Your message dated Sat, 04 Aug 2012 19:47:08 +0000
with message-id <[email protected]>
and subject line Bug#671255: fixed in libconfig-inifiles-perl 2.52-1+squeeze1
has caused the Debian Bug report #671255,
regarding CVE-2012-2451: CWE-377 Insecure Temporary File
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
671255: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671255
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libconfig-inifiles-perl
Version: 2.52-1
Severity: important
Tags: security
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: libconfig-inifiles-perl
Source-Version: 2.52-1+squeeze1
We believe that the bug you reported is fixed in the latest version of
libconfig-inifiles-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated
libconfig-inifiles-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 03 Aug 2012 00:03:19 +0200
Source: libconfig-inifiles-perl
Binary: libconfig-inifiles-perl
Architecture: source all
Version: 2.52-1+squeeze1
Distribution: stable-proposed-updates
Urgency: low
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Description:
libconfig-inifiles-perl - Read .ini-style configuration files
Closes: 671255
Changes:
libconfig-inifiles-perl (2.52-1+squeeze1) stable-proposed-updates; urgency=low
.
* Team upload.
* SECURITY BUG FIX: Config::IniFiles used to write to a temporary
filename with a predictable name ("${filename}-new") which opens the
door for potential exploits. -- CVE-2012-2451, CWE-377
(Closes: #671255)
Checksums-Sha1:
6349397fc037980dc8d304cb9725f709021fb654 2171
libconfig-inifiles-perl_2.52-1+squeeze1.dsc
0b5b394b8ec23e4e4b64d05cd5d8eb5714194198 11847
libconfig-inifiles-perl_2.52-1+squeeze1.diff.gz
ef36fd360edf41df3c54e8cb58c97acc16e40bcd 48032
libconfig-inifiles-perl_2.52-1+squeeze1_all.deb
Checksums-Sha256:
f26955538817e406eda61eb2eb6ed6137ca203880883a44014fd384dac4f448c 2171
libconfig-inifiles-perl_2.52-1+squeeze1.dsc
5f5a05b0a9ac40193a95760aa3e39f70620d05284d901f50afad4e1bc802ea1b 11847
libconfig-inifiles-perl_2.52-1+squeeze1.diff.gz
4ea093e3503d41c9de8f425e0df0cc2f2d39823e0fc7bb587a955e0941ccbd5e 48032
libconfig-inifiles-perl_2.52-1+squeeze1_all.deb
Files:
0e91b9d9cee81d25e7bcfd4234900a21 2171 perl extra
libconfig-inifiles-perl_2.52-1+squeeze1.dsc
2915e67a210ade43adc331c363e87442 11847 perl extra
libconfig-inifiles-perl_2.52-1+squeeze1.diff.gz
4a54951f40826e8f1af4937733fd7ced 48032 perl extra
libconfig-inifiles-perl_2.52-1+squeeze1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQGvlrAAoJELs6aAGGSaoGmWIP/05IUxLnNEqaoOPBnSXThb6l
5L6KvDIZgOw/5VYe7GWtKJ1cNGGfkYzS0Zqk8CMCYvWKSs7W/PJXQRA+m2Bexwvn
fdKvuI0cExzEZm3antFgwO0FulO3eD3l2V+G3RpeNEAf2FH7KcBdtVHUAuwToSiL
VaEE8TkEYS3b5goMEtWB/qEDuiNEBzQVvOXkgWjHg/wOsoqHQzCFJ2b4w2fJdH3Q
rFQP9KJI+g1l0qWp22iUIM5gwV4vH8q2L3E40Vnrt61JMBd3qtj2JtUnVZnnIcTX
NLF3LvJ3m+ElFTf1wbhHXocsrawR6hEMpeYe3YncNGFQEhmXfZsuVeIJMxOYV40y
c6bGHtjgEyRrIOJM76j6ICPjHDyg+RV/WEMALZ4wgcIeAgRAoSEyhbsFPRXgfGXp
LbURNJOzF4SpcdB7Z0Egqlc4cu7gE/9+7IH5dMbgTMswM1umhD+C855H+ggEQzSY
EFxznHwyF0KS/zlrxcgN6Pnq7uMcpy0MB+XCCPqIIpMKxzuX8NK7wYnMQi6siHYl
sbxoY0g5Qit06Z92rKEgVr4Gb6sMU5HO7SM2yUqFNCjq/6SnWLUii0Gj2V8ZegDZ
ZhgI8xrsbZUDmIBmbrqVOHm8wAgmXZMUiBYIUKpOOlVBpFhpjGhI9Xvno6piIp8c
Ysq00V2ybmqgpyniLtdA
=oD5T
-----END PGP SIGNATURE-----
--- End Message ---