Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
tag 644149 + pending
tag 644147 + pending
On Tue, 2011-10-04 at 21:33 +0100, Adam D. Barratt wrote:
> On Mon, 2011-10-03 at 12:29 +0200, Ansgar Burchardt wrote:
> > the last upstream release of libdigest-perl (1.17) contains a fix for an
> > unsafe use of eval: the argument to Digest->new($algo) was not
> > checked properly allowing code injection (in case the value can be
> > changed by the attacker). Versions in both lenny and squeeze are
> > affected.
> Please go ahead with both uploads; thanks.
For the record, both uploads have now been accepted; thanks.