Bug#702296: marked as done (perl: CVE-2013-1667: rehashing flaw)

[Debian Bug Tracking System]

Your message dated Sun, 10 Mar 2013 17:02:06 +0000
with message-id <e1uejdo-0003yw...@franck.debian.org>
and subject line Bug#702296: fixed in perl 5.10.1-17squeeze6
has caused the Debian Bug report #702296,
regarding perl: CVE-2013-1667: rehashing flaw
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
702296: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: perl
Version: 5.10.1-17squeeze4
Severity: grave
Tags: security patch
Control: found -1 5.16.2-1

Hi Niko and Dominic

A a hash-related flaw was announced today and CVE-2013-1667 assigned
to it.

For further reference see [1,2].

 [1]: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
 [2]: https://security-tracker.debian.org/tracker/CVE-2013-1667

Could you please include the CVE identifier when fixing the issue? I
assume this should get a DSA.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: perl
Source-Version: 5.10.1-17squeeze6

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 702...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 05 Mar 2013 21:50:01 +0200
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid 
libperl5.10 libperl-dev perl
Architecture: source all amd64
Version: 5.10.1-17squeeze6
Distribution: stable-security
Urgency: low
Maintainer: Niko Tyni <nt...@debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.10 - shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
 perl-suid  - runs setuid Perl scripts
Closes: 702296
Changes: 
 perl (5.10.1-17squeeze6) stable-security; urgency=low
 .
   * [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity
     against code that uses arbitrary user input as hash keys.
     (Closes: #702296)
Checksums-Sha1: 
 488edb6ddc1fa76badba7beb0ade6fb8c1f1d948 1430 perl_5.10.1-17squeeze6.dsc
 04c8395af0ca7248fc5b64518ccfad5a195f7b6f 125772 
perl_5.10.1-17squeeze6.debian.tar.gz
 ff452e91444360db7b2dd8304280b073b42c5835 53712 
libcgi-fast-perl_5.10.1-17squeeze6_all.deb
 c90b5500fa1cf89f1922fbbd9a1a2fa09ab6ba98 7189730 
perl-doc_5.10.1-17squeeze6_all.deb
 d51c79b0e7e30051935b429af1dd22b77ed186c8 3482294 
perl-modules_5.10.1-17squeeze6_all.deb
 85abfad822b16896be7b944c2cac017594aa3590 1068082 
perl-base_5.10.1-17squeeze6_amd64.deb
 84f288cb17e0420ad9b754b7419adfa2c557885b 5837214 
perl-debug_5.10.1-17squeeze6_amd64.deb
 19e8acdf311e5b5ff2d1c529fbb3dc8a52bec203 35570 
perl-suid_5.10.1-17squeeze6_amd64.deb
 6435927ea6d63d86da1eca85183dfc58fab75bb2 1160 
libperl5.10_5.10.1-17squeeze6_amd64.deb
 50d37a23f640abfed9f4e58c33c1e7c3d7aeaef6 2562998 
libperl-dev_5.10.1-17squeeze6_amd64.deb
 fb2fdafd5531cd987efd9441fe832cf5973d61d8 4462038 
perl_5.10.1-17squeeze6_amd64.deb
Checksums-Sha256: 
 6eec91b67b1a9fd48c67e73d1cd621010543fe8328e3e2f9c1e5fc9313ade10a 1430 
perl_5.10.1-17squeeze6.dsc
 bfb33256fa4c8a53d4fc56cc54a9a36777a54c3307ee70df62faf871f29fa931 125772 
perl_5.10.1-17squeeze6.debian.tar.gz
 39e53b62e970e09be21bfd909cabc3960884a632dabd72af5756cad5af84fcff 53712 
libcgi-fast-perl_5.10.1-17squeeze6_all.deb
 9b61d9b11dce8b12939bfd04192a148e46a191dee909b3fa2c074a0554a19e67 7189730 
perl-doc_5.10.1-17squeeze6_all.deb
 de4b3a6162401f65cbb5947dd69fabc4d6c1b1dac36cf7fcb667777c5a2dbc9a 3482294 
perl-modules_5.10.1-17squeeze6_all.deb
 1924efff0d5f4159c001b1a08653ee4c5f26fb3230e97aeae5dd01668172dddf 1068082 
perl-base_5.10.1-17squeeze6_amd64.deb
 b78bfb8e3c15dc1b4fa98dcc3e57bfa328eac2c08007e4a96da29583f58c7a2f 5837214 
perl-debug_5.10.1-17squeeze6_amd64.deb
 6e148996ca9cc422dbc908b4d7f8325550b458ba02c005d567310f1e543a0dd7 35570 
perl-suid_5.10.1-17squeeze6_amd64.deb
 f15574d7c769649e4785c34f9034c0b90a639564594276ef915d73500f14a0f2 1160 
libperl5.10_5.10.1-17squeeze6_amd64.deb
 c648c16a122d76b37bbc3d5208c2759821c353604cd9f438358ad30a78cd7db1 2562998 
libperl-dev_5.10.1-17squeeze6_amd64.deb
 3e8e7999c8cba242ade748c672598131567099bf0c76062e0237e95fe713ac45 4462038 
perl_5.10.1-17squeeze6_amd64.deb
Files: 
 96899b902fa0f73d010f09954ad716e9 1430 perl standard perl_5.10.1-17squeeze6.dsc
 3cedc82d59fdacc3f6d2e9dc11b28f29 125772 perl standard 
perl_5.10.1-17squeeze6.debian.tar.gz
 aecceb2f7be91ee7b48b0ce648e10253 53712 perl optional 
libcgi-fast-perl_5.10.1-17squeeze6_all.deb
 c77c08ae0bed7cf73962abb9e0fdb486 7189730 doc optional 
perl-doc_5.10.1-17squeeze6_all.deb
 645adc6122fefb77a48fd3ca5a9bc833 3482294 perl standard 
perl-modules_5.10.1-17squeeze6_all.deb
 1b7ae006df5ff8e93e2b0b7df84b88bd 1068082 perl required 
perl-base_5.10.1-17squeeze6_amd64.deb
 426eaedde4dfb43f500e27f5b812ab6c 5837214 debug extra 
perl-debug_5.10.1-17squeeze6_amd64.deb
 66c02dc8bb13b03b22cff06529f29798 35570 perl optional 
perl-suid_5.10.1-17squeeze6_amd64.deb
 50e84875aa88d26f86c1fccab71ae634 1160 libs optional 
libperl5.10_5.10.1-17squeeze6_amd64.deb
 117cc8476d16b6ed053bada63c6fe07a 2562998 libdevel optional 
libperl-dev_5.10.1-17squeeze6_amd64.deb
 83a6de18491d5ad6459ed68f51730347 4462038 perl standard 
perl_5.10.1-17squeeze6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEUEARECAAYFAlE3aVgACgkQiyizGWoHLTk1NwCY0RWsN6dp280uL6F8fR4WB/+x
dQCeJgO6Gdk8icLCLKE3QiL1EbFToqc=
=EQkV
-----END PGP SIGNATURE-----

--- End Message ---