Your message dated Fri, 29 Aug 2025 22:47:39 +0000
with message-id <[email protected]>
and subject line Bug#1035109: fixed in perl 5.36.0-7+deb12u3
has caused the Debian Bug report #1035109,
regarding perl: CVE-2023-31484
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1035109: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035109
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: perl
Version: 5.36.0-7
Severity: normal
Tags: security upstream
Forwarded: https://github.com/andk/cpanpm/pull/175
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for perl.
Sorry for the initial swapping of the CVEs, CVE-2023-31484 is the one
associated with CPAN.pm.
CVE-2023-31484[0]:
| CPAN.pm before 2.35 does not verify TLS certificates when downloading
| distributions over HTTPS.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-31484
https://www.cve.org/CVERecord?id=CVE-2023-31484
[1] https://github.com/andk/cpanpm/pull/175
[2]
https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.36.0-7+deb12u3
Done: Niko Tyni <[email protected]>
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <[email protected]> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384
Format: 1.8
Date: Fri, 29 Aug 2025 15:09:36 +0300
Source: perl
Architecture: source
Version: 5.36.0-7+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: Niko Tyni <[email protected]>
Changed-By: Niko Tyni <[email protected]>
Closes: 1035109 1098226
Changes:
perl (5.36.0-7+deb12u3) bookworm; urgency=medium
.
* [SECURITY] CVE-2023-31484: CPAN.pm now verifies TLS certificates.
(Closes: #1035109)
* [SECURITY] CVE-2025-40909: Clone dirhandles without fchdir
(Closes: #1098226)
Checksums-Sha1:
b9f6dd6ec873f106643ee6d0599fa9beea3f733a 2357 perl_5.36.0-7+deb12u3.dsc
c7401b98577dbb216dcd9f30c44d777328c1d7fb 177092
perl_5.36.0-7+deb12u3.debian.tar.xz
3442548ffc4a7aa216a65afe4fcd9fd4e9e24dd0 5842
perl_5.36.0-7+deb12u3_source.buildinfo
Checksums-Sha256:
ac13a1eb3d4bb63ca8c91a3695ad563b10792a3e0f2f8b74d9600625a98a68fb 2357
perl_5.36.0-7+deb12u3.dsc
5dfbe06b76fd23a4cc4aef586220845de535b245a9066ec0658eb60fbe21be1b 177092
perl_5.36.0-7+deb12u3.debian.tar.xz
7d7c53367ce8f742b755d7bf5ed1903a9a9e922389906f7f9158ec1c051a5158 5842
perl_5.36.0-7+deb12u3_source.buildinfo
Files:
ecd3cd630981bd322b436d565f6fa23f 2357 perl standard perl_5.36.0-7+deb12u3.dsc
7c9d71a9401ddacf2207c30cf185df65 177092 perl standard
perl_5.36.0-7+deb12u3.debian.tar.xz
0b9dc2ddaf309586f08ef04349638344 5842 perl standard
perl_5.36.0-7+deb12u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iKcEARMJAC8WIQTuZv2Xfg2x/uVxefeK/rNkDrE5sgUCaLGZCxEcbnR5bmlAZGVi
aWFuLm9yZwAKCRCK/rNkDrE5ss8SAX4w4d6YDg9++9oHTWj/WGrKriazl3LN6HST
k9sJo31RemHVqlrcwqZpi2C4NuwlUHgBgPr0LzZABGdaWRVXbwHCuoOU5Z71IKip
K4dgh6eB8LSRT6NsKxvldjzJMJQguyjp6w==
=xP1S
-----END PGP SIGNATURE-----
pgp3iENNjxe4s.pgp
Description: PGP signature
--- End Message ---
