Your message dated Wed, 1 Aug 2012 01:18:03 +0200
with message-id <20120731231803.GA14889@elende>
and subject line Re: Bug#669126: SSL validation in libwww-perl (CVE-2011-0633)
has caused the Debian Bug report #669126,
regarding SSL validation in libwww-perl (CVE-2011-0633)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
669126: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669126
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libwww-perl
Version: 5.836-1
Severity: minor
Tags: security
Hi Moritz
I'm forwarding this to the bugtracker to have it tracked there, I hope
this is okay.
On Mon, Apr 16, 2012 at 05:33:41PM +0200, Moritz Muehlenhoff wrote:
> I'd like to you notify of two minor security issues, one in Perl itself
> and the other in libwww-perl:
>
> 1. CVE-2011-0663 has been assigned to this change from release 6.00:
>
> For https://... default to verified connections with require IO::Socket::SSL
> and Mozilla::CA modules to be installed. Old behaviour can be requested by
> setting the PERL_LWP_SSL_VERIFY_HOSTNAME environment variable to 0. The
> LWP::UserAgent got new ssl_opts method to control this as well.
>
> Petr Pisar from Red Hat made a backport to 5.837, which is close to what
> we have in stable: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0633
>
> Maybe you want to backport this for one of the next point releases?
Regards,
Salvatore
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: libwww-perl
Source-Version: 6.01-1
Proberly close the bugreport.
signature.asc
Description: Digital signature
--- End Message ---
