Your message dated Sat, 29 Mar 2025 05:46:19 +0000
with message-id <[email protected]>
and subject line Bug#1101503: fixed in libdata-entropy-perl 0.008-1
has caused the Debian Bug report #1101503,
regarding libdata-entropy-perl: CVE-2025-1860
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1101503: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101503
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libdata-entropy-perl
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for libdata-entropy-perl.

CVE-2025-1860[0]:
| Data::Entropy for Perl 0.007 and earlier use the rand() function as
| the default source of entropy, which is not cryptographically
| secure, for cryptographic functions.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-1860
    https://www.cve.org/CVERecord?id=CVE-2025-1860

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: libdata-entropy-perl
Source-Version: 0.008-1
Done: gregor herrmann <[email protected]>

We believe that the bug you reported is fixed in the latest version of
libdata-entropy-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libdata-entropy-perl 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 29 Mar 2025 02:01:42 +0100
Source: libdata-entropy-perl
Architecture: source
Version: 0.008-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1101503
Changes:
 libdata-entropy-perl (0.008-1) unstable; urgency=medium
 .
   * Team upload.
   * Import upstream version 0.008.
     Use Crypt::URandom to seed the default algorithm with
     cryptographically secure random bytes instead of the builtin
     rand() function [CVE 2025-1860].
     Closes: #1101503
   * Add debian/upstream/metadata.
   * Update years of upstream copyright and Upstream-Contact.
   * Install new SECURITY.md file.
   * Add deprecation notice to debian/control.
   * Update test and runtime dependencies.
   * Declare compliance with Debian Policy 4.7.2.
   * Annotate test-only build dependencies with <!nocheck>.
Checksums-Sha1:
 0cbe10b229b193a3ef203951de7706c52ef06419 2682 libdata-entropy-perl_0.008-1.dsc
 656bdf5e43c8457555dd8b2db1ae7e6b06038a21 40697 
libdata-entropy-perl_0.008.orig.tar.gz
 2789388180806f19946424a5d02b3d61813f987d 3536 
libdata-entropy-perl_0.008-1.debian.tar.xz
Checksums-Sha256:
 f26912266ca2a224c141310a487bad3c425a68c4ffb6bf983594f861293e82cf 2682 
libdata-entropy-perl_0.008-1.dsc
 18a52b1386e82c6b8cdb384a39861d60220a442a790e077010be72dd853b67b3 40697 
libdata-entropy-perl_0.008.orig.tar.gz
 c25e47995dc6ef14bb39f868db00a1f2f5af9deeae23b25180ccb0830f60c3e8 3536 
libdata-entropy-perl_0.008-1.debian.tar.xz
Files:
 05f57c6926390c4d173c0432e00245e7 2682 perl optional 
libdata-entropy-perl_0.008-1.dsc
 378ed905d74a8b6a0bf03a045935a836 40697 perl optional 
libdata-entropy-perl_0.008.orig.tar.gz
 6a4e01172ec108393bdb12e66219c2e1 3536 perl optional 
libdata-entropy-perl_0.008-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmfnR6NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgZS4Q/9GI3Zq6aai9OeSWWKzFZ6jtQ6o9v0XQ2Ywa0UsIjlLmd27je1qqYvTChJ
BxdL/n5KxU7FHgi3JHahn40gAHy9QTpHVKso7+CiMTXu0FMN5DTnq5ztyytA7KTS
SN4HImYfE8fqpj9q1iMB1SHs+Y5uB8K8x9dFHIabDWpVUkX8a9yj+jGVWSG3w79Y
4HWR06FJtAOmkikIUTEK8YFGGyyV2id1sYLZ8Rg577vNodvdgjsWFUbwgjFo8USR
1hBPjLVID99bDwBGMUmbmhvZ2VdylrQq3k6cl4AG1TW4AMLhnB0ss7Aq0q9jeKiV
rVYl9woZ4IYQmLeGALR5nXwpzMe5yEVwXF1Di3/OmVjZiXaM7EW7NsFFI3xb2j9S
1/6pRa5Ruv4svxTy9rzH8hCDbAOfp0lTGAyEWV5V8HL/X4l5MEC1kcRzQIHfMshb
rN2wjeYF/zZLx+VN5Aux78AUW0zSry20Qx4+Ad1AktcBuRN5BeQ8dkWLNKt0XoGO
NPsoe6htnOmARE72nQ2adWSUi0QL1ZaRfVxx7FX39DsrMr2ZqF2C38Xprxhcwq/H
KT5EJAPiLSfZAG2QHGyOnEQXAEfu9COqhFBVMmiI5fDraQCiFKCtElqjyYFEUChg
89Vh311bN/LxKxjG9pqNGeKWytbpGr9JFFivD//cAQh3OoNRgNc=
=4PiZ
-----END PGP SIGNATURE-----

Attachment: pgpe29KIU4x4q.pgp
Description: PGP signature


--- End Message ---

Reply via email to