-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 11 Apr 2021 02:08:34 +0200 Source: libnet-netmask-perl Architecture: source Version: 1.9104-2 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: gregor herrmann <gregoa@debian.org> Closes: 986135 Changes: libnet-netmask-perl (1.9104-2) unstable; urgency=medium . * Team upload. * Add patch 0001-SECURITY-Prevent-ambiguous-networks-from-being- accid.patch. This patch, taken from upstream commit 9023b40, fixes a security issue with IP addresses containing leading zeros which are interpreted as octal numbers. This is CVE-2021-29424, for details cf. also https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/. . From upstram Changes for 2.0000: - SECURITY: IPv4 addresses with leading zeros are no longer allowed. They will return a parse error like any invalid IP address. - SECURITY: 10.0.0, 10.0, and 10 address portions now by default return a parse error. This can be overridden … Cf. /usr/share/doc/libnet-netmask-perl/changelog.gz for details. . Closes: #986135 Checksums-Sha1: f3bd4a0f26fc56f015a3b7f644671d4a3599d519 2481 libnet-netmask-perl_1.9104-2.dsc d21bec4b9d1710717364ee569f01d62293682433 9176 libnet-netmask-perl_1.9104-2.debian.tar.xz Checksums-Sha256: dba40f288534203bb81eb3e8cec50abe857544ad2b709e5c53ff7227de99f424 2481 libnet-netmask-perl_1.9104-2.dsc b8806cd18d9f5920abecaeca1e5386bd4164f32236b287a0a7ab680d9385ea50 9176 libnet-netmask-perl_1.9104-2.debian.tar.xz Files: 808bbd86c9914e51062207e14c4339a9 2481 perl optional libnet-netmask-perl_1.9104-2.dsc 4f01ab458a25f18fec0f818f658bd0ca 9176 perl optional libnet-netmask-perl_1.9104-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmByP2tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qga1ag//T1fZYl+FJQTUbAd6gmoEc+zc1KzqBEazbo/TStCBda1d+kJJogzoN7BU ZUXwSwFuBBStsWJ/pkVHCwRdIWoXRr/Ila53mwfdtnCNz1st3niTFDhCxLftTJuI s1TKAtAVE2mCng8trsXDyAHMOzPRn613K8MM2RD8HWOBSkHTBO0CIjW0NIFQ1Qtp 34QlrGan7EXPKLJ4uBMIlEooHh2V/kL0D7zgEfqrtTvtLmz6kgm4hVo4nUvh6I8/ j595KPhMwGARV3jqsXDeetxIRBY48TnpDsUMapbiTbmixlvPCvrInA9C2FdHzuwV CIkVr0VcAw1jzVTbO59zZNYHjG6nEH23NQ28tUsA7djP/oK4Y/LZr46grQ6ONN84 KppPmV8PUlAef4W6Qx1zYEXU7bM7dnB2PGQORcUvEEvhPf4D4zPzBorYkwxyrx/+ t+w+Y7uK3iQgskIZwLVIar5bblAxjpVHNusOE7V63sr0yCEzCjPy4oXPd1sYnWsT P2x+xjDEY3RL4xZdqIdIXk3QpByxCMPw+Yrcg/xC0sGxpVV2TVyGEnk8Y+hpOHrp fCVR3qt16Eay2EI9LIGpMTb+BAZbLkCQro0L0B1FozoGTr/vJ4bUbZ0UDLSfpiax CQ43tmf/opGUyQlAK6ZSPrvQb4ciwIAUP+ac49YaGC32uFJXeP4= =6pOL -----END PGP SIGNATURE-----
