Your message dated Tue, 12 Mar 2013 20:32:54 +0000 with message-id <e1ufvsu-0003lb...@franck.debian.org> and subject line Bug#702821: fixed in libapache2-mod-perl2 2.0.7-3 has caused the Debian Bug report #702821, regarding libapache2-mod-perl2: FTBFS: the CVE-2013-1667 fix breaks t/perl/hash_attack.t to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 702821: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702821 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libapache2-mod-perl2 Version: 2.0.7-2 Severity: serious Control: found -1 2.0.4-7 X-Debbugs-Cc: t...@security.debian.org, p...@packages.debian.org As noted on the modperl users list in http://mail-archives.apache.org/mod_mbox/perl-modperl/201303.mbox/%3C67B2BB40A61BE846B65EF4793B863D6C610AF5@ukmail02.planit.group%3E the perl fix for CVE-2013-1667 (rehashing flaw) makes t/perl/hash_attack.t in libapache2-mod-perl2 fail, so the latter package now fails to build from source. Verified on both squeeze and sid/wheezy. t/perl/api.t ............................ ok request has failed (the response code was: 500) see t/logs/error_log for more details t/perl/hash_attack.t .................... Dubious, test returned 255 (wstat 65280, 0xff00) Failed 1/1 subtests [...] Result: FAIL Failed 1/242 test programs. 0/3534 subtests failed. No patch yet, but according to Steve Hay in the above message there is one floating around: > I have seen a patch for it on the perl5-security list, and will > hopefully apply it soon. so it's probably best to wait a moment before disabling the test. FWIW the SVN repository is at svn co https://svn.apache.org/repos/asf/perl/modperl/trunk and can be browsed at http://svn.apache.org/viewvc/perl/modperl/trunk/ Cc'ing the security team. Once we have a fix, I suppose we'll need to fix libapache2-mod-perl2 via stable-security? -- Niko Tyni nt...@debian.org
--- End Message ---
--- Begin Message ---Source: libapache2-mod-perl2 Source-Version: 2.0.7-3 We believe that the bug you reported is fixed in the latest version of libapache2-mod-perl2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 702...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Dominic Hargreaves <d...@earth.li> (supplier of updated libapache2-mod-perl2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 12 Mar 2013 20:06:02 +0000 Source: libapache2-mod-perl2 Binary: libapache2-mod-perl2 libapache2-mod-perl2-dev libapache2-mod-perl2-doc Architecture: source i386 all Version: 2.0.7-3 Distribution: unstable Urgency: low Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Dominic Hargreaves <d...@earth.li> Description: libapache2-mod-perl2 - Integration of perl with the Apache2 web server libapache2-mod-perl2-dev - Integration of perl with the Apache2 web server - development fil libapache2-mod-perl2-doc - Integration of perl with the Apache2 web server - documentation Closes: 702821 Changes: libapache2-mod-perl2 (2.0.7-3) unstable; urgency=low . [ Salvatore Bonaccorso ] * Change Vcs-Git to canonical URI (git://anonscm.debian.org) . [ Dominic Hargreaves ] * Fix FTBFS with versions of perl including the CVE-2013-1667 fix (Closes: #702821) Checksums-Sha1: fade9cf5b0f3975ecccb9c79eb395f295c72724c 2001 libapache2-mod-perl2_2.0.7-3.dsc 95108fe302680a6cdbba0096794416fbb6e9dd59 26622 libapache2-mod-perl2_2.0.7-3.debian.tar.gz dd36aa52313e23104838861315ce90f60a4c1b8d 1077360 libapache2-mod-perl2_2.0.7-3_i386.deb 2f96a3e93c98ae31cba649d87649222b7cbb126d 84808 libapache2-mod-perl2-dev_2.0.7-3_all.deb 9994bfe6a69197cadfef1174127e81a72a143d7b 1917348 libapache2-mod-perl2-doc_2.0.7-3_all.deb Checksums-Sha256: 11ade20e75c27e34e6d7b4647e4bb8d811842f2b71bfd899dcfab4d3ce59a878 2001 libapache2-mod-perl2_2.0.7-3.dsc 84418b836b74684d6b856509896828e757cc8438629ff751969cdd9a343b5e21 26622 libapache2-mod-perl2_2.0.7-3.debian.tar.gz a0bc7de0d5f101939ef1745e5a8c250e14f690ea6d9f1f32e56d96eae7ec232e 1077360 libapache2-mod-perl2_2.0.7-3_i386.deb 2d217e1cc8d8c9fdf6e62c09f57e45d46633975ae8cf231c68c39ef18fb22544 84808 libapache2-mod-perl2-dev_2.0.7-3_all.deb bc03a66cb305511b7d6e1679aaf02c2d2cb3091a5efe1dd42c377139930cedaf 1917348 libapache2-mod-perl2-doc_2.0.7-3_all.deb Files: bef35f1cfa5559a3cab80245be795e5e 2001 httpd optional libapache2-mod-perl2_2.0.7-3.dsc 8fce71f43c1e7d1ba4ad6066b08cd7d4 26622 httpd optional libapache2-mod-perl2_2.0.7-3.debian.tar.gz d754c72a767d179f1c3c0e7b17261ea8 1077360 httpd optional libapache2-mod-perl2_2.0.7-3_i386.deb ede63c484d261df62d9f064505c77d4b 84808 libdevel optional libapache2-mod-perl2-dev_2.0.7-3_all.deb 939deb2d3bc71491b2ec7110ac3a530c 1917348 doc optional libapache2-mod-perl2-doc_2.0.7-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRP49dYzuFKFF44qURAsbBAJwMEAU85nGzjIrHck6DagARYIG59ACghRhV d9mS5KuI874nY4cKDBAvGzg= =UdSI -----END PGP SIGNATURE-----
--- End Message ---
