Your message dated Fri, 07 Jun 2013 21:49:55 +0000
with message-id <[email protected]>
and subject line Bug#711239: fixed in libmodule-signature-perl 0.73-1
has caused the Debian Bug report #711239,
regarding libmodule-signature-perl: CVE-2013-2145: arbitrary code execution
when verifying SIGNATURE
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
711239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711239
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libmodule-signature-perl
Version: 0.63-1
Severity: grave
Tags: security patch upstream fixed-upstream
Justification: user security hole
Hi,
the following vulnerability was published for libmodule-signature-perl.
CVE-2013-2145[0]:
arbitrary code execution when verifying SIGNATURE
Upstream patches are at [1] and further corrected at [2], and fixed
upstream 0.72[3].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2145
http://security-tracker.debian.org/tracker/CVE-2013-2145
[1]
https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2
[2]
https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896
[3] https://metacpan.org/source/AUDREYT/Module-Signature-0.72/Changes
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmodule-signature-perl
Source-Version: 0.73-1
We believe that the bug you reported is fixed in the latest version of
libmodule-signature-perl, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated
libmodule-signature-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 07 Jun 2013 23:16:42 +0200
Source: libmodule-signature-perl
Binary: libmodule-signature-perl
Architecture: source all
Version: 0.73-1
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libmodule-signature-perl - module to manipulate CPAN SIGNATURE files
Closes: 711239
Changes:
libmodule-signature-perl (0.73-1) unstable; urgency=low
.
* Team upload.
.
[ Ansgar Burchardt ]
* debian/control: Convert Vcs-* fields to Git.
.
[ Salvatore Bonaccorso ]
* Imported Upstream version 0.73
- Fixes CVE-2013-2145: arbitrary code execution when verifying SIGNATURE
(Closes: #711239).
* Change Vcs-Git to canonical URI (git://anonscm.debian.org)
* Change search.cpan.org based URIs to metacpan.org based URIs
* Update debian/copyright file information.
Update format to copyright-format 1.0 as released together with Debian
policy 3.9.3.
Update copyright years for included copy of Module::Install.
Add missing stanza for ReadmeFromPod.pm (from
Module::Install::ReadmeFromPod).
* Bump Standards-Version to 3.9.4
* Add an alternative Recommends on gnupg2
Checksums-Sha1:
d5b2ddc4e54cf15e288d3a5f580479c868772163 2251
libmodule-signature-perl_0.73-1.dsc
0bb005a69aae5f7f7511f5d6b1a61762bca27173 77407
libmodule-signature-perl_0.73.orig.tar.gz
fd0460c42d5436ea4d5504576c212a59303bfd37 6687
libmodule-signature-perl_0.73-1.debian.tar.gz
877398cc7035e1fe503c3de36d9776f8ca4274d6 31604
libmodule-signature-perl_0.73-1_all.deb
Checksums-Sha256:
edc30434dd74f8b1ff7462fa80c2b08bec12c81ebeafadd9c030c98be54dade0 2251
libmodule-signature-perl_0.73-1.dsc
718520721888ac4a7d930e26c4cd628ca24d60b2b18bddb081b331731a94bbc5 77407
libmodule-signature-perl_0.73.orig.tar.gz
d2976b54a27cdec2542e6bf32f1f25aa7ef8c8cf970b3e7825148a22c51e29fe 6687
libmodule-signature-perl_0.73-1.debian.tar.gz
d08ff6a37912f7ee06d6d6b5b85e542a624671a4c5d251af3daed715ca965adb 31604
libmodule-signature-perl_0.73-1_all.deb
Files:
0dfeb5f7a6f39b9783f026895246864b 2251 perl optional
libmodule-signature-perl_0.73-1.dsc
de27bbca948ba8a13a7f614414cb623d 77407 perl optional
libmodule-signature-perl_0.73.orig.tar.gz
a9d546496814bad2c011ea81eac0454f 6687 perl optional
libmodule-signature-perl_0.73-1.debian.tar.gz
e77ce95d50f764e9630d08da01283a7f 31604 perl optional
libmodule-signature-perl_0.73-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJRslDzAAoJEHidbwV/2GP+NyQP/0+Dg9XH/y8+1/QCsJB8dLkW
PI60hZN+1Fa4CKLN+X2V3jsETDfmV1Ma3qmf6N7jSvmCEPO6VR7BTSiVbxOMqb9z
0Tju3PQFMHE1m/AWeOosBFJLp/sgsDF06VD3tJDDvpgBNLmgkjFwRGZTg5AmDndt
UFhdJIrdQ5nXzyU6IBHl2p1rq25VYqdsatYxXbfphWWoIQF8NuyiMvRK7FExuSJC
pRWLwTAVl51oSsYwxMQ4BVvnL3lx2/2Mh74CXolqniNABwVGqioFX+SXA6sRGuzb
UeYNpbFkVEjDUPh83/RsZOKKqO4pbj/o1sVKB2Jh6Q1hCVQMXUEZZT8fsAI+YsL/
X2aVZVCjQqFcJmYc2ljRos+HTVUJVYobQRB1MUmmlIJLx6uGyyuLBUefhNqRntv8
OvAvFPOI3XCcgmo+ZQFc0aoxPfE9d77wF+ahMSdeCsofkKJSf8icNDW+zUur6V6U
dUorfvpndHNSZPredXfZwY70Gtz/c4PT0tJTcBoskvAI+pYMBKUhVAnmhU6SvqyI
z7KlFHxB46jQ2TB1k40ELkVV9Z8UPAr3xSUuF8abqHW77/4DjfOxeTvLK50o2iYn
xE/n6lQHPYoLPchy1eQR943Cv/txW1Wxvih9dc/yD6OcYG9DuluHYnqKgwVJp4QZ
qpgPli65Vdl1KisNhcoX
=mquu
-----END PGP SIGNATURE-----
--- End Message ---
