Accepted perl 5.6.1-8.8 (i386 source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 22 Dec 2004 23:55:54 +1100
Source: perl
Binary: perl-suid perl-modules perl perl-debug perl-base libperl5.6 perl-doc libperl-dev libcgi-fast-perl
Architecture: source i386 all
Version: 5.6.1-8.8
Distribution: stable-security
Urgency: low
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Brendan O'Dea <bod@debian.org>
Description:
libcgi-fast-perl - CGI::Fast Perl module.
libperl-dev - Perl library: development files.
libperl5.6 - Shared Perl library.
perl - Larry Wall's Practical Extraction and Report Language.
perl-base - The Pathologically Eclectic Rubbish Lister.
perl-debug - Debug-enabled Perl interpreter.
perl-doc - Perl documentation.
perl-modules - Core Perl modules.
perl-suid - Runs setuid Perl scripts.
Changes:
perl (5.6.1-8.8) stable-security; urgency=low
.
* SECURITY [CAN-2004-0452]: use less permissive chmods in rmtree.
* SECURITY [CAN-2004-0976]: patches from Trustix for insecure temp
file usage (thanks to Joey Hess for analysis).
- Some unsafe examples in the DB_File POD
- Use of hard coded temp file name in ext/IO/t/io_unix.t
- Hardcoded tmp file in ext/ODBM_File/ODBM_File.xs
- Some potentially unsafe examples in POSIX pod
- Hardcoded tmp file path in example of Socket.pm
- Example in Cookie.pm that uses /usr/tmp
- An example in MakeMaker.pm that suggets setting PREFIX=/tmp/myperl5
- Insecure use of /tmp file in ExtUtils/inst
- Insecure use of /tmp file in docs of Shell.pm
- Insecure use of /tmp file in docs of dotsh.pl
- Insecure use of /tmp file in setterm() function of lib/perl5db.pl
- Insecure use of /tmp file in mpeix/nm
- Insecure use of /tmp file in perly.fixer
- Insecure use of /tmp file in perldbmfilter.pod, perldebug.pod
- Various fixes in the FAQ
- perlfunc.pod, ditto
- perlipc.pod, ditto
- perllexwarn.pod, ditto
- perlobj.pod, ditto
- perlop.pod, ditto
- perlopentut.pod, ditto
- Insecure use of /tmp in utils/c2ph.PL, utils/perlbug.PL
Files:
bdc819ee60db1a3b36c3dca291f52ace 687 interpreters standard perl_5.6.1-8.8.dsc
fd37736eb59a9818267ee7d857392ad7 172848 interpreters standard perl_5.6.1-8.8.diff.gz
b3770a464c4829cffc57b6200d7aea5a 31398 interpreters extra libcgi-fast-perl_5.6.1-8.8_all.deb
67218848fb7f8d1c957c544e65cfec6f 3885590 doc optional perl-doc_5.6.1-8.8_all.deb
f9096ccecd9a4498710918630f5d1c33 1278678 interpreters standard perl-modules_5.6.1-8.8_all.deb
250b97b266658e9b3c98967dd6947c99 497242 base required perl-base_5.6.1-8.8_i386.deb
13ab60aa1701b7fce4b96de9a78e9261 2119362 interpreters optional perl-debug_5.6.1-8.8_i386.deb
e5235115cc02003dd3515a0d38f23b42 28422 interpreters optional perl-suid_5.6.1-8.8_i386.deb
15e1c64f422e6495fd92e09f02991814 347978 libs required libperl5.6_5.6.1-8.8_i386.deb
217c74330cb9c12cbd906aec43abe92f 424662 devel optional libperl-dev_5.6.1-8.8_i386.deb
1569e8cbc55a2ec5babdadac0b925b12 1150484 interpreters standard perl_5.6.1-8.8_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFByvdfW5ql+IAeqTIRAgiWAJ9UsERoo+FIdf8uzvJIUWlD+CNnJwCeM+FL
Xc1a+OHoBkEJCOBwWqbdELE=
=04Zd
-----END PGP SIGNATURE-----
Accepted:
libcgi-fast-perl_5.6.1-8.8_all.deb
to pool/main/p/perl/libcgi-fast-perl_5.6.1-8.8_all.deb
libperl-dev_5.6.1-8.8_i386.deb
to pool/main/p/perl/libperl-dev_5.6.1-8.8_i386.deb
libperl5.6_5.6.1-8.8_i386.deb
to pool/main/p/perl/libperl5.6_5.6.1-8.8_i386.deb
perl-base_5.6.1-8.8_i386.deb
to pool/main/p/perl/perl-base_5.6.1-8.8_i386.deb
perl-debug_5.6.1-8.8_i386.deb
to pool/main/p/perl/perl-debug_5.6.1-8.8_i386.deb
perl-doc_5.6.1-8.8_all.deb
to pool/main/p/perl/perl-doc_5.6.1-8.8_all.deb
perl-modules_5.6.1-8.8_all.deb
to pool/main/p/perl/perl-modules_5.6.1-8.8_all.deb
perl-suid_5.6.1-8.8_i386.deb
to pool/main/p/perl/perl-suid_5.6.1-8.8_i386.deb
perl_5.6.1-8.8.diff.gz
to pool/main/p/perl/perl_5.6.1-8.8.diff.gz
perl_5.6.1-8.8.dsc
to pool/main/p/perl/perl_5.6.1-8.8.dsc
perl_5.6.1-8.8_i386.deb
to pool/main/p/perl/perl_5.6.1-8.8_i386.deb
Reply to: