Your message dated Sun, 10 Aug 2025 22:35:32 +0000
with message-id <[email protected]>
and subject line Bug#1107697: fixed in libcryptx-perl 0.087-1
has caused the Debian Bug report #1107697,
regarding libcryptx-perl: CVE-2025-40914
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107697: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107697
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcryptx-perl
Version: 0.085-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 0.077-1
Hi,
The following vulnerability was published for libcryptx-perl.
CVE-2025-40914[0]:
| Perl CryptX before version 0.087 contains a dependency that may be
| susceptible to an integer overflow. CryptX embeds a version of the
| libtommath library that is susceptible to an integer overflow
| associated with CVE-2023-36328.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-40914
https://www.cve.org/CVERecord?id=CVE-2025-40914
[1] https://lists.security.metacpan.org/cve-announce/msg/30332012/
[2] https://github.com/libtom/libtommath/pull/546
[3] https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-6fh3-7qjq-8v22
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libcryptx-perl
Source-Version: 0.087-1
Done: gregor herrmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcryptx-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libcryptx-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 11 Aug 2025 00:21:57 +0200
Source: libcryptx-perl
Architecture: source
Version: 0.087-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1107697
Changes:
libcryptx-perl (0.087-1) unstable; urgency=medium
.
* Team upload.
* Import upstream version 0.087.
Fixes CVE-2025-40914:
"CryptX embeds a version of the libtommath library that is susceptible to
an integer overflow associated with CVE-2023-36328."
Closes: #1107697
* Install new SECURITY.md document.
* Declare compliance with Debian Policy 4.7.2.
* Remove Rules-Requires-Root: no.
* Update 3rd-party filename in debian/copyright.
Checksums-Sha1:
b041079c743ed9c0465c3a9313d18c2916dd45c3 2377 libcryptx-perl_0.087-1.dsc
e044b84fdf8ad4a8ecc552193071196030166852 1859357
libcryptx-perl_0.087.orig.tar.gz
d1a3e787128a394420904bc4b9050f58288a4808 5860
libcryptx-perl_0.087-1.debian.tar.xz
Checksums-Sha256:
228274749799ce6aa5d4cda95bd212076b75844859c241523ae251ab7a3d8b75 2377
libcryptx-perl_0.087-1.dsc
8070ec295160d48f376d8ff1b2cbf0bf152da9f2033939382f00f13f748cd37d 1859357
libcryptx-perl_0.087.orig.tar.gz
1665fb4049290884e9c2837b282de7a764d3fae12fc71991f792b233c735d0f2 5860
libcryptx-perl_0.087-1.debian.tar.xz
Files:
83fd58c9e5dda0c647d6ac053d4abf4d 2377 perl optional libcryptx-perl_0.087-1.dsc
6fc1b5794ca184a523adfc56b95e40e7 1859357 perl optional
libcryptx-perl_0.087.orig.tar.gz
8f8c31b574b5c166b507af3eb8ca873f 5860 perl optional
libcryptx-perl_0.087-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmiZHDJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgYSOg/+IXpNgcDbl6uXcYtEmVtCRBImJI515ZBYAKYT0BtW4bD9jHBFXWQx3PNE
b1HQq/rpQFYeMe1EhhT5dJgL8RBU620xhyf4kE3uGqn+5FWURJaP3j71lZghjxVq
pe0IXxOC9XaOSlmreGXKauhJ/ePPPhIPgTcNdHszEgeAoNdqJWkR8yO00VA4aMVK
pJrrsLFRemPm9OCzZx6TlIJMLHH8smSGug5t8vgnHLnPZ1bvxGretYPqwJPuMV74
uiOCvaR6X6W7UiQqOXKLxB/+zFvli66ROQwQRHVBcikClwpwg9IYPAvTM2miZOs+
UwL4NYuDN3sizS+C8UwdYxRpQs9Eq03Pnaj84/NbuG6cD1TitgRy47Uvb3VaPzoT
nOmpPQ4wGB03wx3dOyY3B0E2Er+cMAzYDYDET6O/iCkni5tuM2zRlgPr3zSvefko
0Ykcb8Srzu5yScqdLPkAz1L+PaemmsR8PZxTnoWJxUsFJzLaEAkUCH0xdlzmNI6D
JoEj2r7On71apQ6ALop7IrojDRtqVJNC1oGq+N6gwBTBlzbSBOIPQAdEvukOlmqE
RukOWtsWsynhhCpmOx/2d1nJKRxeqkbBF/wHL4Xai1BjHcwdcOndhEsPtbCwx3HR
iXpP4x/EttXom6BQKmDcL1aIQ51sZHcyD9WT4QJs64nAvGeKRI8=
=wJL3
-----END PGP SIGNATURE-----
pgpnrV03XP0me.pgp
Description: PGP signature
--- End Message ---
