Your message dated Thu, 20 Jun 2013 22:17:10 +0000
with message-id <[email protected]>
and subject line Bug#711239: fixed in libmodule-signature-perl 0.68-1+deb7u1
has caused the Debian Bug report #711239,
regarding libmodule-signature-perl: CVE-2013-2145: arbitrary code execution
when verifying SIGNATURE
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
711239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711239
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libmodule-signature-perl
Version: 0.63-1
Severity: grave
Tags: security patch upstream fixed-upstream
Justification: user security hole
Hi,
the following vulnerability was published for libmodule-signature-perl.
CVE-2013-2145[0]:
arbitrary code execution when verifying SIGNATURE
Upstream patches are at [1] and further corrected at [2], and fixed
upstream 0.72[3].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2145
http://security-tracker.debian.org/tracker/CVE-2013-2145
[1]
https://github.com/audreyt/module-signature/commit/575f7bd6ba4cc7c92f841e8758f88a131674ebf2
[2]
https://github.com/audreyt/module-signature/commit/cbd06b392a73c63159dc5c20ff5b3c8fc88c4896
[3] https://metacpan.org/source/AUDREYT/Module-Signature-0.72/Changes
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libmodule-signature-perl
Source-Version: 0.68-1+deb7u1
We believe that the bug you reported is fixed in the latest version of
libmodule-signature-perl, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated
libmodule-signature-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 16 Jun 2013 22:51:28 +0200
Source: libmodule-signature-perl
Binary: libmodule-signature-perl
Architecture: source all
Version: 0.68-1+deb7u1
Distribution: wheezy
Urgency: low
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libmodule-signature-perl - module to manipulate CPAN SIGNATURE files
Closes: 711239
Changes:
libmodule-signature-perl (0.68-1+deb7u1) wheezy; urgency=low
.
* Team upload.
* Add CVE-2013-2145.patch.
CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE.
(Closes: #711239)
Checksums-Sha1:
6932f485355267a53ae5fbff9904b115d0758132 2256
libmodule-signature-perl_0.68-1+deb7u1.dsc
98158e19be17ffa2e9199868cbf732ca6bf8b6fb 7300
libmodule-signature-perl_0.68-1+deb7u1.debian.tar.gz
b0efb1ebe4518611c5a3bc1184f33609225c211f 30828
libmodule-signature-perl_0.68-1+deb7u1_all.deb
Checksums-Sha256:
3e55274e5ea6480ae39cc7f31680684d3b0b2328379043d5cf8a5d0ce4f0f223 2256
libmodule-signature-perl_0.68-1+deb7u1.dsc
10d5da2b25b0aa1cf7de77731db7f731d1d82cb138829f94e902131449f1d331 7300
libmodule-signature-perl_0.68-1+deb7u1.debian.tar.gz
f243ba112da276fcd7a142133003e8f25b75577e03f64f1f114cba9c0a3e0b53 30828
libmodule-signature-perl_0.68-1+deb7u1_all.deb
Files:
e5d6aa520102b70e512b31c427904808 2256 perl optional
libmodule-signature-perl_0.68-1+deb7u1.dsc
3ffb8f9780ae5310ea2ef3b303577bc7 7300 perl optional
libmodule-signature-perl_0.68-1+deb7u1.debian.tar.gz
0071175ca9b4d2903f531f431326b46a 30828 perl optional
libmodule-signature-perl_0.68-1+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJRwhTkAAoJEHidbwV/2GP+H5sQAIdoIzGO4DI8lWPlO/Oyw6HL
XgozhoLeX+hJKoxCFq3IMZA41g/VfSYuIxmECUiz0sn83R2mlY2f392gcvL4f+OM
IeaoE6OB1drfPk07ybWRFGT/vMSeAAPsFt73nkQ7PtYQ5PHhUIAkOIgIzcTD0hjG
virp7OcFAeKPNdENyFwugrvB9r9cyY8Pr1Z5pY7zwHzzdp/LDOyy4pYBvyllABmH
iuAwXItaW7pl72t7TzH400mI08w55DOO5MSUQGVOJH7ex3kJY3LfWt4oBClJUFYH
Oo/ivbUif27BvEaShxK4o333zlCpz+4aEO24TF9GzpvfvirRA0dV+BLFU66UtJR3
n87/KuRqFJh3uEfCHOnLhGJZIuMaAEuNYvrKxUV+2IRUtLKIJ0kf6kDK/QdzdENI
EBJbz9lMhe6Ym8ZY041I4Qhs7CJ/zDDmNeSM7e0wTyc+ekipaEmd8DkNeZgQiSH0
RbTWjDWxHzRmYVqHGrK+ukCTNJux/ca81/xAPuva1SJNnTQsgTayi/z8b1Qu/id1
qYKdIx7JOHMt4/gQ0OT+ufKU7hp0tG80XoC4Q05Bfjrlz2HB57RByq8PKrgaC7yY
OPuWxOX4VGuB/L0Pn+0C/8wpwG/2QGQJg5+7mfOQQS9Wlt9yj3EP7yN5icxrRc9f
YLm3zxCVIV/3SjsQpmGu
=+nwO
-----END PGP SIGNATURE-----
--- End Message ---
