Bug#606379: marked as done (CVE-2010-2761 CVE-2010-4410)

Fri, 14 Jan 2011 17:57:19 -0800 

Your message dated Sat, 15 Jan 2011 01:54:35 +0000
with message-id <e1pdvlf-0004tr...@franck.debian.org>
and subject line Bug#606379: fixed in libcgi-simple-perl 1.105-1lenny1
has caused the Debian Bug report #606379,
regarding CVE-2010-2761 CVE-2010-4410
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
606379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606379
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libcgi-pm-perl
Version: 3.49-1
Severity: grave
Tags: security

Three security issues have been reported in libcgi-pm-perl:

http://security-tracker.debian.org/tracker/CVE-2010-2761 
http://security-tracker.debian.org/tracker/CVE-2010-4410
http://security-tracker.debian.org/tracker/CVE-2010-4411

The first two issues are fixed in 3.50 (already in sid), but
the second is still pending a final fix (see the referenced
link). Please get in touch with the release team to check,
whether migrating 3.50 plus the fix for CVE-2010-4411 or
uploading a tpu fix with 3.49 plus the security fixes is the
best way to resolve this.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

--- End Message ---
--- Begin Message --- 
Source: libcgi-simple-perl
Source-Version: 1.105-1lenny1

We believe that the bug you reported is fixed in the latest version of
libcgi-simple-perl, which is due to be installed in the Debian FTP archive:

libcgi-simple-perl_1.105-1lenny1.diff.gz
  to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.105-1lenny1.diff.gz
libcgi-simple-perl_1.105-1lenny1.dsc
  to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.105-1lenny1.dsc
libcgi-simple-perl_1.105-1lenny1_all.deb
  to main/libc/libcgi-simple-perl/libcgi-simple-perl_1.105-1lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <nt...@debian.org> (supplier of updated libcgi-simple-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 14 Jan 2011 22:29:56 +0200
Source: libcgi-simple-perl
Binary: libcgi-simple-perl
Architecture: source all
Version: 1.105-1lenny1
Distribution: stable
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org>
Changed-By: Niko Tyni <nt...@debian.org>
Description: 
 libcgi-simple-perl - A Simple totally OO CGI interface that is CGI.pm compliant
Closes: 606379
Changes: 
 libcgi-simple-perl (1.105-1lenny1) stable; urgency=low
 .
   * [SECURITY] CVE-2010-2761 CVE-2010-4410 CVE-2010-4411:
     backport fixes for MIME boundary and multiline header vulnerabilities
     (Closes: #606379)
Checksums-Sha1: 
 5c2fb1fb5c694768915a6b2a265565e7afa0a357 2102 
libcgi-simple-perl_1.105-1lenny1.dsc
 7656de28ff184aba82905ea8d20e7e1d4c32fe4b 4405 
libcgi-simple-perl_1.105-1lenny1.diff.gz
 e7174b8c847d5c3033e913a56892d523b3902396 106606 
libcgi-simple-perl_1.105-1lenny1_all.deb
Checksums-Sha256: 
 9b98c1c101b393b82e842b347e4e1acdd9ad551663ee4582b4aefa360854b403 2102 
libcgi-simple-perl_1.105-1lenny1.dsc
 7b98f65e299a50914131d53f1272c321065e618c9335dac1b4ebb21176afa7f4 4405 
libcgi-simple-perl_1.105-1lenny1.diff.gz
 7302c4e9029b0b6c334c30d014bf888498a74df856fd38731d5471ec88b39c5a 106606 
libcgi-simple-perl_1.105-1lenny1_all.deb
Files: 
 c635b3a147e7dcbab40234ba74366029 2102 perl optional 
libcgi-simple-perl_1.105-1lenny1.dsc
 1bb3d652c935c944597cb715330f0597 4405 perl optional 
libcgi-simple-perl_1.105-1lenny1.diff.gz
 a9aff93424adaa9b000facb41b8cb022 106606 perl optional 
libcgi-simple-perl_1.105-1lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJNMNKOAAoJELs6aAGGSaoGP0MP/1rRf9KqaX8s5CeOjy/SZf1s
MEhAVLseilNeIa0ZtqblOfM9Hnl6Fxuu3krNNtFDt+zJAYu3vHW4f0//rrd3GA+G
0Qw7P67OQ746lqHD7FeqOdtqkh9j/N0aSVgd2jKNa39NRgGase9wETJAbgBDMUwB
2imZSMBEMV6MHQQH6CefX9crfhq1BJEtmknUcmz+2eZeIyiNsRzi7bfOv8My6vpF
48O0mZ8An7Hwn1x2vAVGuX93w/LQbyD5dceW8VF4IhyjusPJF1F+cPKFeeAZPTYe
QoFOg70ztLI/eSDc2cH6XpAZTO9WNe68hLmPZ86CyYoiuGQoSMZcaUvuijRaHKfS
9enD9704vnyPZuUoZX448q0ZftVRruQgoIPxSZkOnw7c4fkBG0w9Vy+FS8wjHa1o
vWyBqOjn7qL8KAdVc+K3InPRkgpOW91bc5GTmnl+wQdAb7MSSE2I0BcpgjUn10cT
O1xpmA5akSWoIghQfq9jO60CpeW7Rae5KDGc5bbHeg6V6kOpCNiLfPzp8B8Mnhoz
SCpFpjxv59RxC+e4rj3o7ujS81Zjn/xJ5nGKeX4HrlLpj8Q7kYVXz89dyP5Rfol4
dDIQlft2P8MxHtWlpOhhH+QZl31EDK0dNQEWcvHvzARbANA3UqhQCOLnY8jE9HUd
9zJYMXd70gz9+1nZz/X1
=ggHp
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to