unsafe use of eval in Digest->new()

Debian Bug report logs - #644108
unsafe use of eval in Digest->new()

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ansgar Burchardt <ansgar@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: unsafe use of eval in Digest->new()

Date: Sun, 02 Oct 2011 23:44:39 +0200

[Message part 1 (text/plain, inline)]

Package: perl
Version: 5.10.0-19
Severity: grave
Tags: security upstream

Hi,

the last upstream release of libdigest-perl (1.17) contains a fix for an
unsafe use of eval: the argument to Digest->new($algo) was not checked
properly allowing code injection (in case the value can be changed by
the attacker).

This also affects perl as the module is included in perl-base.

I have attached the update for libdigest-perl I prepared for squeeze
which only contains the relevant fix.

Regards,
Ansgar

[libdigest-perl_squeeze.diff (text/x-diff, attachment)]

Message #8 received at 644108@bugs.debian.org (full text, mbox, reply):

From: Ansgar Burchardt <ansgar@debian.org>

To: 644108@bugs.debian.org

Subject: Re: unsafe use of eval in Digest->new()

Date: Mon, 03 Oct 2011 12:39:38 +0200

Hi,

there will be no DSA for this issue.

Regards,
Ansgar

Message #13 received at 644108@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Ansgar Burchardt <ansgar@debian.org>, 644108@bugs.debian.org

Subject: Re: Bug#644108: unsafe use of eval in Digest->new()

Date: Mon, 3 Oct 2011 16:01:50 +0200

On Sun, Oct 02, 2011 at 11:44:39PM +0200, Ansgar Burchardt wrote:
> Package: perl
> Version: 5.10.0-19
> Severity: grave
> Tags: security upstream
> 
> Hi,
> 
> the last upstream release of libdigest-perl (1.17) contains a fix for an
> unsafe use of eval: the argument to Digest->new($algo) was not checked
> properly allowing code injection (in case the value can be changed by
> the attacker).
> 
> This also affects perl as the module is included in perl-base.

perl-modules from Squeeze also contains 1.16, just like libdigest-perl.
What's the purpose of this package, then? 

Wouldn't it rather make sense to drop standalone packages for all
modules present in perl-modules?

Cheers,
        Moritz

Message #18 received at 644108@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: Moritz Mühlenhoff <jmm@inutil.org>, 644108@bugs.debian.org

Cc: Ansgar Burchardt <ansgar@debian.org>

Subject: Re: Bug#644108: unsafe use of eval in Digest->new()

Date: Mon, 3 Oct 2011 18:51:27 +0100

On Mon, Oct 03, 2011 at 04:01:50PM +0200, Moritz Mühlenhoff wrote:
> perl-modules from Squeeze also contains 1.16, just like libdigest-perl.
> What's the purpose of this package, then? 
> 
> Wouldn't it rather make sense to drop standalone packages for all
> modules present in perl-modules?

Where the version is the same or lower than that provided by perl-modules
(or perl), yes. In most cases I think these get caught in unstable,
although that might not have happened so much in squeeze and before.
The plan is to keep such redundant packages out of testing, certainly.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Message #25 received at 644108@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: Ansgar Burchardt <ansgar@debian.org>, 644108@bugs.debian.org

Subject: Re: Bug#644108: unsafe use of eval in Digest->new()

Date: Mon, 3 Oct 2011 19:27:28 +0100

severity 644108 important
thanks

On Mon, Oct 03, 2011 at 12:39:38PM +0200, Ansgar Burchardt wrote:
> there will be no DSA for this issue.

Okay, I assume this means that a severity downgrade is in order. I'm
not yet convined that the effort and risk of a squeeze and lenny release
of perl is justified (but then I'm not ruling it out either).

Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Message #30 received at 644108@bugs.debian.org (full text, mbox, reply):

From: "Thijs Kinkhorst" <thijs@debian.org>

To: 644108@bugs.debian.org

Subject: CVE name assigned

Date: Tue, 4 Oct 2011 21:48:38 +0200

This is CVE-2011-3597

Message #35 received at 644108-close@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: 644108-close@bugs.debian.org

Subject: Bug#644108: fixed in perl 5.12.4-6

Date: Sun, 09 Oct 2011 12:03:55 +0000

Source: perl
Source-Version: 5.12.4-6

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.12.4-6_all.deb
  to main/p/perl/libcgi-fast-perl_5.12.4-6_all.deb
libperl-dev_5.12.4-6_i386.deb
  to main/p/perl/libperl-dev_5.12.4-6_i386.deb
libperl5.12_5.12.4-6_i386.deb
  to main/p/perl/libperl5.12_5.12.4-6_i386.deb
perl-base_5.12.4-6_i386.deb
  to main/p/perl/perl-base_5.12.4-6_i386.deb
perl-debug_5.12.4-6_i386.deb
  to main/p/perl/perl-debug_5.12.4-6_i386.deb
perl-doc_5.12.4-6_all.deb
  to main/p/perl/perl-doc_5.12.4-6_all.deb
perl-modules_5.12.4-6_all.deb
  to main/p/perl/perl-modules_5.12.4-6_all.deb
perl_5.12.4-6.debian.tar.gz
  to main/p/perl/perl_5.12.4-6.debian.tar.gz
perl_5.12.4-6.dsc
  to main/p/perl/perl_5.12.4-6.dsc
perl_5.12.4-6_i386.deb
  to main/p/perl/perl_5.12.4-6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644108@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves <dom@earth.li> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 07 Oct 2011 22:15:54 +0100
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.12 libperl-dev perl
Architecture: source all i386
Version: 5.12.4-6
Distribution: unstable
Urgency: medium
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.12 - shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
Closes: 644108
Changes: 
 perl (5.12.4-6) unstable; urgency=medium
 .
   * [SECURITY] CVE-2011-3597: Fix unsafe use of eval in Digest->new();
     thanks to Ansgar Burchardt for the notification (Closes: #644108)
Checksums-Sha1: 
 64035645fb5f74139cc78bf156413a0c11bc4f96 1680 perl_5.12.4-6.dsc
 a13784fe9bfedc8c4f000ff044788b7073da2d0d 102821 perl_5.12.4-6.debian.tar.gz
 012e75b879094063e949e40250d5bdd8fc7ad842 56606 libcgi-fast-perl_5.12.4-6_all.deb
 377201f8a577d7113aa12cf8ca162a0f87db01d0 7519814 perl-doc_5.12.4-6_all.deb
 309bdd8c70438dc9b639d8981bdf4fc6548806db 4786124 perl-modules_5.12.4-6_all.deb
 236383dfdf6b7ed6e3542613b3d4f84ce3c5f597 1454470 perl-base_5.12.4-6_i386.deb
 c3683274c04dd8da34f1bfb1ce25b7ba55c51762 7508190 perl-debug_5.12.4-6_i386.deb
 aa8179f674478cb63dcff64db440b21cf23b2eb8 704086 libperl5.12_5.12.4-6_i386.deb
 cdf6255a56905944d2db1459761131f32f6d94e3 2593990 libperl-dev_5.12.4-6_i386.deb
 77bd0415fc8978df184c509d750fafe23aa58ad5 3565594 perl_5.12.4-6_i386.deb
Checksums-Sha256: 
 88aa8e5092db99ab23f9d7e85bb8a14f1844f8762bd1ebe2533b73ae04399ebe 1680 perl_5.12.4-6.dsc
 3d55934bb87948500d5e480d3979b1e6712000e0f0399467723efd1ab263a64a 102821 perl_5.12.4-6.debian.tar.gz
 9e923db894dfb8d860956926664d522d90a1c4e5cab5ea09d0d64079f340f523 56606 libcgi-fast-perl_5.12.4-6_all.deb
 8f885fc957d9db552751608a30fe26c9e607c531df454bded2575f9626548b8e 7519814 perl-doc_5.12.4-6_all.deb
 545422fe21eba19c7052bf5942fa242be4c4d0b528ba47f883fd299049fac8da 4786124 perl-modules_5.12.4-6_all.deb
 8acd3e6891c91ac16e86b4085a7134af5ecc17ba50b71a35684873da4507ab39 1454470 perl-base_5.12.4-6_i386.deb
 6bfe557c91c31d2d059891664758496311262d7150ba43e3de15c7e37ab461b1 7508190 perl-debug_5.12.4-6_i386.deb
 e31f71ab1abe414c276e2f056cd3d1c0987c2c8e95294842ab9684bffd303d9a 704086 libperl5.12_5.12.4-6_i386.deb
 fbfc419f77fbdb18aad55d997e9c3fc7c8b401ee5431a3555fe3a952bafa0f77 2593990 libperl-dev_5.12.4-6_i386.deb
 bc1a17c65f90505dc5b331d75067c32968092064e6a1d1b65df9c00f63a9a474 3565594 perl_5.12.4-6_i386.deb
Files: 
 62bf0c96c2e2676c4b40c0f3b1b189dd 1680 perl standard perl_5.12.4-6.dsc
 53092824dbfa8832e6ea95551bf59d8d 102821 perl standard perl_5.12.4-6.debian.tar.gz
 3bca58fabf0b171651dd0078c7f52d56 56606 perl optional libcgi-fast-perl_5.12.4-6_all.deb
 ea29b6d30450cfc6125f34e406ab891f 7519814 doc optional perl-doc_5.12.4-6_all.deb
 c73e8241ba25ea0367bd652cdf5d95d2 4786124 perl standard perl-modules_5.12.4-6_all.deb
 70b6ad3dafe1ea77f28e53dfd637bd7b 1454470 perl required perl-base_5.12.4-6_i386.deb
 40fd13fad0567c2af706959632dc0033 7508190 debug extra perl-debug_5.12.4-6_i386.deb
 b59ce2bc1d7ecd580919d138c627a83a 704086 libs optional libperl5.12_5.12.4-6_i386.deb
 d47528fa1ecf24370df34053ec0b1ffb 2593990 libdevel optional libperl-dev_5.12.4-6_i386.deb
 03a083be62512dc387f6cb69d4553ace 3565594 perl standard perl_5.12.4-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOkD3SYzuFKFF44qURAs0OAKCR6rp06n0+jQLHjFoXMiEMw03ZHgCg8tzy
NASJZvGAJ1xPkK24a6uLsQg=
=Rvbz
-----END PGP SIGNATURE-----

