Your message dated Mon, 11 Aug 2025 17:11:09 +0000
with message-id <[email protected]>
and subject line Bug#1102147: fixed in libnet-dropbox-api-perl 1.9-3
has caused the Debian Bug report #1102147,
regarding libnet-dropbox-api-perl: CVE-2024-58036
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1102147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102147
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libnet-dropbox-api-perl
Version: 1.9-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for libnet-dropbox-api-perl.

CVE-2024-58036[0]:
| Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function
| as the default source of entropy, which is not cryptographically
| secure, for cryptographic functions.  Specifically Net::Dropbox::API
| uses the Data::Random library which specifically states that it is
| "Useful mostly for test programs". Data::Random uses the rand()
| function.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-58036
    https://www.cve.org/CVERecord?id=CVE-2024-58036
[1] https://lists.security.metacpan.org/cve-announce/msg/28504518/

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: libnet-dropbox-api-perl
Source-Version: 1.9-3
Done: gregor herrmann <[email protected]>

We believe that the bug you reported is fixed in the latest version of
libnet-dropbox-api-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated 
libnet-dropbox-api-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 11 Aug 2025 18:41:57 +0200
Source: libnet-dropbox-api-perl
Architecture: source
Version: 1.9-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1102147
Changes:
 libnet-dropbox-api-perl (1.9-3) unstable; urgency=medium
 .
   * Team upload.
   * Add patch CVE-2024-58036.patch, taken from upstream pull request.
     Fixes CVE-2024-58036: "Net::Dropbox::API 1.9 and earlier for Perl uses
     the rand() function as the default source of entropy, which is not
     cryptographically secure". (Closes: #1102147)
   * Update test and runtime dependencies for CVE-2024-58036.patch.
   * Update debian/upstream/metadata.
   * Declare compliance with Debian Policy 4.7.2.
   * Annotate test-only build dependencies with <!nocheck>.
   * Add empty debian/tests/pkg-perl/syntax-skip to enable more
     autopkgtests.
Checksums-Sha1:
 3f6450ff4b139b264433625b9f563338ee1bffd0 2737 libnet-dropbox-api-perl_1.9-3.dsc
 e3186f25ac056dd62054525aa4304834b4a22093 3816 
libnet-dropbox-api-perl_1.9-3.debian.tar.xz
Checksums-Sha256:
 112cc11e907f495be2833c949cb3f24e65c37b366da55600c017e39a73385d15 2737 
libnet-dropbox-api-perl_1.9-3.dsc
 c266637f0af92bc6a43c1cd3137d54aaaf815af4431575e42a00cb2e1da35427 3816 
libnet-dropbox-api-perl_1.9-3.debian.tar.xz
Files:
 9af881f3f8a768f371326746174f6d42 2737 perl optional 
libnet-dropbox-api-perl_1.9-3.dsc
 d558aacc41c803fac9eb8d71f18d9d89 3816 perl optional 
libnet-dropbox-api-perl_1.9-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmiaHd5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgbsvA/+LdB0aDCsCF5kvnuPQTBgqxomp40pHszLoig/gVqOiVnxGSt101P9sHV3
461ae+5Ygz0vj1aIz5s/XQC5awjYDuWIr4bGuziYGMzSC4++1Ts18erzxp4k8nYZ
i46MgXvUg2EBfoQs6IpEhcHmL2oXGaJjxjc4dOiVTR1hzKYyseC1wCPDNS2zk+kG
F7pqMJIUIY9th8t5cacgZYe3fRHzLOV3XhoekEzsh6+vWV9B4QLuns9Wix9cxyqu
WR5Z85iDp0GVZDqeBlRuC+k48PuEVe6IyMAdWABC8bfALVu9G0prlnxLh8+I6Zx5
Cy2V2JaXYztZw0pwhJj9Qh/xojkCmkWK2oCR7BEXip0vT/vhVnk1eBZUtUJwvA21
Dc4xvPgtQ2pNyT7aKSD22xpCb2XbvIRSUvPY+OkQyM4zqPVZ5aK6Xuo+lFJmrJVR
jPd02Gtx0iwuhcTbh4I3XMEY5tgbvYkfcoGm7UKk4px6lDWgbd69rUYTpF90veiR
klu3kRKjuKv0MXxLqL6TWjthgLDwaIvH3Mx6wGCbv92hNr0A6UaJlhXYkjCUUH0e
UifUoDE1X3nTRLqssB7RTdLyDO0QLwropsCDTEr66AiAAZh1ipbEGx5c7Qt+5Aca
bl4L9loqSeSKH24kPS9VvqevcKKQq/x05w69hwDhbVOBzyvtl5E=
=cAwF
-----END PGP SIGNATURE-----

Attachment: pgpTqhMnZxaJ6.pgp
Description: PGP signature


--- End Message ---

Reply via email to