Bug#606379: marked as done (CVE-2010-2761 CVE-2010-4410)

[Debian Bug Tracking System]

Your message dated Fri, 14 Jan 2011 20:54:37 +0000
with message-id <e1pdqfn-0002cz...@franck.debian.org>
and subject line Bug#606379: fixed in libcgi-simple-perl 1.111-2
has caused the Debian Bug report #606379,
regarding CVE-2010-2761 CVE-2010-4410
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
606379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606379
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libcgi-pm-perl
Version: 3.49-1
Severity: grave
Tags: security

Three security issues have been reported in libcgi-pm-perl:

http://security-tracker.debian.org/tracker/CVE-2010-2761 
http://security-tracker.debian.org/tracker/CVE-2010-4410
http://security-tracker.debian.org/tracker/CVE-2010-4411

The first two issues are fixed in 3.50 (already in sid), but
the second is still pending a final fix (see the referenced
link). Please get in touch with the release team to check,
whether migrating 3.50 plus the fix for CVE-2010-4411 or
uploading a tpu fix with 3.49 plus the security fixes is the
best way to resolve this.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

--- End Message ---

--- Begin Message ---

Source: libcgi-simple-perl
Source-Version: 1.111-2

We believe that the bug you reported is fixed in the latest version of
libcgi-simple-perl, which is due to be installed in the Debian FTP archive:

libcgi-simple-perl_1.111-2.diff.gz
  to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.111-2.diff.gz
libcgi-simple-perl_1.111-2.dsc
  to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.111-2.dsc
libcgi-simple-perl_1.111-2_all.deb
  to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.111-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated libcgi-simple-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 14 Jan 2011 21:47:20 +0200
Source: libcgi-simple-perl
Binary: libcgi-simple-perl
Architecture: source all
Version: 1.111-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description: 
 libcgi-simple-perl - simple totally OO CGI interface that is CGI.pm compliant
Closes: 606379
Changes: 
 libcgi-simple-perl (1.111-2) unstable; urgency=medium
 .
   * [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411:
     backport fixes for MIME boundary and multiline header vulnerabilities
     (Closes: #606379)
   * Add myself to Uploaders.
Checksums-Sha1: 
 a4fb3dffb81dfb4fe667a7d2d1f3b9f52bc4c70a 1540 libcgi-simple-perl_1.111-2.dsc
 47e1f811fcf08fe41a8530bc99ee2227aa9b505a 4964 
libcgi-simple-perl_1.111-2.diff.gz
 fa37d1984c44fc8e6f7bff523105a62103c0bf87 106284 
libcgi-simple-perl_1.111-2_all.deb
Checksums-Sha256: 
 678049eef20c6c0a50206abd8f3733bfdd465dbea137e18bc9698324e074ee4f 1540 
libcgi-simple-perl_1.111-2.dsc
 29029bd052b00ac9ee740f661cef8d82645c2b47b9670d8a5509d6ad597f7b7f 4964 
libcgi-simple-perl_1.111-2.diff.gz
 f92969f13a5a38fa4e2784a6a5780ed39f5eb062f930277bf304f04695fd3e7c 106284 
libcgi-simple-perl_1.111-2_all.deb
Files: 
 b4e69b7e828e4d5e026c1ef989db0a13 1540 perl optional 
libcgi-simple-perl_1.111-2.dsc
 0b1ddef6ce27eab0462db9918af16a87 4964 perl optional 
libcgi-simple-perl_1.111-2.diff.gz
 2d9bea827c98d26df16c8846f58ae12e 106284 perl optional 
libcgi-simple-perl_1.111-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0wqTgACgkQiyizGWoHLTkXoACgzr9nJTNeZkyjVQsvqmTGtQxb
LLoAoLYZcKDM5S8/gTvATa/FhIiCBe/C
=EkRb
-----END PGP SIGNATURE-----

--- End Message ---