Message #40 received at 644108-close@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: 644108-close@bugs.debian.org

Subject: Bug#644108: fixed in perl 5.14.2-2

Date: Sat, 12 Nov 2011 19:33:57 +0000

Source: perl
Source-Version: 5.14.2-2

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.14.2-2_all.deb
  to main/p/perl/libcgi-fast-perl_5.14.2-2_all.deb
libperl-dev_5.14.2-2_i386.deb
  to main/p/perl/libperl-dev_5.14.2-2_i386.deb
libperl5.14_5.14.2-2_i386.deb
  to main/p/perl/libperl5.14_5.14.2-2_i386.deb
perl-base_5.14.2-2_i386.deb
  to main/p/perl/perl-base_5.14.2-2_i386.deb
perl-debug_5.14.2-2_i386.deb
  to main/p/perl/perl-debug_5.14.2-2_i386.deb
perl-doc_5.14.2-2_all.deb
  to main/p/perl/perl-doc_5.14.2-2_all.deb
perl-modules_5.14.2-2_all.deb
  to main/p/perl/perl-modules_5.14.2-2_all.deb
perl_5.14.2-2.debian.tar.gz
  to main/p/perl/perl_5.14.2-2.debian.tar.gz
perl_5.14.2-2.dsc
  to main/p/perl/perl_5.14.2-2.dsc
perl_5.14.2-2_i386.deb
  to main/p/perl/perl_5.14.2-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644108@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves <dom@earth.li> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 12 Nov 2011 17:25:33 +0000
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.14 libperl-dev perl
Architecture: source all i386
Version: 5.14.2-2
Distribution: experimental
Urgency: low
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.14 - shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
Closes: 644108 645790 645989 646016
Changes: 
 perl (5.14.2-2) experimental; urgency=low
 .
   * [SECURITY] CVE-2011-3597: Fix unsafe use of eval in Digest->new();
     thanks to Ansgar Burchardt for the notification (Closes: #644108)
   * Merge 5.12.4-6 from unstable
   * Fix NDBM_File hints on GNU/Hurd
     (thanks, Pino Toscano) (Closes: #645989)
   * Fix hang in t/ext/POSIX/t/sysconf.t on GNU/Hurd
     (thanks, Pino Toscano) (Closes: #646016)
   * Enable LFS on GNU/Hurd
     (thanks, Pino Toscano) (Closes: #645790)
Checksums-Sha1: 
 df2c57a8a546e9adf9ef7128afc05bcd547fc7ef 1680 perl_5.14.2-2.dsc
 dd382372ff2d7ecc2370115860619a4d61146f23 122789 perl_5.14.2-2.debian.tar.gz
 0f0b0a3dff20a7042d2fd426dc2662ef1cb4948c 71902 libcgi-fast-perl_5.14.2-2_all.deb
 d15a4d3c37c091c54eb7763cd3dcacd259c5567b 8159792 perl-doc_5.14.2-2_all.deb
 38400bdcca6947b881bbfd19d0680d64ab1acbe6 3437878 perl-modules_5.14.2-2_all.deb
