE-2024-2467
[1] https://people.redhat.com/~hkario/marvin/
[2] https://github.com/toddr/Crypt-OpenSSL-RSA/issues/42
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libcrypt-openssl-rsa-perl
Source-Version: 0.35-1
Done: gregor herrmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcrypt-openssl-rsa-perl, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated
libcrypt-openssl-rsa-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 07 May 2025 21:35:32 +0200
Source: libcrypt-openssl-rsa-perl
Architecture: source
Version: 0.35-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1066969 1087888
Changes:
libcrypt-openssl-rsa-perl (0.35-1) unstable; urgency=medium
.
* Team upload.
* Set Homepage in debian/control to MetaCPAN page.
Thanks to Matt Taggart for the bug report. (Closes: #1087888)
* Import upstream version 0.35.
- Disable PKCS#1 v1.5 padding. It's not practical to mitigate marvin
attacks so we will instead disable this and require alternatives to
address the issue.
Resolves CVE-2024-2467.
Closes: #1066969
* Update debian/upstream/metadata.
* Refresh Makefile.PL-no-ssl-in-LIBS.patch.
* Declare compliance with Debian Policy 4.7.2.
Checksums-Sha1:
14626e78f28bffd699c44836e6e028069eef5e81 2655
libcrypt-openssl-rsa-perl_0.35-1.dsc
3dbedd237f755091d714011e8a73a29547edfdaf 32027
libcrypt-openssl-rsa-perl_0.35.orig.tar.gz
80c4c1404b1c9f914ada6c62039fde03247efc66 4448
libcrypt-openssl-rsa-perl_0.35-1.debian.tar.xz
Checksums-Sha256:
ac46c7a4e2725af9d8b0927a159d180c109d97e1ed6be999da0d031ead491a74 2655
libcrypt-openssl-rsa-perl_0.35-1.dsc
5eebd55ac071634c864a8e78f5cfafbaaf43cf84c04323a09b71dd76bf025cc2 32027
libcrypt-openssl-rsa-perl_0.35.orig.tar.gz
a952552ad2d49ca8148980ceaec2aab509a8368363e3b77af484565726507611 4448
libcrypt-openssl-rsa-perl_0.35-1.debian.tar.xz
Files:
a3a9a531cb082fe87dc56907cbb1614f 2655 perl optional
libcrypt-openssl-rsa-perl_0.35-1.dsc
69827a4e1b23f9cdbf3a60ac823ad524 32027 perl optional
libcrypt-openssl-rsa-perl_0.35.orig.tar.gz
71d4142c94e9c9d79bbc10b8bf283ca2 4448 perl optional
libcrypt-openssl-rsa-perl_0.35-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmgbtthfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgZQWA/8CUVyXmSm6Jao7JE+CvCuWLntOjYfo765kODKSTmBLhtQ5UrH52uEGn/J
2nhoaNHd582GYLhjJxCUtvO/ziVT/683XfEGx7ojUgc8e7OJhvCwplvyHHCfYvEZ
dDNW3o6D4lgsQS26cT3LCCt/8hmZGz6SvbOAn5cr3wT9zY5DWwgmZ8kw3lrKrsGv
LSbWRgDy0eY/xN5ipdnGugxCTLWbdGLlbGomdOFfpZdTTgXzpT/PyJsPBBKSUeW1
Uo1v3FdRcLG8CNk6DnPd9vtw9Mz8EM/vt6aZ7rqXcwWDWD5ezI4xywhL4gWExAy3
ZCv4iN1n2pTNbqrFVAybmRzjErZ/jwIRMyBsfWhjb+PoHGFgBBJhP9jUdrvYegH0
j8vQ5a4U7wpPT70FlJIxoq2Ih/orESxROWNdJ1f+TXBVRO3gIzQJLS5gw8uA0aIU
IAOnbjGs03d2yDYGWttXzgqswJpaUPtd9AKjdE343L2meL2GzycMhGF2FMD570kF
OUoY53Yjf//v2zMOMVEh+C/sKkAEe0H6bkMQJJxeorPne2KgUEffLz7IMRCR+4wD
wpm7bC3nBpO2ADJWZ2EoheEz0NnypvkgNKuFYuWKvI3l2kpwQrtpm15lyY4G8WEA
a0xEIqvFwqfZ1MUX4bXt5+YJwwZ/LV0XrM/U4tl/BK+zsymwhcw=
=6gvk
-----END PGP SIGNATURE-----
pgprkUBcdaUQ7.pgp
Description: PGP signature
--- End Message ---
