libmodule-signature-perl (0.63-1+squeeze2) squeeze-lts; urgency=medium * Non-maintainer upload by the Squeeze LTS team. * Add CVE-2015-3406_CVE-2015-3407_CVE-2015-3408.patch. CVE-2015-3406: Module::Signature parses the unsigned portion of the SIGNATURE file as the signed portion due to incorrect handling of PGP signature boundaries. CVE-2015-3407: Module::Signature incorrectly handles files that are not listed in the SIGNATURE file. This includes some files in the t/ directory that would execute when tests are run. CVE-2015-3408: Module::Signature uses two argument open() calls to read the files when generating checksums from the signed manifest, allowing to embed arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. * Add CVE-2015-3409.patch. CVE-2015-3409: Module::Signature incorrectly handles module loading allowing to load modules from relative paths in @INC. A remote attacker providing a malicious module could use this issue to execute arbitrary code during signature verification. -- Santiago Ruano Rincón Wed, 01 Jul 2015 12:20:06 +0200 libmodule-signature-perl (0.63-1+squeeze1) squeeze; urgency=low * Team upload. * Add CVE-2013-2145.patch. CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE. (Closes: #711239) -- Salvatore Bonaccorso Tue, 18 Jun 2013 23:25:09 +0200 libmodule-signature-perl (0.63-1) unstable; urgency=low [ Jonathan Yu ] * New upstream release * No longer needs --with quilt * Update copyright information [ Krzysztof Krzyżaniak (eloy) ] * New upstream release * debian/control: update Standards-Version to 3.8.4 without any changes * debian/copyright: update dates * debian/source/format: created with value "3.0 (quilt)" * debian/README.source removed since new package type * debian/patches: removed, fixed upstream -- Jonathan Yu Wed, 07 Apr 2010 12:14:53 -0400 libmodule-signature-perl (0.61-1) unstable; urgency=low [ Jonathan Yu ] * New upstream release * Use new short debhelper rules format * Add myself to Uploaders and Copyright * Rewrite control description * Update copyright information (we're now using CC0) * Upgrade to debhelper 7.2.13 (for Module::AutoInstall) * Refresh keyserver.patch; add header * Remove unnecessary build dependencies [ gregor herrmann ] * Add debian/README.source to document quilt usage, as required by Debian Policy since 3.8.0. * debian/control: Changed: Switched Vcs-Browser field to ViewSVN (source stanza). * debian/control: Added: ${misc:Depends} to Depends: field. * Change my email address. [ Nathan Handler ] * debian/watch: Update to ignore development releases. -- Jonathan Yu Mon, 30 Nov 2009 15:57:30 -0500 libmodule-signature-perl (0.55-2) unstable; urgency=low * debian/control: Added: Vcs-Svn field (source stanza); Vcs-Browser field (source stanza); Homepage field (source stanza). Removed: XS- Vcs-Svn fields. * debian/rules: - delete /usr/lib/perl5 only if it exists (closes: #467870) - update based on dh-make-perl's templates - don't install README any more (no additional information) * debian/watch: use dist-based URL. * Set Standards-Version to 3.7.3 (no changes). * Add debian/compat instead of setting DH_COMPAT in debian/rules. * debian/copyright: add download URL and copy copyright/license terms verbatim from README to match reality. * Split the changes regarding the default keyserver (cf. #293080) out to keyserver.patch; and don't change the keyserver only in the test (which isn't actually run because it would fail due to the patch -- d'oh) but also in the module (and it's documentation) itself, which was the intention of the bug submitter ... Add quilt framework. -- gregor herrmann Sun, 09 Mar 2008 00:16:07 +0100 libmodule-signature-perl (0.55-1) unstable; urgency=low * New upstream release * debian/control: + Standards-Version: increased to 3.7.2.1 -- Krzysztof Krzyzaniak (eloy) Wed, 2 Aug 2006 16:13:43 +0200 libmodule-signature-perl (0.54-1) unstable; urgency=low * New upstream release. * Standard-Version upgraded to 3.7.2 (no changes needed). * Debhelper compatibility level upgraded to 5. * Move several dependencies to Build-Depends-Indep, as required by Policy. * Remove empty /usr/lib/perl5 directory from package. -- gregor herrmann Sun, 14 May 2006 01:45:03 +0200 libmodule-signature-perl (0.53-1) unstable; urgency=low * New upstream release, taking package for Perl Group (closes: #329595) (closes: #357075) * debian/watch - added * debian/control: - Standards-Version: upgraded to 3.6.2 - Uploaders: added me - Maintainer: set to Debian Perl Group - libdigest-sha-perl added to dependencies * debian/rules: - compat increased to 4 - added PERL_MM_USE_DEFAULT=1 -- Krzysztof Krzyzaniak (eloy) Wed, 15 Mar 2006 17:18:22 +0100 libmodule-signature-perl (0.44-3) unstable; urgency=low * Re-upload with full source, as the 0.44-1 upload was borked so the 0.44-2 upload was refused. -- Chip Salzenberg Fri, 8 Apr 2005 18:28:23 -0400 libmodule-signature-perl (0.44-2) unstable; urgency=low * Default to 'subkeys.pgp.net', not 'pgp.mit.edu'. (closes: #293080) * Clean up dependencies. -- Chip Salzenberg Fri, 8 Apr 2005 17:42:20 -0400 libmodule-signature-perl (0.44-1) unstable; urgency=medium * New upstream release. -- Chip Salzenberg Tue, 8 Mar 2005 12:43:12 -0500 libmodule-signature-perl (0.35-2) unstable; urgency=high * Fix Build-Depends by deleting my hacked dpkg-source. -- Chip Salzenberg Sun, 5 Oct 2003 21:45:16 -0400 libmodule-signature-perl (0.35-1) unstable; urgency=low * New upstream release. -- Chip Salzenberg Fri, 3 Oct 2003 19:30:47 -0400 libmodule-signature-perl (0.26-1) unstable; urgency=low * New upstream release. -- Chip Salzenberg Thu, 24 Jul 2003 18:12:17 -0400 libmodule-signature-perl (0.21-1) unstable; urgency=low * Initial Release. -- Chip Salzenberg Sat, 15 Feb 2003 15:18:20 -0500