Bug#702914: marked as done (libnet-server-perl: CVE-2013-1841: Improper reverse DNS matching check for the given hostname)

Sat, 03 Dec 2022 07:42:21 -0800 

Your message dated Sat, 03 Dec 2022 15:39:44 +0000
with message-id <[email protected]>
and subject line Bug#702914: fixed in libnet-server-perl 2.013-1
has caused the Debian Bug report #702914,
regarding libnet-server-perl: CVE-2013-1841: Improper reverse DNS matching 
check for the given hostname
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
702914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702914
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libnet-server-perl
Severity: important
Tags: security
Control: forwarded -1 https://rt.cpan.org/Ticket/Display.html?id=83909

Hi

It was reported to the oss-security list[1] that libnet-server-perl
does not check the reverse DNS lookup hostname again by doing a
forward lookup and checking that it matches the original ip.

 [1]: http://www.openwall.com/lists/oss-security/2013/03/04/10

See also

 [2]: https://security-tracker.debian.org/CVE-2013-1841
 [3]: https://rt.cpan.org/Ticket/Display.html?id=83909

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libnet-server-perl
Source-Version: 2.013-1
Done: gregor herrmann <[email protected]>

We believe that the bug you reported is fixed in the latest version of
libnet-server-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libnet-server-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 03 Dec 2022 15:52:00 +0100
Source: libnet-server-perl
Architecture: source
Version: 2.013-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 702914
Changes:
 libnet-server-perl (2.013-1) unstable; urgency=medium
 .
   * Import upstream version 2.013.
     2.011 adds 'double_reverse_lookups' configuration and code as a fix for
     "CVE-2013-1841: Improper reverse DNS matching check for the given
     hostname".
     This can be enabled by setting 'reverse_lookups=double' or
     'double_reverse_lookups=1'. Cf. Net::Server(3pm) and CPAN RT#83909.
     (Closes: #702914)
   * debian/watch: use uscan macros.
   * Drop patches applied upstream.
   * Update years of upstream copyright.
   * Refresh test and runtime dependencies.
Checksums-Sha1:
 1894e2628c992156bd058c5bb6b944be3bca8ca0 2687 libnet-server-perl_2.013-1.dsc
 2139d1dcee76749d03d877c6a03f8eec80df046a 154660 
libnet-server-perl_2.013.orig.tar.gz
 5f69d2def5900e8f8160ab134a3d07b90c71b009 6736 
libnet-server-perl_2.013-1.debian.tar.xz
Checksums-Sha256:
 9f3865fae040158b06c223597ffb8e3cc2e4c39ad061e9ea898220c29e08e6ee 2687 
libnet-server-perl_2.013-1.dsc
 cd8ae3ad26a6bd8fece76aaf4b260818b3e991844a5c341bfe36523f6ba50940 154660 
libnet-server-perl_2.013.orig.tar.gz
 f572b71f807d7e9ddd6ecd41c60c32d63dd7df3f7cfeadcec68911846d2c9d65 6736 
libnet-server-perl_2.013-1.debian.tar.xz
Files:
 5091bd56ebf366a7d4c2942b592b0761 2687 perl optional 
libnet-server-perl_2.013-1.dsc
 74e903c6e94297df324f7cb65c20fd80 154660 perl optional 
libnet-server-perl_2.013.orig.tar.gz
 7ee3bf8b594def188d756a86f6accfc6 6736 perl optional 
libnet-server-perl_2.013-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmOLZZBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgaoUA//dGHzGABiJb8j5R8rzBcOV9KkxIlQAvYNT2F9u1SDX/QQDKbTUZB+0olI
PT0/rPdRWNkYmCoLuo5+QEbbW6pWoMX0UaJM0Bl9QZTZGTlrOE7+INuBCB4CJtQg
pdU27etJ+vuktJAyCxWDS2zWZ+xckKcQp+MqNRhi4tn4V75W/vAYglyPdPl1wM8V
ZXhKymieAIXSYV4lyi8TkwH/ZA+cYr/F0lrs++fZ3HlTdCyQaKCdEvj6Bjriux91
pPkQfHYZtM4JHxBRSwWN/nRdbJzv2xlXg/rLV5LugY0C5nfABKlObPCxSWoLmIYy
rWX5Oy8ERwm5Cm/8nwZBH86ixfd9PrS921bwavCLEOMiLLBBVWMNgzdP5Ikd2IFF
jS97nAXxKzorYnKjiZrzqXsDtMwA1/vvxxiSQPnhYvGlGde8F9or1QafTWuqWkEY
5pt3tB/HLywQNmTrBU82GBHSyK9/ZbmtXuFtgyPWFFU8EIwq8pv5FvHzqjIm5sf4
alF3WaB0ADjBYKgvMuOqzJ0rKaV4DT8CbQTKRRuQrV3/2woXqDtYP6fEfLHd2QjP
9k0GljcoTOELxrfrBqz/0sxAUsnYPmnMyB9FU9+JokuaB02HJUNYq4N/xfGcvbx8
Htg+SI0WL3qV8v/OVEqop0yb2lLXafkVd+BDgdNJ48GBljnVIDc=
=mJKL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to