[From nobody Tue Jun 16 22:19:06 2026 Received: (at 1139867-close) by bugs.debian.org; 16 Jun 2026 21:17:09 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-113.0 required=4.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,FVGT_m_MULTI_ODD, HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 81; hammy, 150; neutral, 209; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo Return-path: <envelope@ftp-master.debian.org> Received: from mitropoulos.debian.org ([2001:648:2ffc:deb:216:61ff:fe9d:958d]:35830) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wZb9h-00GM2c-1J for 1139867-close@bugs.debian.org; Tue, 16 Jun 2026 21:17:09 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by mitropoulos.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wZb9f-001TBi-1h for 1139867-close@bugs.debian.org; Tue, 16 Jun 2026 21:17:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=l5ZGfWrFLt9b2pz+cSG+iQ6J73IrF886XmZtxpbslUk=; b=G3FOJ1ve6uuIku6Q52qLn99HcT 5jIPPPng0sTxxd6KaGfLzuwWQCGpKp+ipLc13H0OrnrX/bue4X1D5aduJNtWzMJfFv8yqO1coV3gy 078e+Zj2FMFinDhxfg4fz8O+d+ZpZeUkxbKtpaq51j8sc6zJh121ftYjXsb5oNBYmYtcW+hDOJ/ZJ jL/d4NWlm34HIXX6Ehx9NwKbqPXDu4K6E/byA20vZDz7Bjkwi9xbkYmGUaKGGHP3GS7BDIn3fZQds sbFUHrZNzhZzDqIET6P8H7nbzNwV9kpA/FHhKYBmx5yxou39cwHiM9VC6jVYLsHP/+JkJi0xnZpSt Bqj+esdQ==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wZb9e-00000001F5i-1L25; Tue, 16 Jun 2026 21:17:06 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: Salvatore Bonaccorso <carnil@debian.org> To: 1139867-close@bugs.debian.org X-DAK: dak process-policy X-Debian: DAK X-Debian-Package: libcrypt-pbkdf2-perl Debian: DAK Debian-Changes: libcrypt-pbkdf2-perl_0.261630-1~deb13u1_sourceonly.changes Debian-Source: libcrypt-pbkdf2-perl Debian-Version: 0.261630-1~deb13u1 Debian-Architecture: source Debian-Suite: proposed-updates Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1139867: fixed in libcrypt-pbkdf2-perl 0.261630-1~deb13u1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============0169139700599540018==" Message-Id: <E1wZb9e-00000001F5i-1L25@fasolo.debian.org> Date: Tue, 16 Jun 2026 21:17:06 +0000 --===============0169139700599540018== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: libcrypt-pbkdf2-perl Source-Version: 0.261630-1~deb13u1 Done: Salvatore Bonaccorso <carnil@debian.org> We believe that the bug you reported is fixed in the latest version of libcrypt-pbkdf2-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1139867@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libcrypt-pbkdf2= -perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Jun 2026 09:43:05 +0200 Source: libcrypt-pbkdf2-perl Architecture: source Version: 0.261630-1~deb13u1 Distribution: trixie Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1139867 Changes: libcrypt-pbkdf2-perl (0.261630-1~deb13u1) trixie; urgency=3Dmedium . * Rebuild for trixie * Revert "Annotate test-only build dependencies with <!nocheck>." * Revert "Remove =C2=ABPriority: optional=C2=BB, which is the current defa= ult." * Revert "Declare compliance with Debian Policy 4.7.4." . libcrypt-pbkdf2-perl (0.261630-1) unstable; urgency=3Dmedium . * Team upload. * Import upstream version 0.261630. - Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000 (CVE-2026-9641). - Generate salts using Crypt::URandom instead of perl's builtin `rand()` (CVE-2026-9638). - Use a constant-time comparison in `validate` to avoid timing attacks (CVE-2017-20240). Closes: #1139867 * Update debian/upstream/metadata. * Update years of upstream copyright. * debian/control: update build/test/runtime dependencies. * Declare compliance with Debian Policy 4.7.4. * Remove =C2=ABPriority: optional=C2=BB, which is the current default. * Annotate test-only build dependencies with <!nocheck>. Checksums-Sha1:=20 5b50379b2f028d5e416f6f080798812216fb33f6 2613 libcrypt-pbkdf2-perl_0.261630-= 1~deb13u1.dsc 9b3f328827bffb17edc8bcf43f644df6f6d19745 3116 libcrypt-pbkdf2-perl_0.261630-= 1~deb13u1.debian.tar.xz Checksums-Sha256:=20 aee6fab44d722ca1601e7e21df574b9096c09b8508bf07e0b55e062abb237767 2613 libcry= pt-pbkdf2-perl_0.261630-1~deb13u1.dsc e3425465e0c9d6ac561ca4c44e450787eb29000931cd036b41f6c5933ef4612c 3116 libcry= pt-pbkdf2-perl_0.261630-1~deb13u1.debian.tar.xz Files:=20 29bf7bc46cbac52ece4eeeea1e0d4ab0 2613 perl optional libcrypt-pbkdf2-perl_0.2= 61630-1~deb13u1.dsc 2a7fbc30855fa0364e3be6ad300b0dcd 3116 perl optional libcrypt-pbkdf2-perl_0.2= 61630-1~deb13u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmotcOJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EmrYP/2KU1hhHpWXvBAfA363MHFipP+UGeNed DcYUmGT5xjiEebiqFCFDTWDqjKB9wYNziD3xwlaq5HQ2Eg4WhFirUDvMqvwR1Bwu 7DTMNlCiLaPa/NjlNOTUU3kCUvfZA/TRywhffl0OB9DR9eGPWFtmldjkCObNAJMg rTWqM5qJYGbmvkgApDqoOkuk6nTrZKlXQGRwaJzmIKFo2XelAXQ/ZGhq80mVnpH8 kTrRibYLJa58wwsuzvvCLh3uwYKuG4MXmpfKpwURl8KYgK8rbsgC0CLEAIe2e3OD gEoSxMY32/3GV44Zm/bEssyZV+Xo+uwDW2GUwVN+EUhJSmtpLJBE5wo17WY5UE4S M+otMaMFffkfrfT+fLTwYl4CrAgy+jbovdAhFd+lJD+s/KgxjPusMsOrU9EwIHgT EB8/op2irw+enCCewBt6RYp5FfOxjjlQ2uC3/VvvPTL7mQYRqUu/Zhnl43gVk212 ga3TaPNdUxoB0cXLweOkAaE7myxkD36JOvHU/4lvZHmH4oL7uSR7KsPskTBJCwsw cZMDiWx8aNtfr/JZ6/OOZRpbszNcwVyv4x4578asvVD7Fs6QXcYddILOGF5SrkfQ AlTZrKbwPDFVghP5nXfP3VBNneV7aS+7bjWbUhlfltauu5umcAMkSO/VC8bLScZO 4qq1e+izYr8B =3DbCj/ -----END PGP SIGNATURE----- --===============0169139700599540018== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCajG9UgAKCRCb9qggYcy5 IRAlAQD1UjdriJXr0WSoLuEYEs3KiVCBNuQ1oWDmtMij0YWUSAD+PVYKtiMA3eIt Kcp0shuB1LZDpHpCe43eiG0SvFGLGg0= =JkZE -----END PGP SIGNATURE----- --===============0169139700599540018==-- ]