Your message dated Mon, 15 Jun 2026 22:35:42 +0000
with message-id <[email protected]>
and subject line Bug#1140105: fixed in libcrypt-dsa-perl 1.21-1
has caused the Debian Bug report #1140105,
regarding libcrypt-dsa-perl: CVE-2026-12205
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1140105: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140105
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libcrypt-dsa-perl
Version: 1.20-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libcrypt-dsa-perl.
CVE-2026-12205[0]:
| key material reuse for multiple signing events
I'm opening this at RC level, with the following question: Should
libcrypt-dsa-perl be removed from unstable and so forky? Upstream
clearly states:
| Deprecated.
| The maintainer of this distribution has indicated that it is
| deprecated and no longer suitable for use.
https://metacpan.org/dist/Crypt-DSA
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-12205
https://www.cve.org/CVERecord?id=CVE-2026-12205
[1] https://lists.security.metacpan.org/cve-announce/msg/41004653/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libcrypt-dsa-perl
Source-Version: 1.21-1
Done: gregor herrmann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libcrypt-dsa-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libcrypt-dsa-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Jun 2026 23:21:39 +0200
Source: libcrypt-dsa-perl
Architecture: source
Version: 1.21-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 1140105
Changes:
libcrypt-dsa-perl (1.21-1) unstable; urgency=medium
.
* Team upload.
* Import upstream version 1.21.
- Fixed CVE-2026-12205 key material reuse for multiple signing events
Closes: #1140105
* Add deprecation notice to long description.
Checksums-Sha1:
042ca1b323719f97bc50835702188444875f0828 2609 libcrypt-dsa-perl_1.21-1.dsc
d0fde5918901a112027e3c82f55f080cc7a1a57c 31022
libcrypt-dsa-perl_1.21.orig.tar.gz
1f5046ad6a3a7c2de87ce410a41b7af52c297b6d 2928
libcrypt-dsa-perl_1.21-1.debian.tar.xz
Checksums-Sha256:
bc20e83edf01d71390acc71d9fabe37da6691682d50fc917c1f0c56c3179b98e 2609
libcrypt-dsa-perl_1.21-1.dsc
a46201e8390e8ba3bbe51111d76489f31dafda0f6a60b0ab9319dd52bd2b32b0 31022
libcrypt-dsa-perl_1.21.orig.tar.gz
f5d7a01fc5927504757deaeaba3deceb6f89e9a331f3e93e7a57627f8aa7d331 2928
libcrypt-dsa-perl_1.21-1.debian.tar.xz
Files:
652a53fe4097afa21571fa8d87604e6c 2609 perl optional
libcrypt-dsa-perl_1.21-1.dsc
1c1537aabeba06cb0124c71c07440917 31022 perl optional
libcrypt-dsa-perl_1.21.orig.tar.gz
0fefe1139f21ee3e8951efcf15b43c25 2928 perl optional
libcrypt-dsa-perl_1.21-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmowcChfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgZEOxAAgAa/uSElpMqoj1+lWw8QyhPGPcqHx4IabIPDgT0U8A8K7PeHBfCjS3ib
nvp0kw8Q4DKk5CCwC2XoLKE9HoKdjPhmWVuOx6jZcbC0k4z6gty0sA2JpqisZ03y
8IbB0GiUwxupQGBrtma7hV/JuBYqkDOhjgxkdO2NdCExTmOs9rfNWntf4R2zLuG4
phoHmyJm4dvFRUxwK+dZ1JS/yYmyy4Z7vJ4oGJDITACglxJ7KcfxlpksQ98C+Z+j
L0hlCvULkPZEPzRykz3GsD0DJyIFIbX8dA1RQAvGtc3yTkxEaGmU/NmuYRoinqCL
Guzl0P37zP803Z+odUiCiVeFzy+B2yNXX1xCuj8O9+vCJJTwsq6fZv6nCifolk60
gf/ZNfqqUfab4bPQ6TkrHwBflrmqV8DzwexpUT8q6CkoRcsDSUwe/MMXpFa3j/Xv
qE6Qp9gcX+i2PFvNvKirBYC5lWpNFbz9k5FG8qpdE6HtC804vCGIerXw7Grg7+FV
PFt1xO1DVTDQivXmvECQ7/AWmQF1ZYH1/ayZiqLP0GBcA+VmF3mMiSM2yqxwJ78K
vTlMFWOZMVLP7Am9MnPICaTcjrLJ0Tr9opWXef5OCPFLAsFL5VeG3lqc6V7QLuZm
QzbPJNH/fcfCEFc+3YXnjKhzZoEqeRm7lIyUgnmR0c6D6k52pWQ=
=OBB8
-----END PGP SIGNATURE-----
pgpGdHlIWoTeq.pgp
Description: PGP signature
--- End Message ---
