Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1

To: Ansgar Burchardt <ansgar@debian.org>, 644147@bugs.debian.org
Cc: 644149@bugs.debian.org
Subject: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 04 Oct 2011 21:33:38 +0100
Message-id: <1317760418.18800.4.camel@hathi.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 644147@bugs.debian.org
In-reply-to: <20111003102956.5794.42581.reportbug@deep-thought.43-1.org>
References: <20111003102956.5794.42581.reportbug@deep-thought.43-1.org>

tag 644149 + lenny confirmed
tag 644147 + squeeze confirmed
thanks

On Mon, 2011-10-03 at 12:29 +0200, Ansgar Burchardt wrote:
> the last upstream release of libdigest-perl (1.17) contains a fix for an
> unsafe use of eval[1]: the argument to Digest->new($algo) was not
> checked properly allowing code injection (in case the value can be
> changed by the attacker).  Versions in both lenny and squeeze are
> affected.

Please go ahead with both uploads; thanks.

Regards,

Adam

Reply to:

Follow-Ups:
- Processed: Re: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
  - From: Ansgar Burchardt <ansgar@debian.org>

Prev by Date: NEW changes in proposedupdates
Next by Date: Processed: Re: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
Previous by thread: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
Next by thread: Processed: Re: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
Index(es):
- Date
- Thread