libmodule-signature-perl (0.68-1+deb7u3) wheezy-security; urgency=high * Team upload. * Add 0001-make-skip-work-again.patch patch. Restore --skip functionality for cpansign. (Closes: #785701) -- Salvatore Bonaccorso Wed, 20 May 2015 20:51:05 +0200 libmodule-signature-perl (0.68-1+deb7u2) wheezy-security; urgency=high * Team upload. * Add CVE-2015-3406_CVE-2015-3407_CVE-2015-3408.patch patch. CVE-2015-3406: Module::Signature parses the unsigned portion of the SIGNATURE file as the signed portion due to incorrect handling of PGP signature boundaries. CVE-2015-3407: Module::Signature incorrectly handles files that are not listed in the SIGNATURE file. This includes some files in the t/ directory that would execute when tests are run. CVE-2015-3408: Module::Signature uses two argument open() calls to read the files when generating checksums from the signed manifest, allowing to embed arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process. (Closes: #783451) * Add CVE-2015-3409.patch patch. CVE-2015-3409: Module::Signature incorrectly handles module loading allowing to load modules from relative paths in @INC. A remote attacker providing a malicious module could use this issue to execute arbitrary code during signature verification. (Closes: #783451) * Add Fix-signature-tests.patch patch. Fix signature tests by defaulting to verify(skip=>1) when $ENV{TEST_SIGNATURE} is true. -- Salvatore Bonaccorso Thu, 14 May 2015 17:35:32 +0200 libmodule-signature-perl (0.68-1+deb7u1) wheezy; urgency=low * Team upload. * Add CVE-2013-2145.patch. CVE-2013-2145: Fixes arbitrary code execution when verifying SIGNATURE. (Closes: #711239) -- Salvatore Bonaccorso Sun, 16 Jun 2013 22:51:28 +0200 libmodule-signature-perl (0.68-1) unstable; urgency=low [ Jotam Jr. Trejo ] * New upstream release * Bump DH compat level to 8 [ gregor herrmann ] * Don't run test that needs network access. * Clean up (build) dependencies. -- Jotam Jr. Trejo Fri, 13 May 2011 21:19:36 -0600 libmodule-signature-perl (0.67-1) unstable; urgency=low [ Jotam Jr. Trejo ] * New upstream release * debian/control: add libipc-run-perl to B-D-I, needed for some tests * debian/copyright: refresh according to DEP 5 revision 135 * debian/control: bump Standards Version to 3.9.2 (no changes) * Add myself to Uploaders and Copyright [ Ansgar Burchardt ] * debian/copyright: Update gregor herrmann's email address. -- Jotam Jr. Trejo Sat, 23 Apr 2011 17:50:09 -0600 libmodule-signature-perl (0.66-2) unstable; urgency=low [ Peter Pentchev ] * Team upload. * Install the t/0-signature.t file as an example. Closes: #606974 [ gregor herrmann ] * debian/copyright: update license stanzas. * debian/control: remove "perl (>= 5.10) | libdigest-sha-perl" from (Build-)Depends(-Indep), lenny has already perl 5.10. -- Peter Pentchev Mon, 13 Dec 2010 18:00:25 +0200 libmodule-signature-perl (0.66-1) unstable; urgency=low * New upstream release * debian/control: update Standards-Version to 3.9.1 without any changes -- Krzysztof Krzyżaniak (eloy) Mon, 27 Sep 2010 17:55:15 +0200 libmodule-signature-perl (0.64-1) UNRELEASED; urgency=low Changes to source package only; no longer creates GnuPG configuration files when 'Makefile.PL' is invoked. No urgent need for upload, binaries wouldn't differ. IGNORE-VERSION: 0.64-1 * New upstream release -- Jonathan Yu Sun, 09 May 2010 08:10:03 -0400 libmodule-signature-perl (0.63-1) unstable; urgency=low [ Jonathan Yu ] * New upstream release * No longer needs --with quilt * Update copyright information [ Krzysztof Krzyżaniak (eloy) ] * New upstream release * debian/control: update Standards-Version to 3.8.4 without any changes * debian/copyright: update dates * debian/source/format: created with value "3.0 (quilt)" * debian/README.source removed since new package type * debian/patches: removed, fixed upstream -- Jonathan Yu Wed, 07 Apr 2010 12:14:53 -0400 libmodule-signature-perl (0.61-1) unstable; urgency=low [ Jonathan Yu ] * New upstream release * Use new short debhelper rules format * Add myself to Uploaders and Copyright * Rewrite control description * Update copyright information (we're now using CC0) * Upgrade to debhelper 7.2.13 (for Module::AutoInstall) * Refresh keyserver.patch; add header * Remove unnecessary build dependencies [ gregor herrmann ] * Add debian/README.source to document quilt usage, as required by Debian Policy since 3.8.0. * debian/control: Changed: Switched Vcs-Browser field to ViewSVN (source stanza). * debian/control: Added: ${misc:Depends} to Depends: field. * Change my email address. [ Nathan Handler ] * debian/watch: Update to ignore development releases. -- Jonathan Yu Mon, 30 Nov 2009 15:57:30 -0500 libmodule-signature-perl (0.55-2) unstable; urgency=low * debian/control: Added: Vcs-Svn field (source stanza); Vcs-Browser field (source stanza); Homepage field (source stanza). Removed: XS- Vcs-Svn fields. * debian/rules: - delete /usr/lib/perl5 only if it exists (closes: #467870) - update based on dh-make-perl's templates - don't install README any more (no additional information) * debian/watch: use dist-based URL. * Set Standards-Version to 3.7.3 (no changes). * Add debian/compat instead of setting DH_COMPAT in debian/rules. * debian/copyright: add download URL and copy copyright/license terms verbatim from README to match reality. * Split the changes regarding the default keyserver (cf. #293080) out to keyserver.patch; and don't change the keyserver only in the test (which isn't actually run because it would fail due to the patch -- d'oh) but also in the module (and it's documentation) itself, which was the intention of the bug submitter ... Add quilt framework. -- gregor herrmann Sun, 09 Mar 2008 00:16:07 +0100 libmodule-signature-perl (0.55-1) unstable; urgency=low * New upstream release * debian/control: + Standards-Version: increased to 3.7.2.1 -- Krzysztof Krzyzaniak (eloy) Wed, 2 Aug 2006 16:13:43 +0200 libmodule-signature-perl (0.54-1) unstable; urgency=low * New upstream release. * Standard-Version upgraded to 3.7.2 (no changes needed). * Debhelper compatibility level upgraded to 5. * Move several dependencies to Build-Depends-Indep, as required by Policy. * Remove empty /usr/lib/perl5 directory from package. -- gregor herrmann Sun, 14 May 2006 01:45:03 +0200 libmodule-signature-perl (0.53-1) unstable; urgency=low * New upstream release, taking package for Perl Group (closes: #329595) (closes: #357075) * debian/watch - added * debian/control: - Standards-Version: upgraded to 3.6.2 - Uploaders: added me - Maintainer: set to Debian Perl Group - libdigest-sha-perl added to dependencies * debian/rules: - compat increased to 4 - added PERL_MM_USE_DEFAULT=1 -- Krzysztof Krzyzaniak (eloy) Wed, 15 Mar 2006 17:18:22 +0100 libmodule-signature-perl (0.44-3) unstable; urgency=low * Re-upload with full source, as the 0.44-1 upload was borked so the 0.44-2 upload was refused. -- Chip Salzenberg Fri, 8 Apr 2005 18:28:23 -0400 libmodule-signature-perl (0.44-2) unstable; urgency=low * Default to 'subkeys.pgp.net', not 'pgp.mit.edu'. (closes: #293080) * Clean up dependencies. -- Chip Salzenberg Fri, 8 Apr 2005 17:42:20 -0400 libmodule-signature-perl (0.44-1) unstable; urgency=medium * New upstream release. -- Chip Salzenberg Tue, 8 Mar 2005 12:43:12 -0500 libmodule-signature-perl (0.35-2) unstable; urgency=high * Fix Build-Depends by deleting my hacked dpkg-source. -- Chip Salzenberg Sun, 5 Oct 2003 21:45:16 -0400 libmodule-signature-perl (0.35-1) unstable; urgency=low * New upstream release. -- Chip Salzenberg Fri, 3 Oct 2003 19:30:47 -0400 libmodule-signature-perl (0.26-1) unstable; urgency=low * New upstream release. -- Chip Salzenberg Thu, 24 Jul 2003 18:12:17 -0400 libmodule-signature-perl (0.21-1) unstable; urgency=low * Initial Release. -- Chip Salzenberg Sat, 15 Feb 2003 15:18:20 -0500