[From nobody Tue Jun 16 21:49:06 2026 Received: (at 1139867-close) by bugs.debian.org; 16 Jun 2026 20:47:37 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-113.9 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PDS_BTC_ID,PGPSIGNATURE, SPF_HELO_PASS,SPF_PASS,USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 79; hammy, 150; neutral, 214; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo Return-path: <envelope@ftp-master.debian.org> Received: from mailly.debian.org ([2001:41b8:202:deb:6564:a62:52c3:4b72]:48434) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wZah7-00GHUR-2D for 1139867-close@bugs.debian.org; Tue, 16 Jun 2026 20:47:37 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by mailly.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wZah6-001Ruo-1C for 1139867-close@bugs.debian.org; Tue, 16 Jun 2026 20:47:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=lCfEH88zySdu8B9sTpOl+hOCjr/7pmtdW3xHLtkfPqk=; b=PSjsoLUYRh32+PNbdGfZjNRFyx cxErxWgHinrQ9lcBqB0MSdeN3YzwoxaUIQyZAIhH9yilkkaWMIgrzqdc7l71IR2EoiKCLBwAMwAoI w4NT7ISnKTeeOC/6dp7m4EK48xOBFhvqDm+skBURM+eOg1Pyhe6QdE/mPukKGTrspbCnC6A/P3GX/ We+clL0gT2vOy4wsGFxev5M/zDgBsvzqsa+LOnYYjf7ljJsu6LBiFNw7HTI7tuLllKg25G7x/evHB /AwDWi2Gl/4Kwv7Bfg16BzJftkcoFEA5qTiFYu6JrXWPK//gWRS4XW5FyY/ZuG7J5yZZMibrjWq3b OfjePWdQ==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wZah5-00000001AE9-1kYy; Tue, 16 Jun 2026 20:47:35 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Salvatore Bonaccorso <carnil@debian.org> To: 1139867-close@bugs.debian.org X-DAK: dak process-policy X-Debian: DAK X-Debian-Package: libcrypt-pbkdf2-perl Debian: DAK Debian-Changes: libcrypt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1_sourceonly.changes Debian-Source: libcrypt-pbkdf2-perl Debian-Version: 0.261630-1~deb13u1~deb12u1 Debian-Architecture: source Debian-Suite: oldstable-proposed-updates Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1139867: fixed in libcrypt-pbkdf2-perl 0.261630-1~deb13u1~deb12u1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============4055007943773483477==" Message-Id: <E1wZah5-00000001AE9-1kYy@fasolo.debian.org> Date: Tue, 16 Jun 2026 20:47:35 +0000 --===============4055007943773483477== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: libcrypt-pbkdf2-perl Source-Version: 0.261630-1~deb13u1~deb12u1 Done: Salvatore Bonaccorso <carnil@debian.org> We believe that the bug you reported is fixed in the latest version of libcrypt-pbkdf2-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1139867@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libcrypt-pbkdf2= -perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Jun 2026 11:44:25 +0200 Source: libcrypt-pbkdf2-perl Architecture: source Version: 0.261630-1~deb13u1~deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1139867 Changes: libcrypt-pbkdf2-perl (0.261630-1~deb13u1~deb12u1) bookworm; urgency=3Dmedium . * Rebuild for bookworm . libcrypt-pbkdf2-perl (0.261630-1~deb13u1) trixie; urgency=3Dmedium . * Rebuild for trixie * Revert "Annotate test-only build dependencies with <!nocheck>." * Revert "Remove =C2=ABPriority: optional=C2=BB, which is the current defa= ult." * Revert "Declare compliance with Debian Policy 4.7.4." . libcrypt-pbkdf2-perl (0.261630-1) unstable; urgency=3Dmedium . * Team upload. * Import upstream version 0.261630. - Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000 (CVE-2026-9641). - Generate salts using Crypt::URandom instead of perl's builtin `rand()` (CVE-2026-9638). - Use a constant-time comparison in `validate` to avoid timing attacks (CVE-2017-20240). Closes: #1139867 * Update debian/upstream/metadata. * Update years of upstream copyright. * debian/control: update build/test/runtime dependencies. * Declare compliance with Debian Policy 4.7.4. * Remove =C2=ABPriority: optional=C2=BB, which is the current default. * Annotate test-only build dependencies with <!nocheck>. Checksums-Sha1:=20 fad42c21848cc5c2db12b9f445145feab64569ca 2645 libcrypt-pbkdf2-perl_0.261630-= 1~deb13u1~deb12u1.dsc e13f51e8c7c4207f3a3388037bdd7220ab43a3da 3144 libcrypt-pbkdf2-perl_0.261630-= 1~deb13u1~deb12u1.debian.tar.xz Checksums-Sha256:=20 f4ec042834364d8d21b4911418f87481ff74f3929f34d2ddceef6ba163e92738 2645 libcry= pt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1.dsc e0d246652b45fc2df5bd53dccfadb98ec112ebb3f9c1c3e4fa54625d5296e1b3 3144 libcry= pt-pbkdf2-perl_0.261630-1~deb13u1~deb12u1.debian.tar.xz Files:=20 49b0155894f7edc8c75392c4359dd265 2645 perl optional libcrypt-pbkdf2-perl_0.2= 61630-1~deb13u1~deb12u1.dsc a521da6cfd7fdb61d3c5b9f69d9fc6f9 3144 perl optional libcrypt-pbkdf2-perl_0.2= 61630-1~deb13u1~deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmotcRdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8YYP/jef3lpIjhs7Z9LpitYZzV0vBzo5FmkC 9WP0vvfkp8qSg0AIRF+UVYXFZU8YIwVqcwkUKwV+DftEoqh+qyPgUxudnTnc0Tzq +jSxPf8NjhUoti6Gc/CPhnnNSycz2qy7ntUE967Gwew4llsoIz0yhhFHdbEXushk wohlzqOUU+3T2GfXFvQd9KAeUTb73W3VppMdLiXkDP+BrKitftPp5Kg4WSS0zN4k hzkbfZiwusdBdeUoFxu0pqUMvJJIz3bWEi0ntQn24OxXhECJcDRrVjMs8zmGAWyG 9P4OjAS3o6NWv/0zZpjGixB6abnn5fEO5rCHZ+64HISYhUhph/84yoKrNu2+IoPu jvcrepGi8x0FeFUSoilg+VE5afSPDnQYZwYcvDT3JK402LuoWqxiYcuIx//3lJs8 FctWkOOqPM3kmJo1aexWFdH7hfDGOROtx1w4IL/MVN7j6cRVI/Rsj1An3DY4/Cwf WGg2IYj/fiVUAb2tEi76SeJp9vTOhXx5O+qpc0xs45oFc2yQOeukezT1zkfy/1S8 X3/aShy+JSZHpKAiTF/TX1YjLszwqjkV6t0YxQPIQAA0c3UR1T3jDX6xGaXCCq5L LIJMLZKWuuwRWKNFBy9i18V6skEwGJM2ZJzyd3eBvl3W8WTHzbmfp75Yo+Uu1gH8 SGAeUig0hzq1 =3DKBUR -----END PGP SIGNATURE----- --===============4055007943773483477== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCajG2ZwAKCRCb9qggYcy5 IUjqAQCAYNQDrJloHUafW5q7125Vlyyemiy5kxgZKsm9/RxJrwEA2EBxLmj58IGh Eyi3lX0YSF1icYHf2HdudutPM61NswI= =ufMu -----END PGP SIGNATURE----- --===============4055007943773483477==-- ]