Your message dated Sat, 16 May 2026 16:49:06 +0000
with message-id <[email protected]>
and subject line Bug#1136808: fixed in libcrypt-dsa-perl 1.20-1
has caused the Debian Bug report #1136808,
regarding libcrypt-dsa-perl: CVE-2026-8700
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1136808: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136808
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcrypt-dsa-perl
Version: 1.19-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libcrypt-dsa-perl.
CVE-2026-8700[0]:
| Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
| Seeds were generated using Perl's built-in rand function, which is
| predictable and unsuitable for security usage.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-8700
https://www.cve.org/CVERecord?id=CVE-2026-8700
[1] https://lists.security.metacpan.org/cve-announce/msg/40104301/
[2]
https://github.com/perl-Crypt-OpenPGP/Crypt-DSA/commit/43f2ad133bca76c57665f42eb0dc8042df54d3f1
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libcrypt-dsa-perl
Source-Version: 1.20-1
Done: gregor herrmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcrypt-dsa-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libcrypt-dsa-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 May 2026 18:19:54 +0200
Source: libcrypt-dsa-perl
Architecture: source
Version: 1.20-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1136808 1136809
Changes:
libcrypt-dsa-perl (1.20-1) unstable; urgency=medium
.
* Team upload.
* Import upstream version 1.20.
- Security Fix CVE-2026-8704: replace two arg open
Closes: #1136809
- Security Fix CVE-2026-8700: replace rand()
Closes: #1136808
* Install new security document.
* New test and runtime dependency: libcrypt-sysrandom-perl.
* Update years of upstream copyright.
* Declare compliance with Debian Policy 4.7.4.
* Remove «Rules-Requires-Root: no», which is the current default.
* Remove «Priority: optional», which is the current default.
Checksums-Sha1:
dd5f156ef436fbd7071d614499d7fd9bd51c3eeb 2609 libcrypt-dsa-perl_1.20-1.dsc
540c98415f682692bb2540980021f87bfc94598f 29938
libcrypt-dsa-perl_1.20.orig.tar.gz
e35fcc0c857b8d56b112faa5134ea53293e3a1bf 2844
libcrypt-dsa-perl_1.20-1.debian.tar.xz
Checksums-Sha256:
e9829117e636a5198e52dd75ed368d858f79e1633bfefff6d3e778bf410c4f2c 2609
libcrypt-dsa-perl_1.20-1.dsc
e5e98ec85737339a2881b9a33744639b1bcc135db135bc9a96b52ea44d218e4d 29938
libcrypt-dsa-perl_1.20.orig.tar.gz
35692bd4d56644bc70245634d48bd1a30d43561e4fe22fd5bd65789fb3077d72 2844
libcrypt-dsa-perl_1.20-1.debian.tar.xz
Files:
6d1db8ad16e1919d8317756a19d2704b 2609 perl optional
libcrypt-dsa-perl_1.20-1.dsc
3e1fd267c848e55b6ffaeb436876c370 29938 perl optional
libcrypt-dsa-perl_1.20.orig.tar.gz
f6e78d1892e52e67d6a4509070f5da4f 2844 perl optional
libcrypt-dsa-perl_1.20-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmoIm4dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgYK9hAApLOrrkudTgSFKPJK8FhL6R+thc9Hq70XfARSW/7oVVE2wohpX0yNHcMc
YzlQNV51mfiEOo4P5GdVUp+3UXjaCxkQwrm6c6/1n+UePnI9fdkmjzu5ldOJNQn1
9brtZ1ux9HTBRIumzDsfRlGowS4sk2iKZuUTtliKvQ90+O8agQSrXUT6VdyDXx3c
pnfFev2tfLQ3gkANzzSQJ8U3UP23XdyJiZhnHP5vF3pqg5MxwcEIvsMC1ah9zLwb
BP1SzQONlgWMYTH6Njon6QvCRF+OOSIr78mhTAHe/vbbn+pFRQ6lDjYS9GkDU1Sv
8gDYhRbA1rK6UTeU2uVxh+0xE+lYmo4kDLzhu/C566AM2Q0e5QTMKntmbyhy4Asu
++ym+EF73LTfLUmPmoV+oUc0tIdxImtOxkTaECDXSeknAndl/5pV/dxkA1GtKFml
B6mPyrae4LkQxxLrsrbb4z5swGXKJ2dNUjfojEcWjOYanyFMOGuzpl14H3D2nPgX
znsOA4hVkwuKeRFqLibqMKn6QRvrMJNfQ/PtOLDqopJZQZVXIOHzbzxyXt2arrkV
yjE0fLG7oFye51CnMOAEiMrKxP+cIm80sx49l3jdLkNNNUh+wxOM3YeK6ikBKhaW
CPqSFE3Fq7q6sExA94MHmD1BE7Wm+h8/HPyHtJxKJt7kVRNLEQ8=
=Td5K
-----END PGP SIGNATURE-----
pgp50Oq9jZ2xX.pgp
Description: PGP signature
--- End Message ---
