libapache-sessionx-perl - Debian Package Tracker

general

source: libapache-sessionx-perl (main)
version: 2.01-7
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: gregor herrmann [DMD] – Ansgar Burchardt [DMD]
arch: all
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.01-5
oldstable: 2.01-5
unstable: 2.01-7

versioned links

2.01-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.01-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libapache-sessionx-perl (1 bugs: 1, 0, 0, 0)

action needed

Debci reports failed tests high

unstable: neutral (log)
The tests ran in 0:01:09
Last run: 2026-05-26T08:36:50.000Z
Previous status: unknown

testing: neutral (log)
The tests ran in 0:00:41
Last run: 2025-05-16T21:55:27.000Z
Previous status: unknown

stable: fail (log)
The tests ran in 0:00:22
Last run: 2025-08-11T06:58:37.000Z
Previous status: unknown

Created: 2025-08-11 Last update: 2026-06-21 04:01

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-40932: Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Created: 2026-02-27 Last update: 2026-06-08 07:33

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2026-06-13 Last update: 2026-06-21 04:01

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-03-05 Last update: 2024-03-05 06:09

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-06-08 Last update: 2026-06-08 13:32

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-40932: (needs triaging) Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-02-27 Last update: 2026-06-08 07:33

testing migrations

excuses:
- Migration status for libapache-sessionx-perl (- to 2.01-7): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating libapache-sessionx-perl would introduce bugs in testing: #930660
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/liba/libapache-sessionx-perl.html
- ∙ ∙ Autopkgtest for libapache-sessionx-perl/2.01-7: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻, i386: No tests, superficial or marked flaky ♻, loong64: No tests, superficial or marked flaky ♻, ppc64el: No tests, superficial or marked flaky ♻, riscv64: No tests, superficial or marked flaky ♻, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ 13 days old (needed 5 days)
- Not considered

news

[rss feed]

[2026-06-07] Accepted libapache-sessionx-perl 2.01-7 (source) into unstable (Alexandre Detiste)
[2025-06-03] libapache-sessionx-perl REMOVED from testing (Debian testing watch)
[2024-03-11] libapache-sessionx-perl 2.01-6 MIGRATED to testing (Debian testing watch)
[2024-03-11] libapache-sessionx-perl 2.01-6 MIGRATED to testing (Debian testing watch)
[2024-03-04] Accepted libapache-sessionx-perl 2.01-6 (source) into unstable (gregor herrmann)
[2018-09-07] libapache-sessionx-perl 2.01-5 MIGRATED to testing (Debian testing watch)
[2018-08-30] Accepted libapache-sessionx-perl 2.01-5 (source) into unstable (Xavier Guimard)
[2012-02-03] libapache-sessionx-perl 2.01-4 MIGRATED to testing (Debian testing watch)
[2012-01-23] Accepted libapache-sessionx-perl 2.01-4 (source all) (gregor herrmann)
[2011-06-02] libapache-sessionx-perl 2.01-3 MIGRATED to testing (Debian testing watch)
[2011-05-22] Accepted libapache-sessionx-perl 2.01-3 (source all) (gregor herrmann)
[2010-02-12] libapache-sessionx-perl 2.01-2 MIGRATED to testing (Debian testing watch)
[2010-02-01] Accepted libapache-sessionx-perl 2.01-2 (source all) (Ansgar Burchardt) (signed by: gregor herrmann)
[2008-11-12] libapache-sessionx-perl 2.01-1.1 MIGRATED to testing (Debian testing watch)
[2008-10-31] Accepted libapache-sessionx-perl 2.01-1.1 (source all) (Christian Perrier)
[2008-01-21] libapache-sessionx-perl 2.01-1 MIGRATED to testing (Debian testing watch)
[2008-01-10] Accepted libapache-sessionx-perl 2.01-1 (source all) (Angus Lees)
[2007-03-13] libapache-sessionx-perl 2.00b5-3.2 MIGRATED to testing (Debian testing watch)
[2007-03-02] Accepted libapache-sessionx-perl 2.00b5-3.2 (source all) (Christian Perrier)
[2006-12-09] libapache-sessionx-perl 2.00b5-3.1 MIGRATED to testing (Debian testing watch)
[2006-11-28] Accepted libapache-sessionx-perl 2.00b5-3.1 (source all) (Christian Perrier)
[2005-07-28] Accepted libapache-sessionx-perl 2.00b5-3 (source all) (Angus Lees)
[2005-03-07] Accepted libapache-sessionx-perl 2.00b5-2 (all source) (Angus Lees)
[2003-03-11] Accepted libapache-sessionx-perl 2.00b5-1 (all source) (Angus Lees)
[2002-10-03] Accepted libapache-sessionx-perl 2.00b3-2 (all source) (Angus Lees)

bugs [bug history graph]

all: 1
RC: 1
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs
popcon
browse source code
other distros
security tracker
l10n (100, -)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.01-7