El 15/05/15 a las 20:23, Salvatore Bonaccorso escribió: > Hi, > > On Fri, Apr 24, 2015 at 06:36:28AM +0200, Salvatore Bonaccorso wrote: > > Hi Raphael, > > > > On Mon, Apr 20, 2015 at 03:54:51PM +0200, Raphael Hertzog wrote: > > > Hello dear maintainer(s), > > > > > > the Debian LTS team would like to fix the security issues which are > > > currently open in the Squeeze version of libmodule-signature-perl: > > > https://security-tracker.debian.org/tracker/source-package/libmodule-signature-perl > > >
[snip]
> >
> > Sorry for the late relpy. I will first focus on the wheezy, jessie and
> > unstable upload but might then as well look at it for squeeze-lts (no
> > commitment yet to it).
> >
> > In case somebody else takes care of it would be great if the changes
> > can be pushed back in a squeeze branch in the pkg-perl repos.
> >
> > Note that it needs to be investigated if libtest-signature-perl will
> > need an adaption for the changes.
>
> Small heads up on this: I just have released updates for
> wheezy-security and jessie-security, but wont have time to look at
> squeeze-lts as well this weekend. In case a LTS team member wants to
> take it, I updated as well libtest-signature-perl for compatiblity
> with the fix for CVE-2015-3407. For doing a test one could use
> libtest-distmanifest-perl.
Hi,
I've prepared a libmodule-signature-perl package for squeeze. I think
it's ready to be uploaded, but it'd be great it you can take a look if
everything is ok.
cpansign works fine:
$ cpansign -v
Executing gpg --verify --batch --no-tty
--keyserver=hkp://pool.sks-keyservers.net:11371
--keyserver-options=auto-key-retrieve /tmp/4uwKrdiyLS
gpg: Signature made Sun Feb 13 14:07:43 2011 CET using RSA key ID 4526F399
gpg: Good signature from "David Bremner <brem...@debian.org>"
gpg: aka "David Bremner <brem...@unb.ca>"
gpg: aka "David Bremner <da...@tethera.net>"
gpg: WARNING: This subkey has been revoked by its owner!
gpg: reason for revocation: Key is no longer used
gpg: revocation comment: revoking 1k subkeys
gpg: Note: This key has expired!
Primary key fingerprint: 815B 6398 2A79 F8E7 C727 86C4 762B 57BB 7842 06AD
Subkey fingerprint: 4B29 79BE 9A99 331A 56BB 2616 4E28 8DFF 4526 F399
==> Signature verified OK! <==
Upstream Test::Signature also does:
$ make test
...
Primary key fingerprint: 66B2 B78E D1B7 7641 4861 D592 B4B3 DD37 3C35 01A0
t/0-signature.t .. ok
...
The package is available at:
deb https://people.debian.org/~santiago/debian santiago-squeeze-lts/
And at the squeeze-lts branch in my personal git respository:
git clone git://anonscm.debian.org/users/santiago/libmodule-signature-perl
I don't have permissions to push into pkg-perl.
I will also update squeeze's libtest-signature-perl. BTW, latest
libtest-signature-perl needs to be imported in pkg-perl git repo.
Cheers,
Santiago
signature.asc
Description: Digital signature
