[From nobody Fri Jun 12 23:21:06 2026 Received: (at 1139867-close) by bugs.debian.org; 12 Jun 2026 22:18:45 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-112.8 required=4.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,FVGT_m_MULTI_ODD, HAS_BUG_NUMBER,MD5_SHA1_SUM,PDS_BTC_ID,PGPSIGNATURE,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 85; hammy, 150; neutral, 181; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--HX-DAK:process-upload, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo. Return-path: <envelope@ftp-master.debian.org> Received: from mitropoulos.debian.org ([2001:648:2ffc:deb:216:61ff:fe9d:958d]:44918) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wYAD7-004cU0-1A for 1139867-close@bugs.debian.org; Fri, 12 Jun 2026 22:18:45 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by mitropoulos.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wYAD3-00F1nm-1K for 1139867-close@bugs.debian.org; Fri, 12 Jun 2026 22:18:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=0Vob6i+zMCD1i4yythOcyksHZzku6lFPyOFGqJhA4vY=; b=P1IrN9/AR4sVJtiOHvhUCfRPWc UXYJ43JqBJA+Zpq64F5kwzEGbl/AhCB+Wt4ALlV7IRYtm0i2REQ3kU4LLfEXxF40kcN8cL2avaUKE 0cLbr7EJA8RjF1qroVM5hu8KtvVfyg1mHg1mh+LBcCAufMf4Eel4KIza2bcM01NlDkdhcyT6pu9tk /urKDY0025JP8qOV+LHrBRgi0Brr3hw28zUQuJp0uFn3rYOqsBgCfQWhGuzs5NIPhelRz/DJ+WwaF BA0wJ6t6qCJNBm/iL77B2CTOukkTT8lF5/MGR3nHS7EE3PGcr2BAEJHuGKyhp439Z8OjctEqQRoVy 2ggUc0aA==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wYAD2-00000001XYR-0euN; Fri, 12 Jun 2026 22:18:40 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: gregor herrmann <gregoa@debian.org> To: 1139867-close@bugs.debian.org X-DAK: dak process-upload X-Debian: DAK X-Debian-Package: libcrypt-pbkdf2-perl Debian: DAK Debian-Changes: libcrypt-pbkdf2-perl_0.261630-1_source.changes Debian-Source: libcrypt-pbkdf2-perl Debian-Version: 0.261630-1 Debian-Architecture: source Debian-Suite: unstable Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1139867: fixed in libcrypt-pbkdf2-perl 0.261630-1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============6406263029227502011==" Message-Id: <E1wYAD2-00000001XYR-0euN@fasolo.debian.org> Date: Fri, 12 Jun 2026 22:18:40 +0000 --===============6406263029227502011== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: libcrypt-pbkdf2-perl Source-Version: 0.261630-1 Done: gregor herrmann <gregoa@debian.org> We believe that the bug you reported is fixed in the latest version of libcrypt-pbkdf2-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1139867@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. gregor herrmann <gregoa@debian.org> (supplier of updated libcrypt-pbkdf2-perl= package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Jun 2026 00:01:11 +0200 Source: libcrypt-pbkdf2-perl Architecture: source Version: 0.261630-1 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: gregor herrmann <gregoa@debian.org> Closes: 1139867 Changes: libcrypt-pbkdf2-perl (0.261630-1) unstable; urgency=3Dmedium . * Team upload. * Import upstream version 0.261630. - Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000 (CVE-2026-9641). - Generate salts using Crypt::URandom instead of perl's builtin `rand()` (CVE-2026-9638). - Use a constant-time comparison in `validate` to avoid timing attacks (CVE-2017-20240). Closes: #1139867 * Update debian/upstream/metadata. * Update years of upstream copyright. * debian/control: update build/test/runtime dependencies. * Declare compliance with Debian Policy 4.7.4. * Remove =C2=ABPriority: optional=C2=BB, which is the current default. * Annotate test-only build dependencies with <!nocheck>. Checksums-Sha1: ab207064965b55696295f18d043e8f0df5758ea9 2794 libcrypt-pbkdf2-perl_0.261630-= 1.dsc 699cfaeb3ea8e679a514bf400703b31d68af4f42 17986 libcrypt-pbkdf2-perl_0.261630= .orig.tar.gz 70d8b5c5575c22687f1d3f078a3810c52db91d85 3096 libcrypt-pbkdf2-perl_0.261630-= 1.debian.tar.xz Checksums-Sha256: 735c6f21b25c34ef047c02a15e0605c26ef0b54bf3a7d5ffa21b5b29a2e06fff 2794 libcry= pt-pbkdf2-perl_0.261630-1.dsc 18757189638932b309b34c45bb810aa3e4856e3ed580100017dade65793f46c0 17986 libcr= ypt-pbkdf2-perl_0.261630.orig.tar.gz e3838a0a70d2ff721b3a9edf0dd51be45ec685bc00a7f731ebb0b957a3e806ee 3096 libcry= pt-pbkdf2-perl_0.261630-1.debian.tar.xz Files: 1dbb462b47c2b89694b6844733994aac 2794 perl optional libcrypt-pbkdf2-perl_0.2= 61630-1.dsc 7ecd1f4830904a0e9c0a2eea79ca74a5 17986 perl optional libcrypt-pbkdf2-perl_0.= 261630.orig.tar.gz 26dafb754eb13af02020e2c93580b358 3096 perl optional libcrypt-pbkdf2-perl_0.2= 61630-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmosgqBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgaM/Q/+OeOQYulKVaWEUoKwxb7Db4lUWMNoiok3gCXJ1d7YTfFsSoQ7ZyyZM7Q/ /ZWmnEUOjkrhR0aSB8RAGVtSXe4d6ts7Rd6uwymzPFbd22ZvKTCHNO7e3FMNkGbq MSfOemOvXI46AnapW1UnNjibh7Hy7vrGC4PWIkm5BeA+xVJbkFtrpKcLATeoxVvu lSfg+qOj+EW++KrIa1i4B3hop8kqO3OInzYDDybg0z52pPJ84RtmVyCS09Y5pOQ9 wslNxwhhfUf0ZTAd5pHztEHcxcJRfxZUhRkMxX70KfHGufslh4OnRaXhmnxqe3CH kkLeUMx/PGlvIIiYfWitAjKQQXjGcJPs8Gh1a5hFIbYDvMcwsBThbSjqOwUIXben cOIAjZ7Xm/tGx4dsVAmmCsGjuet0VpWYtNftNlzC8YZ+2uwh5hZAgOgEb5MbdP7g 247V3Ynl0PLof89bi2CRJfvUZtOrWwVKIMtTIbQB058HDJ3zAnrKV6cW2MtMwUE3 St2s1pmDigibfJXveKJ/9/dEYKGZ2WRbf/I6HFN+X2cvTeYxMD4COG8M3vskDBzU 3RmKValJbXCkpZOi9QskMmI2eiNKuphGYXDOV/ipYeOUVabXrpj29fDBSvFXE/gZ o+ONe1LIjCZdTbEhrlhIzkhnNv6QTrjdvz9vtH6wG4j/PyCnKKw=3D =3Dn8WO -----END PGP SIGNATURE----- --===============6406263029227502011== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaiyFwAAKCRCb9qggYcy5 IQchAP9efuPuVegBNnOCfrbkZYzFeGfupPepKTFhfvpDpHZT+AEA4Hnc4U8kGOwh y/Gi/YyZemmbTCHyv7hkNftS7MGWNwg= =qYWj -----END PGP SIGNATURE----- --===============6406263029227502011==-- ]