Your message dated Sun, 10 Mar 2013 17:02:06 +0000
with message-id <e1uejdo-0003yw...@franck.debian.org>
and subject line Bug#702296: fixed in perl 5.10.1-17squeeze6
has caused the Debian Bug report #702296,
regarding perl: CVE-2013-1667: rehashing flaw
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
702296: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: perl
Version: 5.10.1-17squeeze4
Severity: grave
Tags: security patch
Control: found -1 5.16.2-1
Hi Niko and Dominic
A a hash-related flaw was announced today and CVE-2013-1667 assigned
to it.
For further reference see [1,2].
[1]: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
[2]: https://security-tracker.debian.org/tracker/CVE-2013-1667
Could you please include the CVE identifier when fixing the issue? I
assume this should get a DSA.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.10.1-17squeeze6
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 702...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 05 Mar 2013 21:50:01 +0200
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid
libperl5.10 libperl-dev perl
Architecture: source all amd64
Version: 5.10.1-17squeeze6
Distribution: stable-security
Urgency: low
Maintainer: Niko Tyni <nt...@debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl-dev - Perl library: development files
libperl5.10 - shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules - Core Perl modules
perl-suid - runs setuid Perl scripts
Closes: 702296
Changes:
perl (5.10.1-17squeeze6) stable-security; urgency=low
.
* [SECURITY] CVE-2013-1667: fix a rehashing DoS opportunity
against code that uses arbitrary user input as hash keys.
(Closes: #702296)
Checksums-Sha1:
488edb6ddc1fa76badba7beb0ade6fb8c1f1d948 1430 perl_5.10.1-17squeeze6.dsc
04c8395af0ca7248fc5b64518ccfad5a195f7b6f 125772
perl_5.10.1-17squeeze6.debian.tar.gz
ff452e91444360db7b2dd8304280b073b42c5835 53712
libcgi-fast-perl_5.10.1-17squeeze6_all.deb
c90b5500fa1cf89f1922fbbd9a1a2fa09ab6ba98 7189730
perl-doc_5.10.1-17squeeze6_all.deb
d51c79b0e7e30051935b429af1dd22b77ed186c8 3482294
perl-modules_5.10.1-17squeeze6_all.deb
85abfad822b16896be7b944c2cac017594aa3590 1068082
perl-base_5.10.1-17squeeze6_amd64.deb
84f288cb17e0420ad9b754b7419adfa2c557885b 5837214
perl-debug_5.10.1-17squeeze6_amd64.deb
19e8acdf311e5b5ff2d1c529fbb3dc8a52bec203 35570
perl-suid_5.10.1-17squeeze6_amd64.deb
6435927ea6d63d86da1eca85183dfc58fab75bb2 1160
libperl5.10_5.10.1-17squeeze6_amd64.deb
50d37a23f640abfed9f4e58c33c1e7c3d7aeaef6 2562998
libperl-dev_5.10.1-17squeeze6_amd64.deb
fb2fdafd5531cd987efd9441fe832cf5973d61d8 4462038
perl_5.10.1-17squeeze6_amd64.deb
Checksums-Sha256:
6eec91b67b1a9fd48c67e73d1cd621010543fe8328e3e2f9c1e5fc9313ade10a 1430
perl_5.10.1-17squeeze6.dsc
bfb33256fa4c8a53d4fc56cc54a9a36777a54c3307ee70df62faf871f29fa931 125772
perl_5.10.1-17squeeze6.debian.tar.gz
39e53b62e970e09be21bfd909cabc3960884a632dabd72af5756cad5af84fcff 53712
libcgi-fast-perl_5.10.1-17squeeze6_all.deb
9b61d9b11dce8b12939bfd04192a148e46a191dee909b3fa2c074a0554a19e67 7189730
perl-doc_5.10.1-17squeeze6_all.deb
de4b3a6162401f65cbb5947dd69fabc4d6c1b1dac36cf7fcb667777c5a2dbc9a 3482294
perl-modules_5.10.1-17squeeze6_all.deb
1924efff0d5f4159c001b1a08653ee4c5f26fb3230e97aeae5dd01668172dddf 1068082
perl-base_5.10.1-17squeeze6_amd64.deb
b78bfb8e3c15dc1b4fa98dcc3e57bfa328eac2c08007e4a96da29583f58c7a2f 5837214
perl-debug_5.10.1-17squeeze6_amd64.deb
6e148996ca9cc422dbc908b4d7f8325550b458ba02c005d567310f1e543a0dd7 35570
perl-suid_5.10.1-17squeeze6_amd64.deb
f15574d7c769649e4785c34f9034c0b90a639564594276ef915d73500f14a0f2 1160
libperl5.10_5.10.1-17squeeze6_amd64.deb
c648c16a122d76b37bbc3d5208c2759821c353604cd9f438358ad30a78cd7db1 2562998
libperl-dev_5.10.1-17squeeze6_amd64.deb
3e8e7999c8cba242ade748c672598131567099bf0c76062e0237e95fe713ac45 4462038
perl_5.10.1-17squeeze6_amd64.deb
Files:
96899b902fa0f73d010f09954ad716e9 1430 perl standard perl_5.10.1-17squeeze6.dsc
3cedc82d59fdacc3f6d2e9dc11b28f29 125772 perl standard
perl_5.10.1-17squeeze6.debian.tar.gz
aecceb2f7be91ee7b48b0ce648e10253 53712 perl optional
libcgi-fast-perl_5.10.1-17squeeze6_all.deb
c77c08ae0bed7cf73962abb9e0fdb486 7189730 doc optional
perl-doc_5.10.1-17squeeze6_all.deb
645adc6122fefb77a48fd3ca5a9bc833 3482294 perl standard
perl-modules_5.10.1-17squeeze6_all.deb
1b7ae006df5ff8e93e2b0b7df84b88bd 1068082 perl required
perl-base_5.10.1-17squeeze6_amd64.deb
426eaedde4dfb43f500e27f5b812ab6c 5837214 debug extra
perl-debug_5.10.1-17squeeze6_amd64.deb
66c02dc8bb13b03b22cff06529f29798 35570 perl optional
perl-suid_5.10.1-17squeeze6_amd64.deb
50e84875aa88d26f86c1fccab71ae634 1160 libs optional
libperl5.10_5.10.1-17squeeze6_amd64.deb
117cc8476d16b6ed053bada63c6fe07a 2562998 libdevel optional
libperl-dev_5.10.1-17squeeze6_amd64.deb
83a6de18491d5ad6459ed68f51730347 4462038 perl standard
perl_5.10.1-17squeeze6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEUEARECAAYFAlE3aVgACgkQiyizGWoHLTk1NwCY0RWsN6dp280uL6F8fR4WB/+x
dQCeJgO6Gdk8icLCLKE3QiL1EbFToqc=
=EQkV
-----END PGP SIGNATURE-----
--- End Message ---