 f2cf32d20cbedacd559875351ecf69ddb446f1c8 1481686 perl-base_5.14.2-2_i386.deb
 b1ee375dd17e451f6481dd49e69383fee106f712 7757652 perl-debug_5.14.2-2_i386.deb
 728357d3a2e8cb1bd81d7c101994611b1f940894 724410 libperl5.14_5.14.2-2_i386.deb
 05fc561d8b5f746cbb1b5718e0c41a891036e289 2679298 libperl-dev_5.14.2-2_i386.deb
 afde2cd00f7b8d745e50e8fd5b73be8cf9794489 3697142 perl_5.14.2-2_i386.deb
Checksums-Sha256: 
 2fe4a452916a13e31e890498f861f16dc2cb985c270b8acb241c71dc95a59235 1680 perl_5.14.2-2.dsc
 54df71a18cdbe4f596948c215fce9d0931f3598411c9a4b235c8cc0f249288dc 122789 perl_5.14.2-2.debian.tar.gz
 402972d5e953b4dab60eead6f2db893d39ccb9e2fbda9bf1b955c7ee52aa1259 71902 libcgi-fast-perl_5.14.2-2_all.deb
 903edcd2de7ee6f11c2cf044a9e8e5827a5a195caed37d2601f69aca30134c60 8159792 perl-doc_5.14.2-2_all.deb
 56aa2b44c93c5bdd5c162cc2cc21b621083819fa849d829e5aebea85353f0e15 3437878 perl-modules_5.14.2-2_all.deb
 a09fbc8659d69e22b2bf79f8c4bfbee105b4e8954e1b762289ea95e1d971d417 1481686 perl-base_5.14.2-2_i386.deb
 0b15a9136fdfbf74fad53b8d2334549f3f5af5afa1babd95836cef2bc5026d2f 7757652 perl-debug_5.14.2-2_i386.deb
 517f31887e9726b56adf79a702df1fbe7e658043d1838d796ab6320c1841d674 724410 libperl5.14_5.14.2-2_i386.deb
 3f534bc314ef3e6b8f183e436bd99c001503a590a849078c8106c3fc48c1fc7c 2679298 libperl-dev_5.14.2-2_i386.deb
 fc476ebadedb8c403e83aa5225859755c52e9565e835ef477e220bb982ac0aa3 3697142 perl_5.14.2-2_i386.deb
Files: 
 2bc44b5f498292bbc46bbd91cc7a7e5e 1680 perl standard perl_5.14.2-2.dsc
 811c4827f0b7fbc062df6f83deb0fb1a 122789 perl standard perl_5.14.2-2.debian.tar.gz
 aa34142558e90ba36525c084c71f6a4a 71902 perl optional libcgi-fast-perl_5.14.2-2_all.deb
 ab539b6382e90c3ac0efdfb89ab23e15 8159792 doc optional perl-doc_5.14.2-2_all.deb
 aaf6edceeb7e33b0454b9cae9aafa922 3437878 perl standard perl-modules_5.14.2-2_all.deb
 155c17093b59e684b35931c6145c182d 1481686 perl required perl-base_5.14.2-2_i386.deb
 ebf9179d7cb818e6f58b0397c8455820 7757652 debug extra perl-debug_5.14.2-2_i386.deb
 acf28554b68d2184cf0c0c7db880d659 724410 libs optional libperl5.14_5.14.2-2_i386.deb
 c66a3f8cfca5e2d0a5e44e9b3dc64fc7 2679298 libdevel optional libperl-dev_5.14.2-2_i386.deb
 eee5d83199872987abc1250e808f27cb 3697142 perl standard perl_5.14.2-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOvsZCYzuFKFF44qURAjeFAKDYuZEGLOtdLXAYEsIp6txpmUybEgCg+Lfc
8DKci9WMQv7VT3tk11OWZ2A=
=Y/6Y
-----END PGP SIGNATURE-----

