Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1

To: 644147@bugs.debian.org
Cc: Ansgar Burchardt <ansgar@debian.org>, 644149@bugs.debian.org
Subject: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 11 Oct 2011 20:44:12 +0100
Message-id: <1318362252.25039.21.camel@hathi.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 644147@bugs.debian.org
In-reply-to: <1317760418.18800.4.camel@hathi.jungle.funky-badger.org>
References: <20111003102956.5794.42581.reportbug@deep-thought.43-1.org> <1317760418.18800.4.camel@hathi.jungle.funky-badger.org>

tag 644149 + pending
tag 644147 + pending
thanks

On Tue, 2011-10-04 at 21:33 +0100, Adam D. Barratt wrote:
> On Mon, 2011-10-03 at 12:29 +0200, Ansgar Burchardt wrote:
> > the last upstream release of libdigest-perl (1.17) contains a fix for an
> > unsafe use of eval[1]: the argument to Digest->new($algo) was not
> > checked properly allowing code injection (in case the value can be
> > changed by the attacker).  Versions in both lenny and squeeze are
> > affected.
> 
> Please go ahead with both uploads; thanks.

For the record, both uploads have now been accepted; thanks.

Regards,

Adam

Reply to:

Follow-Ups:
- Processed: Re: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
  - From: Ansgar Burchardt <ansgar@debian.org>
- Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Processed: binNMU
Next by Date: Processed: Re: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
Previous by thread: Processed: Re: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
Next by thread: Processed: Re: Bug#644147: pu: package libdigest-perl/1.16-1+squeeze1
Index(es):
- Date
- Thread