-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 18 Sep 2018 19:59:36 +0200 Source: libapache2-mod-perl2 Binary: libapache2-mod-perl2 libapache2-mod-perl2-dev libapache2-mod-perl2-doc Architecture: source amd64 all Version: 2.0.9~1624218-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libapache2-mod-perl2 - Integration of perl with the Apache2 web server libapache2-mod-perl2-dev - Integration of perl with the Apache2 web server - development fil libapache2-mod-perl2-doc - Integration of perl with the Apache2 web server - documentation Changes: libapache2-mod-perl2 (2.0.9~1624218-2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2011-2767: Jan Ingvoldstad discovered that libapache2-mod-perl2 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. Checksums-Sha1: c7751e49f32ca578c40126073e8179d2a9a1bc62 2882 libapache2-mod-perl2_2.0.9~1624218-2+deb8u3.dsc 74838fa4fa7c0670c64c77f3118fd89067cd9343 2863104 libapache2-mod-perl2_2.0.9~1624218.orig.tar.xz 649d6b76addcac675dcab8d508fa83a4c1cbf558 29264 libapache2-mod-perl2_2.0.9~1624218-2+deb8u3.debian.tar.xz e316d25499810e70034bbf94b37abc1178910fa1 900950 libapache2-mod-perl2_2.0.9~1624218-2+deb8u3_amd64.deb d8ab39800c4dd71e3ce2d4c68386ea5969833148 85202 libapache2-mod-perl2-dev_2.0.9~1624218-2+deb8u3_all.deb 5fc6e4bd5097760ad2164b41210b8aca67550822 1305440 libapache2-mod-perl2-doc_2.0.9~1624218-2+deb8u3_all.deb Checksums-Sha256: 930a00944d27f9ca84b5a66c99c7e7d164b294408e586d767724275831d38f8e 2882 libapache2-mod-perl2_2.0.9~1624218-2+deb8u3.dsc 0999ccd4de17c7e4f87572378d76bf5f325b9b626e8fbfad2aad9de463c95183 2863104 libapache2-mod-perl2_2.0.9~1624218.orig.tar.xz 4381b0b9f0257336a4844b63e2af3417d1084764f4933f31bffc606df2fc252f 29264 libapache2-mod-perl2_2.0.9~1624218-2+deb8u3.debian.tar.xz 34004f3f95e9eba5aa2b5c306c4a8c02014ee743c577132d26795304c909c22f 900950 libapache2-mod-perl2_2.0.9~1624218-2+deb8u3_amd64.deb 30d09911bee7a4bd4798fe5282d2146428f097e0b17b8b9699ff955578dff864 85202 libapache2-mod-perl2-dev_2.0.9~1624218-2+deb8u3_all.deb b845f0f5bf4e51f3786d11f89dc63dfe4841bd3e90ce94b02d86007cb2c4f9eb 1305440 libapache2-mod-perl2-doc_2.0.9~1624218-2+deb8u3_all.deb Files: 9fe7bd0a1e833294229ab69072a5c492 2882 httpd optional libapache2-mod-perl2_2.0.9~1624218-2+deb8u3.dsc 8de98c9a8df4c1e8eb31238978409a35 2863104 httpd optional libapache2-mod-perl2_2.0.9~1624218.orig.tar.xz 520b4ee2d03aadbefaa3a3764d765766 29264 httpd optional libapache2-mod-perl2_2.0.9~1624218-2+deb8u3.debian.tar.xz 9c753ae05f6049157ad4007d78324fe8 900950 httpd optional libapache2-mod-perl2_2.0.9~1624218-2+deb8u3_amd64.deb 2dee00348dc0c8fa598be44892ee8dd6 85202 libdevel optional libapache2-mod-perl2-dev_2.0.9~1624218-2+deb8u3_all.deb cf5814d7ba5473984a614441a9783e21 1305440 doc optional libapache2-mod-perl2-doc_2.0.9~1624218-2+deb8u3_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluhQ/9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkwbkP/iyZS+cVgg66dulYEllYqeDI+NSF34Sva9W5 PcLFsr7rtQq8BwasixybSYNKctMDj4koBDimGNmDEQk8gKvJeKsozOf92Einxln+ BjBC76xDzvDdhJZDSihvw+KElrIsfjjD5DJFTuibi0yw+oxUQ43FLIqjU3biFr0F 7TH2fGSka5u0f/ViNUAegiWUGohEvq1vnDQ5uVHgzN6L/UM05OSe4FlL2PQ0cGpq 7Gfqsbx2vs+lRoEX6JRTAHl+XIR2gkMQMHVw6/skseGi2WDElYs19Y5HBosJipR/ f74bzrpFFefJ3W8EELwXLxcirJzBcbe+7JMvYjDqTIuTmVZ9Im+YjzmguwL5hiIN /njN1wpERJQ867QYfgAmdFllhj8OBWvfbwoazxM6aJBunzMTBuOuNKr/2dE2f63D 7CjZMLo2nzWUtucMkGYR+8MTh/pDtO0fJO81G2Um/auXbmbOxNXF5hiR83rQYfbQ ADDapcNfFxmOJf1Tj2U6+3gulFeNtoag9uNtWI3ta113njd8WYKlTfgLz7NmxanS BCsBbYrejPUh+rMufchmmCrBE2rNbfEdq+rX4iiNWrUo5Mew7YeUNFV+XnTY5dvl e5zj3J0UsRB2v23+aKbmrCx3fdvNXH/kDeHguhtmDomHkMgzBDPgFwd2uHvFJWEB FYIICI8D =jQcf -----END PGP SIGNATURE-----
