Your message dated Fri, 04 Apr 2014 06:03:26 +0000 with message-id <e1wvxdq-0007ye...@franck.debian.org> and subject line Bug#739505: fixed in libcgi-application-perl 4.50-2 has caused the Debian Bug report #739505, regarding libcgi-application-perl: CVE-2013-7329: information disclosure flaw to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 739505: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739505 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libcgi-application-perl Version: 4.31-1 Severity: grave Tags: security upstream patch Justification: user security hole An API change indroduced in 2008 alrealy (commit 61d327646f01fe) may cause unexpected and unwanted data dumps of a complete set of web query data and environment to the public. Developers of web apps written before the change are probably unaware of the problem since the general behaviour does change only in the case of a software error. The issue has already been reported here: https://rt.cpan.org/Ticket/Display.html?id=84403 A patch has already been suggested here: https://rt.cpan.org/Ticket/Display.html?id=84403 IMHO you should consider a security backport of the patch for all affected package versions. -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/24 CPU cores) Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/dash Versions of packages libcgi-application-perl depends on: ii perl 5.10.1-17squeeze3 Larry Wall's Practical Extraction ii perl-modules 5.10.1-17squeeze3 Core Perl modules libcgi-application-perl recommends no packages. Versions of packages libcgi-application-perl suggests: ii libhtml-template-perl 2.9-2 module for using HTML Templates wi -- no debconf information
--- End Message ---
--- Begin Message ---Source: libcgi-application-perl Source-Version: 4.50-2 We believe that the bug you reported is fixed in the latest version of libcgi-application-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 739...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. gregor herrmann <gre...@debian.org> (supplier of updated libcgi-application-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 04 Apr 2014 07:55:43 +0200 Source: libcgi-application-perl Binary: libcgi-application-perl Architecture: source all Version: 4.50-2 Distribution: unstable Urgency: low Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: gregor herrmann <gre...@debian.org> Description: libcgi-application-perl - framework for building reusable web-applications Closes: 739505 Changes: libcgi-application-perl (4.50-2) unstable; urgency=low . * Team upload. . [ Ansgar Burchardt ] * debian/control: Convert Vcs-* fields to Git. . [ gregor herrmann ] * debian/control: update {versioned,alternative} (build) dependencies. . [ Salvatore Bonaccorso ] * Change search.cpan.org based URIs to metacpan.org based URIs . [ Axel Beckert ] * debian/copyright: migrate pre-1.0 format to 1.0 using "cme fix dpkg- copyright" . [ gregor herrmann ] * debian/control: remove Nicholas Bamber from Uploaders on request of the MIA team. * Strip trailing slash from metacpan URLs. . [ Salvatore Bonaccorso ] * Add CVE-2013-7329.patch patch. CVE-2013-7329: In certain cases, CGI::Application would unexpectedly dump a complete set of web query data and server environment information as an error page. This could allow unintended disclosure of sensitive information. (Closes: #739505) * Add back Build-Depends-Indep and Depends on libclass-isa-perl . [ gregor herrmann ] * Drop unversioned perl from Depends. * Declare compliance with Debian Policy 3.9.5. Checksums-Sha1: 52a49c15f4a3892c953d69bc0225be91294bb7a6 3391 libcgi-application-perl_4.50-2.dsc 1e1746e681c683f9b8d2690f538905476a725179 6992 libcgi-application-perl_4.50-2.debian.tar.xz 51a716b3ea79f7bb164349663ee9dddea1c1a506 89752 libcgi-application-perl_4.50-2_all.deb Checksums-Sha256: b42be5147fc88a8a9afbe9ad8ebb474a7abd64f1c8fe0d09802f184d862cf9bf 3391 libcgi-application-perl_4.50-2.dsc 93051c6d38ebf6921350c1a21822cdf8be7aa1ea653b5ea471948ce2ceb6c3d3 6992 libcgi-application-perl_4.50-2.debian.tar.xz 84d356e561a49f880eefd2ba516f4ee0764817e0eeb811bf7903d9fb5686fbd5 89752 libcgi-application-perl_4.50-2_all.deb Files: 88d4c97ce057651d6fac91d268582900 3391 perl optional libcgi-application-perl_4.50-2.dsc 9d249f0e569c218cc6b3d585830432a1 6992 perl optional libcgi-application-perl_4.50-2.debian.tar.xz 8a10855eec3eb09d602e7fd526e8b61e 89752 perl optional libcgi-application-perl_4.50-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJrBAEBCgBVBQJTPkm+ThSAAAAAAB0AKGlzc3Vlci1mcHJAZ3BnLmNvbW9kby5w cml2LmF0RDFFMTMxNkU5M0E3NjBBODEwNEQ4NUZBQkIzQTY4MDE4NjQ5QUEwNgAK CRC7OmgBhkmqBmKYD/45kbgshklpQXonjiafnj+pbAyAlqCgAs3EEJP8l8Vh1wKT w+X/s2L7drIIAdyYUr1QINEvd18jMVHM6O9H2ImRNsyiQgzB0ZiGBW8k+ZOt+Ije 2Wa/6Vu9vJ3loS74vmHFH3IUBRkQIWSTmm+aATNgML5Z9SjOkEcOc6EXGHlxeVLB 5O2UFq9FJ0C5EMz5UFTtmY1wrOhFKQlhRuD9o1UoagwKLhoP/MIze30wOCPYk2tn RQxD7UnGtnUR1698xxFTqjV5owXgLTU203rMu0S0lSB7F/4TnfeTZtKZQBTschNg 30RLUB0aDxb5TPVZsiJPX2lp9uON7LOmxtien0QQv/5qQB330sKpSvujdSHnersW jYJ9Di/jiiT+/0IdNlJ7X1yTyROjhDGtfXlrnCQF+bVuBtcapRv2Z08LbYB67IRc /eBQIL5OUsa4XXA/EXAeEPy0VbNQ9NhBI/XG+qKCbV+TbEJ5tJWTn404D9lSJH0V aki5cSgCwVmIP3ZaptVNPpFCt//FD4nUV0D2IOdrh9O7avNwvHzUEU1Ilq0fzHpq 8xjJKC3jwTI5oPJKGdIWpwhAaUxn1+KQBzzZNtM3grE+RVNuv0a2DSWZk4xLYSPD MqXe3W49pLTAcZ3sCmWwaDrYY5/TAezImv1uoF/exs5d6P+1vuxP0NZxJ6Biyg== =5LLY -----END PGP SIGNATURE-----
--- End Message ---
