Your message dated Wed, 29 Apr 2015 18:34:15 +0000 with message-id <e1ynwoj-0003uw...@franck.debian.org> and subject line Bug#783451: fixed in libmodule-signature-perl 0.78-1 has caused the Debian Bug report #783451, regarding libmodule-signature-perl: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 783451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783451 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libmodule-signature-perl Version: 0.73-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerabilities were published for libmodule-signature-perl. CVE-2015-3406[0]: unsigned files interpreted as signed in some circumstances CVE-2015-3407[1]: arbitrary code execution during test phase CVE-2015-3408[2]: arbitrary code execution when verifying module signatures CVE-2015-3409[3]: arbitrary modules loading in some circumstances If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3406 [1] https://security-tracker.debian.org/tracker/CVE-2015-3407 [2] https://security-tracker.debian.org/tracker/CVE-2015-3408 [3] https://security-tracker.debian.org/tracker/CVE-2015-3409 Please adjust the affected versions in the BTS as needed. p.s.: for the pkg-perl team: I planned to look into it for all needed versions, but if somebody beats me to it, just go ahead! Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libmodule-signature-perl Source-Version: 0.78-1 We believe that the bug you reported is fixed in the latest version of libmodule-signature-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 783...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libmodule-signature-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 29 Apr 2015 20:08:00 +0200 Source: libmodule-signature-perl Binary: libmodule-signature-perl Architecture: source all Version: 0.78-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libmodule-signature-perl - module to manipulate CPAN SIGNATURE files Closes: 783451 Changes: libmodule-signature-perl (0.78-1) unstable; urgency=medium . * Team upload. . [ gregor herrmann ] * Strip trailing slash from metacpan URLs. . [ Salvatore Bonaccorso ] * Update Vcs-Browser URL to cgit web frontend * Add debian/upstream/metadata * Import upstream version 0.78 - CVE-2015-3406: unsigned files interpreted as signed in some circumstances. - CVE-2015-3407: arbitrary code execution during test phase - CVE-2015-3408: arbitrary code execution when verifying module signatures - CVE-2015-3409: arbitrary modules loading in some circumstances (Closes: #783451) * Declare compliance with Debian policy 3.9.6 * Add pod2man-errors.patch patch. Missing =encoding results in pod2man complaining about UTF-8 characters. * Add 'Testsuite: autopkgtest-pkg-perl' header in control file Checksums-Sha1: 23d54451f33e929e575255af4991502dbbbc8a5c 2266 libmodule-signature-perl_0.78-1.dsc 1d116253a194cd9882b29c35f7df9a9451ed1609 94161 libmodule-signature-perl_0.78.orig.tar.gz 6de57672683d67ae25d54e0f9e8834360bfe014b 7000 libmodule-signature-perl_0.78-1.debian.tar.xz ee7cee4483a204762d7f9dec5904628891ff6431 30566 libmodule-signature-perl_0.78-1_all.deb Checksums-Sha256: 80dbe8863d0ba9f47095a8b5836fa59eb2d08da020881746476fc5a4232490fb 2266 libmodule-signature-perl_0.78-1.dsc 6d6cf97a6c84cd5531fccd88d08ecab619392d0d52a924d9240b86940331af29 94161 libmodule-signature-perl_0.78.orig.tar.gz f4f2d6a1603c9ab5b134b4b5fc8324435c12a5556fb455f8974dd1fe72d401b4 7000 libmodule-signature-perl_0.78-1.debian.tar.xz ced7137940a8fc716669623d83bbe9502aa77cd3c330b853fb3e9409d0ba3e2e 30566 libmodule-signature-perl_0.78-1_all.deb Files: 3b18e035fdb445cc561b235720b15d5e 2266 perl optional libmodule-signature-perl_0.78-1.dsc 7e4490835974882ef7ba15a45afa5839 94161 perl optional libmodule-signature-perl_0.78.orig.tar.gz 6aac2e27d0b6620aa279fc0f8928019e 7000 perl optional libmodule-signature-perl_0.78-1.debian.tar.xz 9a8d91e630b788bc745345043e60230e 30566 perl optional libmodule-signature-perl_0.78-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVQSBjAAoJEAVMuPMTQ89Eis4P/0DUMMR9IUiExBkmQubyNW3i 7LMPYNRjNIpI9d5T9XI/EPCYw6Hc+v8N9lfDl5sJh4IWJ6klc/ahKFxIwRXb0Jks lWUVbhKeGfm0tXI5kDQwtEy3U58hMdFBIWOzCQ26TEIpDrFH+Y5QiRCljafEb/Pg DvveImcKyn0XO5BOUvDzvQtAdX4Zc62l0jqhJSTZUCLZhhv8WRPwDqQowJH8qmGp 2qVfjwOTHi9dZXh8UQYg+3Dgqld74WkS/0+M6fndDrRFkqzxtiiMvd1X5/JCvF7i x1n/tA0YIatBsOj/fmt5lCBOfvlWwwWsZ38YgkU89bkHwDeYfBEbyG7ZhrKIROdZ DLNLjYqiUKy2MQQu2uP3rP55zC5wvXFy1EfKwEzx53GJaqi/JzDy7FUebldkjCDM cxeyAMkPDI1CcTRs/vaLIG4wYUceJpxlBWwryxOf1KYsOMUQ3Dk6VIWln+pcnZ1H t6wrPFs3Sa3sHEBuZvO72uH0w72sbsMYfFh7L0FfmMETKWj/SpQEGCxTSGG6mxn0 +gXscXkyZr6J7Lo6a6NHwQtYwNo1SHhT32gE32TCdtndls9bF8bdqgDfSuXYcYQ5 MB2chNODEThGM6vaAgplktz3UWM2zdpXyxXrAng3ERA4viu75cNGcPD+YH6xeoI6 AM6R8GPxUxbpHDL3lTML =ISvT -----END PGP SIGNATURE-----
--- End Message ---