Message #57 received at 644108-close@bugs.debian.org (full text, mbox, reply):

From: Dominic Hargreaves <dom@earth.li>

To: 644108-close@bugs.debian.org

Subject: Bug#644108: fixed in perl 5.10.1-17squeeze3

Date: Wed, 21 Dec 2011 07:55:45 +0000

Source: perl
Source-Version: 5.10.1-17squeeze3

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.10.1-17squeeze3_all.deb
  to main/p/perl/libcgi-fast-perl_5.10.1-17squeeze3_all.deb
libperl-dev_5.10.1-17squeeze3_i386.deb
  to main/p/perl/libperl-dev_5.10.1-17squeeze3_i386.deb
libperl5.10_5.10.1-17squeeze3_i386.deb
  to main/p/perl/libperl5.10_5.10.1-17squeeze3_i386.deb
perl-base_5.10.1-17squeeze3_i386.deb
  to main/p/perl/perl-base_5.10.1-17squeeze3_i386.deb
perl-debug_5.10.1-17squeeze3_i386.deb
  to main/p/perl/perl-debug_5.10.1-17squeeze3_i386.deb
perl-doc_5.10.1-17squeeze3_all.deb
  to main/p/perl/perl-doc_5.10.1-17squeeze3_all.deb
perl-modules_5.10.1-17squeeze3_all.deb
  to main/p/perl/perl-modules_5.10.1-17squeeze3_all.deb
perl-suid_5.10.1-17squeeze3_i386.deb
  to main/p/perl/perl-suid_5.10.1-17squeeze3_i386.deb
perl_5.10.1-17squeeze3.debian.tar.gz
  to main/p/perl/perl_5.10.1-17squeeze3.debian.tar.gz
perl_5.10.1-17squeeze3.dsc
  to main/p/perl/perl_5.10.1-17squeeze3.dsc
perl_5.10.1-17squeeze3_i386.deb
  to main/p/perl/perl_5.10.1-17squeeze3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 644108@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves <dom@earth.li> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 20 Dec 2011 20:01:23 +0000
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid libperl5.10 libperl-dev perl
Architecture: source all i386
Version: 5.10.1-17squeeze3
Distribution: stable
Urgency: low
Maintainer: Niko Tyni <ntyni@debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.10 - shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
 perl-suid  - runs setuid Perl scripts
Closes: 604902 637376 644108
Changes: 
 perl (5.10.1-17squeeze3) stable; urgency=low
 .
   * [SECURITY] CVE-2011-2939: Fix decode_xs n-byte heap-overflow security
     bug in Unicode.xs (Closes: #637376)
   * [SECURITY] CVE-2011-3597: Fix unsafe use of eval in Digest->new();
     thanks to Ansgar Burchardt for the notification (Closes: #644108)
   * Unregister signal handler before destroying my_perl; fixes segfault
     (Closes: #604902)
Checksums-Sha1: 
 8843091f6e603972d5b4d4a11089dba53824b0de 1422 perl_5.10.1-17squeeze3.dsc
 bb8db3889b23751f00683d8e5b11773a4b6c4c45 118221 perl_5.10.1-17squeeze3.debian.tar.gz
 0cefaca80ba0a7d0c9e4f0462c07031e862aad30 52942 libcgi-fast-perl_5.10.1-17squeeze3_all.deb
 b116d4697abb77b6e297dde3ed3b256c7ffbb82a 7188506 perl-doc_5.10.1-17squeeze3_all.deb
 19b3dcfa05823ade81293ebe225a84731185f1c0 3490542 perl-modules_5.10.1-17squeeze3_all.deb
 45fc31cb973d06659d35e8dcd2fd65da8bfb3826 980444 perl-base_5.10.1-17squeeze3_i386.deb
