1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL.RELEAS

  • Bug#1101746: bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1

    From Adrian Bunk@21:1/5 to All on Mon Mar 31 14:40:01 2025
    XPost: linux.debian.bugs.dist

    This is a multi-part MIME message sent by reportbug.


    Package: release.debian.org
    Severity: normal
    Tags: bookworm moreinfo
    User: [email protected]
    Usertags: pu
    X-Debbugs-Cc: Debian Perl Group <[email protected]>, [email protected]

    * CVE-2025-1860: rand() function was used as default source of entropy

    Tagged moreinfo, as question to the security team whether they want
    this in -pu or as DSA.

    diffstat for libdata-entropy-perl-0.007 libdata-entropy-perl-0.007

    changelog | 7 +
    control | 2
    patches/0001-Use-Crypt-URandom-to-seed-the-default-source.patch | 56 ++++++++++
    patches/series | 1
    4 files changed, 66 insertions(+)

    diff -Nru libdata-entropy-perl-0.007/debian/changelog libdata-entropy-perl-0.007/debian/changelog
    --- libdata-entropy-perl-0.007/debian/changelog 2022-06-13 00:59:30.000000000 +0300
    +++ libdata-entropy-perl-0.007/debian/changelog 2025-03-31 12:22:57.000000000 +0300
    @@ -1,3 +1,10 @@
    +libdata-entropy-perl (0.007-4+deb12u1) bookworm; urgency=medium
    +
    + * Non-maintainer upload.
    + * CVE-2025-1860: rand() function was used as default source of entropy
    +
    + -- Adrian Bunk <[email protected]> Mon, 31 Mar 2025 12:22:57 +0300
    +
    libdata-entropy-perl (0.007-4) unstable; urgency=medium

    [ Salvatore Bonaccorso ]
    diff -Nru libdata-entropy-perl-0.007/debian/control libdata-entropy-perl-0.007/debian/control
    --- libdata-entropy-perl-0.007/debian/control 2022-06-13 00:59:30.000000000 +0300
    +++ libdata-entropy-perl-0.007/debian/control 2025-03-31 12:22:57.000000000 +0300
    @@ -7,6 +7,7 @@
    Priority: optional
    Build-Depends: debhelper-compat (= 13), libmodule-build-perl
    Build-Depends-Indep: libcrypt-rijndael-perl,
    + libcrypt-urandom-perl,
    libdata-float-perl,
  • From Salvatore Bonaccorso@21:1/5 to Adrian Bunk on Mon Mar 31 23:10:01 2025
    XPost: linux.debian.bugs.dist

    Control: tags -1 - moreinfo

    Hi,

    On Mon, Mar 31, 2025 at 03:30:52PM +0300, Adrian Bunk wrote:
    Package: release.debian.org
    Severity: normal
    Tags: bookworm moreinfo
    User: [email protected]
    Usertags: pu
    X-Debbugs-Cc: Debian Perl Group <[email protected]>, [email protected]

    * CVE-2025-1860: rand() function was used as default source of entropy

    Tagged moreinfo, as question to the security team whether they want
    this in -pu or as DSA.

    A fix via an upcoming point release is fine for this. Moritz has
    marked it today as no-dsa for bookworm.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon Mar 31 23:10:02 2025
    Processing control commands:

    tags -1 - moreinfo
    Bug #1101746 [release.debian.org] bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1
    Removed tag(s) moreinfo.

    --
    1101746: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101746
    Debian Bug Tracking System
    Contact [email protected] with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon Apr 14 22:00:01 2025
    Processing control commands:

    tag -1 confirmed
    Bug #1101746 [release.debian.org] bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1
    Added tag(s) confirmed.

    --
    1101746: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101746
    Debian Bug Tracking System
    Contact [email protected] with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Sat May 17 11:50:04 2025
    This is a multi-part message in MIME format...

    Your message dated Sat, 17 May 2025 09:37:57 +0000
    with message-id <[email protected]>
    and subject line Close 1101746
    has caused the Debian Bug report #1101746,
    regarding bookworm-pu: package libdata-entropy-perl/0.007-4+deb12u1
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1101746: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101746
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 31 Mar 2025 12:31:02 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-122.3 required=4.0 tests=BAYES_00,
    BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,
    DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,FROMDEVELOPER,HAS_PACKAGE,
    MD5_SHA1_SUM,SPF_HELO_NONE,SPF_NONE,UNPARSEABLE_RELAY,
    USER_IN_DKIM_WELCOMELIST,USER_IN_DKIM_WHITELIST,XMAILER_REPORTBUG
    autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 35; hammy, 150; neutral, 221; spammy,
    0. spammytokens:
    hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
    0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
    0.000-+--H*RT:311, 0.000-+--H*RT:108
    Return-path: <[email protected]