Package: libapache2-mod-perl2 Version: 2.0.7-2 Severity: serious Control: found -1 2.0.4-7 X-Debbugs-Cc: t...@security.debian.org, p...@packages.debian.org
As noted on the modperl users list in http://mail-archives.apache.org/mod_mbox/perl-modperl/201303.mbox/%3C67B2BB40A61BE846B65EF4793B863D6C610AF5@ukmail02.planit.group%3E the perl fix for CVE-2013-1667 (rehashing flaw) makes t/perl/hash_attack.t in libapache2-mod-perl2 fail, so the latter package now fails to build from source. Verified on both squeeze and sid/wheezy. t/perl/api.t ............................ ok request has failed (the response code was: 500) see t/logs/error_log for more details t/perl/hash_attack.t .................... Dubious, test returned 255 (wstat 65280, 0xff00) Failed 1/1 subtests [...] Result: FAIL Failed 1/242 test programs. 0/3534 subtests failed. No patch yet, but according to Steve Hay in the above message there is one floating around: > I have seen a patch for it on the perl5-security list, and will > hopefully apply it soon. so it's probably best to wait a moment before disabling the test. FWIW the SVN repository is at svn co https://svn.apache.org/repos/asf/perl/modperl/trunk and can be browsed at http://svn.apache.org/viewvc/perl/modperl/trunk/ Cc'ing the security team. Once we have a fix, I suppose we'll need to fix libapache2-mod-perl2 via stable-security? -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org