File: changelog

package info (click to toggle)
libmodule-signature-perl 0.63-1%2Bsqueeze2
  • links: PTS, VCS
  • area: main
  • in suites: squeeze-lts
  • size: 424 kB
  • ctags: 249
  • sloc: perl: 2,384; makefile: 2
file content (172 lines) | stat: -rw-r--r-- 6,524 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
 
libmodule-signature-perl (0.63-1+squeeze2) squeeze-lts; urgency=medium

  * Non-maintainer upload by the Squeeze LTS team.
  * Add CVE-2015-3406_CVE-2015-3407_CVE-2015-3408.patch.
    CVE-2015-3406: Module::Signature parses the unsigned portion of the
    SIGNATURE file as the signed portion due to incorrect handling of PGP
    signature boundaries.
    CVE-2015-3407: Module::Signature incorrectly handles files that are not
    listed in the SIGNATURE file. This includes some files in the t/
    directory that would execute when tests are run.
    CVE-2015-3408: Module::Signature uses two argument open() calls to read
    the files when generating checksums from the signed manifest, allowing
    to embed arbitrary shell commands into the SIGNATURE file that would
    execute during the signature verification process.
  * Add CVE-2015-3409.patch.
    CVE-2015-3409: Module::Signature incorrectly handles module loading
    allowing to load modules from relative paths in @INC. A remote attacker
    providing a malicious module could use this issue to execute arbitrary
    code during signature verification.

 -- Santiago Ruano Rincón <santiagorr@riseup.net>  Wed, 01 Jul 2015 12:20:06 +0200

libmodule-signature-perl (0.63-1+squeeze1) squeeze; urgency=low

  * Team upload.
  * Add CVE-2013-2145.patch.
    CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE.
    (Closes: #711239)

 -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 18 Jun 2013 23:25:09 +0200

libmodule-signature-perl (0.63-1) unstable; urgency=low

  [ Jonathan Yu ]
  * New upstream release
  * No longer needs --with quilt
  * Update copyright information

  [ Krzysztof Krzyżaniak (eloy) ]
  * New upstream release
  * debian/control: update Standards-Version to 3.8.4 without any changes
  * debian/copyright: update dates
  * debian/source/format: created with value "3.0 (quilt)"
  * debian/README.source removed since new package type
  * debian/patches: removed, fixed upstream

 -- Jonathan Yu <jawnsy@cpan.org>  Wed, 07 Apr 2010 12:14:53 -0400

libmodule-signature-perl (0.61-1) unstable; urgency=low

  [ Jonathan Yu ]
  * New upstream release
  * Use new short debhelper rules format
  * Add myself to Uploaders and Copyright
  * Rewrite control description
  * Update copyright information (we're now using CC0)
  * Upgrade to debhelper 7.2.13 (for Module::AutoInstall)
  * Refresh keyserver.patch; add header
  * Remove unnecessary build dependencies

  [ gregor herrmann ]
  * Add debian/README.source to document quilt usage, as required by
    Debian Policy since 3.8.0.
  * debian/control: Changed: Switched Vcs-Browser field to ViewSVN
    (source stanza).
  * debian/control: Added: ${misc:Depends} to Depends: field.
  * Change my email address.

  [ Nathan Handler ]
  * debian/watch: Update to ignore development releases.

 -- Jonathan Yu <jawnsy@cpan.org>  Mon, 30 Nov 2009 15:57:30 -0500

libmodule-signature-perl (0.55-2) unstable; urgency=low

  * debian/control: Added: Vcs-Svn field (source stanza); Vcs-Browser
    field (source stanza); Homepage field (source stanza). Removed: XS-
    Vcs-Svn fields.
  * debian/rules:
    - delete /usr/lib/perl5 only if it exists (closes: #467870)
    - update based on dh-make-perl's templates
    - don't install README any more (no additional information)
  * debian/watch: use dist-based URL.
  * Set Standards-Version to 3.7.3 (no changes).
  * Add debian/compat instead of setting DH_COMPAT in debian/rules.
  * debian/copyright: add download URL and copy copyright/license terms
    verbatim from README to match reality.
  * Split the changes regarding the default keyserver (cf. #293080) out to
    keyserver.patch; and don't change the keyserver only in the test (which
    isn't actually run because it would fail due to the patch -- d'oh) but
    also in the module (and it's documentation) itself, which was the
    intention of the bug submitter ... Add quilt framework.

 -- gregor herrmann <gregor+debian@comodo.priv.at>  Sun, 09 Mar 2008 00:16:07 +0100

libmodule-signature-perl (0.55-1) unstable; urgency=low

  * New upstream release
  * debian/control:
   + Standards-Version: increased to 3.7.2.1

 -- Krzysztof Krzyzaniak (eloy) <eloy@debian.org>  Wed,  2 Aug 2006 16:13:43 +0200

libmodule-signature-perl (0.54-1) unstable; urgency=low

  * New upstream release.
  * Standard-Version upgraded to 3.7.2 (no changes needed).
  * Debhelper compatibility level upgraded to 5.
  * Move several dependencies to Build-Depends-Indep, as required by Policy.
  * Remove empty /usr/lib/perl5 directory from package.

 -- gregor herrmann <gregor+debian@comodo.priv.at>  Sun, 14 May 2006 01:45:03 +0200

libmodule-signature-perl (0.53-1) unstable; urgency=low

  * New upstream release, taking package for Perl Group 
    (closes: #329595) (closes: #357075)
  * debian/watch - added
  * debian/control:
   - Standards-Version: upgraded to 3.6.2
   - Uploaders: added me
   - Maintainer: set to Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
   - libdigest-sha-perl added to dependencies
  * debian/rules: 
   - compat increased to 4
   - added PERL_MM_USE_DEFAULT=1
  
 -- Krzysztof Krzyzaniak (eloy) <eloy@debian.org>  Wed, 15 Mar 2006 17:18:22 +0100

libmodule-signature-perl (0.44-3) unstable; urgency=low

  * Re-upload with full source, as the 0.44-1 upload was borked so the
    0.44-2 upload was refused.

 -- Chip Salzenberg <chip@debian.org>  Fri,  8 Apr 2005 18:28:23 -0400

libmodule-signature-perl (0.44-2) unstable; urgency=low

  * Default to 'subkeys.pgp.net', not 'pgp.mit.edu'.  (closes: #293080)
  * Clean up dependencies.

 -- Chip Salzenberg <chip@debian.org>  Fri,  8 Apr 2005 17:42:20 -0400

libmodule-signature-perl (0.44-1) unstable; urgency=medium

  * New upstream release.

 -- Chip Salzenberg <chip@debian.org>  Tue,  8 Mar 2005 12:43:12 -0500

libmodule-signature-perl (0.35-2) unstable; urgency=high

  * Fix Build-Depends by deleting my hacked dpkg-source.

 -- Chip Salzenberg <chip@debian.org>  Sun,  5 Oct 2003 21:45:16 -0400

libmodule-signature-perl (0.35-1) unstable; urgency=low

  * New upstream release.

 -- Chip Salzenberg <chip@debian.org>  Fri,  3 Oct 2003 19:30:47 -0400

libmodule-signature-perl (0.26-1) unstable; urgency=low

  * New upstream release.

 -- Chip Salzenberg <chip@debian.org>  Thu, 24 Jul 2003 18:12:17 -0400

libmodule-signature-perl (0.21-1) unstable; urgency=low

  * Initial Release.

 -- Chip Salzenberg <chip@debian.org>  Sat, 15 Feb 2003 15:18:20 -0500