-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 20 Nov 2008 22:45:54 +0200 Source: perl Binary: perl-base libcgi-fast-perl libperl-dev perl-debug perl-modules perl libperl5.8 perl-suid perl-doc Architecture: source i386 all Version: 5.8.8-7etch5 Distribution: stable-security Urgency: high Maintainer: Brendan O'Dea <bod@debian.org> Changed-By: Niko Tyni <ntyni@debian.org> Description: libcgi-fast-perl - CGI::Fast Perl module libperl-dev - Perl library: development files libperl5.8 - Shared Perl library perl - Larry Wall's Practical Extraction and Report Language perl-base - The Pathologically Eclectic Rubbish Lister perl-debug - Debug-enabled Perl interpreter perl-doc - Perl documentation perl-modules - Core Perl modules perl-suid - Runs setuid Perl scripts Closes: 286905 286922 Changes: perl (5.8.8-7etch5) stable-security; urgency=high . * SECURITY [CAN-2005-0448]: re-rewrite File::Path::rmtree to avoid race condition which allows an attacker with write permission on directories in the tree being removed to make files setuid or to remove arbitrary files (Closes: #286905, #286922). . The race condition was fixed in 5.8.4-7 but re-introduced in 5.8.8-1. Files: a57837967b7420057558cab7efca9202 750 perl standard perl_5.8.8-7etch5.dsc cfd4c3d27c5a7a342c441383867dae89 105052 perl standard perl_5.8.8-7etch5.diff.gz 9dfa8758852aadcaadb2edbdfa17f942 41082 perl optional libcgi-fast-perl_5.8.8-7etch5_all.deb 3baade38d4a703ae7db0e2f7d7b2df62 7378812 doc optional perl-doc_5.8.8-7etch5_all.deb dc45e7d6fbedf992db42f31326457df2 2316518 perl standard perl-modules_5.8.8-7etch5_all.deb 40254226d8ae5963a908661350816f0c 762200 perl required perl-base_5.8.8-7etch5_i386.deb 7149381d9862cc1ebd20092fae76dda9 2491980 perl optional perl-debug_5.8.8-7etch5_i386.deb 59d70d1ee4f0e7584230095ca079ceb7 32070 perl optional perl-suid_5.8.8-7etch5_i386.deb c511226a2cbddb98a170c8f563d6670a 527162 libs optional libperl5.8_5.8.8-7etch5_i386.deb f3f34d325de643667d4c12f897a15f48 585396 libdevel optional libperl-dev_5.8.8-7etch5_i386.deb bdcb99ed51d06b1639d98a661ce42d58 3589118 perl standard perl_5.8.8-7etch5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkxTPsACgkQiyizGWoHLTn0OgCdGI24OjO5S7gb+Vh2qRcSOJYL U7gAnRXL7Wbcotrdf0cWNYj4zbMweEj5 =8aRt -----END PGP SIGNATURE----- Accepted: libcgi-fast-perl_5.8.8-7etch5_all.deb to pool/main/p/perl/libcgi-fast-perl_5.8.8-7etch5_all.deb libperl-dev_5.8.8-7etch5_i386.deb to pool/main/p/perl/libperl-dev_5.8.8-7etch5_i386.deb libperl5.8_5.8.8-7etch5_i386.deb to pool/main/p/perl/libperl5.8_5.8.8-7etch5_i386.deb perl-base_5.8.8-7etch5_i386.deb to pool/main/p/perl/perl-base_5.8.8-7etch5_i386.deb perl-debug_5.8.8-7etch5_i386.deb to pool/main/p/perl/perl-debug_5.8.8-7etch5_i386.deb perl-doc_5.8.8-7etch5_all.deb to pool/main/p/perl/perl-doc_5.8.8-7etch5_all.deb perl-modules_5.8.8-7etch5_all.deb to pool/main/p/perl/perl-modules_5.8.8-7etch5_all.deb perl-suid_5.8.8-7etch5_i386.deb to pool/main/p/perl/perl-suid_5.8.8-7etch5_i386.deb perl_5.8.8-7etch5.diff.gz to pool/main/p/perl/perl_5.8.8-7etch5.diff.gz perl_5.8.8-7etch5.dsc to pool/main/p/perl/perl_5.8.8-7etch5.dsc perl_5.8.8-7etch5_i386.deb to pool/main/p/perl/perl_5.8.8-7etch5_i386.deb