Hi,
there will be no DSA for this issue.
Regards,
Ansgar
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Sun, Oct 02, 2011 at 11:44:39PM +0200, Ansgar Burchardt wrote:
Package: perl
Version: 5.10.0-19
Severity: grave
Tags: security upstream
Hi,
the last upstream release of libdigest-perl (1.17) contains a fix for an
unsafe use of eval: the argument to Digest-new($algo) was not checked
On Mon, Oct 03, 2011 at 04:01:50PM +0200, Moritz Mühlenhoff wrote:
perl-modules from Squeeze also contains 1.16, just like libdigest-perl.
What's the purpose of this package, then?
Wouldn't it rather make sense to drop standalone packages for all
modules present in perl-modules?
Where the
severity 644108 important
thanks
On Mon, Oct 03, 2011 at 12:39:38PM +0200, Ansgar Burchardt wrote:
there will be no DSA for this issue.
Okay, I assume this means that a severity downgrade is in order. I'm
not yet convined that the effort and risk of a squeeze and lenny release
of perl is
Package: perl
Version: 5.10.0-19
Severity: grave
Tags: security upstream
Hi,
the last upstream release of libdigest-perl (1.17) contains a fix for an
unsafe use of eval: the argument to Digest-new($algo) was not checked
properly allowing code injection (in case the value can be changed by
the
5 matches
Mail list logo