 60459dec649a72fbe2a183d2aa9198828534aa89 6631472 perl-debug_5.10.1-17squeeze3_i386.deb
 6fb5ce9309fa5e4496770d09403166ba7996c335 33082 perl-suid_5.10.1-17squeeze3_i386.deb
 1976197275655e04e32bc9ef562dfe16f6df1806 632980 libperl5.10_5.10.1-17squeeze3_i386.deb
 9a90a138eedad64670f5ab8b427bed1d3931a248 2344660 libperl-dev_5.10.1-17squeeze3_i386.deb
 8ec8f63de8cc549a5ce12d6e48a0863468fc50d3 3779972 perl_5.10.1-17squeeze3_i386.deb
Checksums-Sha256: 
 7f65a968e8055330dd39ea8b338a9988a0d5efadc71d37bdd539176537fe1410 1422 perl_5.10.1-17squeeze3.dsc
 7fe9f8d789020722fdc68bdee57943fd8cc934233887b40d4c540f764c17dc61 118221 perl_5.10.1-17squeeze3.debian.tar.gz
 5e59422232d568b1bca7436f4058ecdc8fb3320b274a7af5c74f5189d54f982d 52942 libcgi-fast-perl_5.10.1-17squeeze3_all.deb
 d60be500a411aa9aa47d2e956eaf733d98658141d9e8883d3000da47704a322a 7188506 perl-doc_5.10.1-17squeeze3_all.deb
 87d0138eff66a0f0e7f585dae5e2b512703ebf49ec6547d79662b859ed18bf8f 3490542 perl-modules_5.10.1-17squeeze3_all.deb
 80a91d13da776b2a0a1fbce39aaae8d2927de90994cdc64c7bafce5eefaaa447 980444 perl-base_5.10.1-17squeeze3_i386.deb
 16cb303beb593fe49b5fc7a16e2bd31c73c35466f3d24527c91f77a660c5cde5 6631472 perl-debug_5.10.1-17squeeze3_i386.deb
 d8ba102fb43869cd9b0e12cc3bac4d5960f534a222eb5d0ea0e0bc0faf20ee77 33082 perl-suid_5.10.1-17squeeze3_i386.deb
 3021f5a310aa0c6ab902edaa96a141ab7350df6e71ef7a5356bf67baf28caca9 632980 libperl5.10_5.10.1-17squeeze3_i386.deb
 b172480c65818cbd5a9dc20abc7b145e77e57c27149c65ae2b3b55870e8fa1b0 2344660 libperl-dev_5.10.1-17squeeze3_i386.deb
 43d3094c4be1da418e5c99e7b495f86ab0b7a88b3e1bb9a919b5e43c723bf48f 3779972 perl_5.10.1-17squeeze3_i386.deb
Files: 
 d9eab87849364e3327920e382f3a5887 1422 perl standard perl_5.10.1-17squeeze3.dsc
 e1efd83cf80e965a40d8aa4fd745f0f0 118221 perl standard perl_5.10.1-17squeeze3.debian.tar.gz
 40633b98fae67084c284494c961f4f75 52942 perl optional libcgi-fast-perl_5.10.1-17squeeze3_all.deb
 3932fb00d1af19a23af4f55902323cc6 7188506 doc optional perl-doc_5.10.1-17squeeze3_all.deb
 bf3aed2150a5e97f90e9fc136a197a9e 3490542 perl standard perl-modules_5.10.1-17squeeze3_all.deb
 20ced901f6f8c21fb31c546a7177c4ed 980444 perl required perl-base_5.10.1-17squeeze3_i386.deb
 24a219d7133aeb15cf7f08524eb1399f 6631472 debug extra perl-debug_5.10.1-17squeeze3_i386.deb
 e6543333ebbc2da71eede37bec255267 33082 perl optional perl-suid_5.10.1-17squeeze3_i386.deb
 a2ee1211165807ea8766247e5e4cce57 632980 libs optional libperl5.10_5.10.1-17squeeze3_i386.deb
 8de6fcb74ba725c85a2bc23b495645aa 2344660 libdevel optional libperl-dev_5.10.1-17squeeze3_i386.deb
 452c1287272b46e62a2ffdf45b200104 3779972 perl standard perl_5.10.1-17squeeze3_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFO8PpwYzuFKFF44qURAngvAKCbHo99M3keZB76Xq40Vk99ZzQzwgCeICdt
fnvwvuEAY+K9zsBNIHdkezE=
=OItN
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.